Open marcoce7 opened 2 months ago
If you execute docker exec addon_core_letsencrypt cat /data/dnsapikey
while the container is running, you can view the contents of the file.
So I can confirm that dns_gandi_api_key is added twice to /data/dnsapikey
Exact same issue on my side.
_If I use gandi_token instead of gandi_apikey in the add-on YAML configurations, renewing the certificate works. This trick does not work for me neither. It throws the following error:
Unable to find or delete the DNS TXT record: Unable to get base domain for "xxxx.com"
Same version core-2024.6.1 [11:13:17] INFO: Selected DNS Provider: dns-gandi [11:13:17] INFO: Use propagation seconds: 60 [11:13:17] INFO: Use Gandi gandi_api_key Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for DOMAIN Error parsing credentials configuration '/data/dnsapikey': Duplicate keyword name at line 60. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Hit this bug as well. As noted by @marcoce7, I was able to switch to using a Gandi Personal Access Token and the gandi_token
config field instead of the legacy API key config to work around the issue. This did require generating a new PAT via the Gandi web interface. API keys have been deprecated by Gandi, so it seems like moving to the token config is probably the right long term move anyway. More info at https://api.gandi.net/docs/authentication/.
Exact same issue on my side.
_If I use gandi_token instead of gandi_apikey in the add-on YAML configurations, renewing the certificate works. This trick does not work for me neither. It throws the following error:
Unable to find or delete the DNS TXT record: Unable to get base domain for "xxxx.com"
Same for me, with the latest update both token and api key give me the "Unable to get base domain for XXX" error.
Solved for me. I have updated my configuration file replacing: gandi_api_key: OLD KEY by gandi_token: new TOKEN Thanks all!
Followed @asayler and @slapin95 advice, works like a charm, thanks!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
The issue is still there and not solved. Switching to gandi_token instead of gandi_api_key is only a workaround. API keys have been deprecated by Gandi but as far as I know there is no plan for that method to stop being supported, so I think using gandi_api_key with this add-on should still be fixed.
Describe the issue you are experiencing
In version 5.0.18 of the Let's Encrypt add-on, renewing with Gandi DNS challenge and API key does not work any more. The relevant lines in the add-on logs are:
I didn't change the configuration with respect to a previous version that was working correctly.
I noticed that since #3581 the dns_gandi_api_key is added to /data/dnsapikey in https://github.com/home-assistant/addons/blob/master/letsencrypt/rootfs/etc/services.d/lets-encrypt/run#L118-L121 but dns_gandi_api_key is added to /data/dnsapikey also in https://github.com/home-assistant/addons/blob/master/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh#L49 So the duplicated keyword name error make sense. However, I do not know how to access the Certbot logs and files in the add-on container while running to check this.
If I use gandi_token instead of gandi_api_key in the add-on YAML configurations, renewing the certificate works.
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Let's Encrypt
What is the version of the add-on?
5.0.18
Steps to reproduce the issue
System Health information
System Information
Home Assistant Community Store
GitHub API | ok -- | -- GitHub Content | ok GitHub Web | ok GitHub API Calls Remaining | 5000 Installed Version | 1.34.0 Stage | running Available Repositories | 1388 Downloaded Repositories | 8Home Assistant Cloud
logged_in | false -- | -- can_reach_cert_server | ok can_reach_cloud_auth | ok can_reach_cloud | okHome Assistant Supervisor
host_os | Home Assistant OS 12.3 -- | -- update_channel | stable supervisor_version | supervisor-2024.05.1 agent_version | 1.6.0 docker_version | 25.0.5 disk_total | 458.4 GB disk_used | 13.5 GB healthy | true supported | true board | yellow supervisor_api | ok version_api | ok installed_addons | Let's Encrypt (5.0.18), Mosquitto broker (6.4.1), ESPHome (2024.5.4), File editor (5.8.0), Zigbee2MQTT (1.38.0-1), Piper (1.5.0), Advanced SSH & Web Terminal (18.0.0), Whisper (2.1.0), CEC Scanner (3.0), Silicon Labs Flasher (0.2.3), Spotify Connect (0.13.0), openWakeWord (1.10.0), Glances (0.21.1), Matter Server (6.0.0), VLC (0.3.0)Dashboards
dashboards | 2 -- | -- resources | 0 views | 1 mode | storageRecorder
oldest_recorder_run | 8 April 2024 at 14:11 -- | -- current_recorder_run | 3 June 2024 at 22:58 estimated_db_size | 186.50 MiB database_engine | sqlite database_version | 3.44.2Anything in the Supervisor logs that might be useful for us?
No response
Anything in the add-on logs that might be useful for us?
Additional information
No response