Closed casm closed 1 week ago
agners
commented
2 weeks ago Hm, that sounds like it couldn't save the provider configuration, even though it is clearly in the list of configs :thinking:
There was another fix which adds the domain: #3659. However, it doesn't touch the provider config, so probably unlikely that this will fix your issue.
Can you retry still, and also make sure that provider: is set and saved correctly?
casm
commented
1 week ago Sure. Checking the YAML, I have the following:
domains:
- hassio.redacted.org
email: certbot@redacted.org
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
email: certbot@redacted.org
domains:
- hassio.redacted.org
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns:
provider: dns-joker
joker_username: redacted
joker_password: redactedThis matches the values showing in the UI. FWIW, removing the entires under the 'dns:' section that are duplicated under 'domains:' seems to resolve the issue. As long as the configuration looks like the following, it works:
domains:
- hassio.redacted.org
email: certbot@redacted.org
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
provider: dns-joker
joker_username: redacted
joker_password: redactedWasn't aware of this when I opened the issue (only noticed it after looking at the YAML for the 127th time ;) ), but the logs confirm a renewal attempt:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[06:46:13] INFO: Selected DNS Provider: dns-joker
[06:46:13] INFO: Use propagation seconds: 60
[06:46:13] INFO: Detecting existing certificate type for hassio.redacted.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[06:46:14] INFO: Existing certificate using 'rsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stoppedThe cert is still valid, so this is expected behaviour. It appears as though my original edit to the YAML missed out the instruction in the documentation to only use the 'dns:' section given in the example. My apologies for the confusion.
casm
commented
1 week ago My abilities to comprehend documentation are apparently lacking in this instance :)
Note: These configuration examples are raw YAML configs. When you use UI edit mode (default), and configure DNS, simply copy the attributes underneath dns into the DNS Provider configuration field.
Somehow, I took that second sentence to mean, "just copy everything over and edit as necessary." My bad.
Describe the issue you are experiencing
After following the configuration instructions for the dns-joker challenge, the add-on doesn't seem to actually be using dns-joker as the challenge type. Logs show 'Selected DNS Provider: null' during the challenge process, which fails with 'certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey'.
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Debian
Which add-on are you reporting an issue with?
Let's Encrypt
What is the version of the add-on?
5.0.22
Steps to reproduce the issue
System Health information
System Information
Home Assistant Community Store
GitHub API | ok -- | -- GitHub Content | ok GitHub Web | ok GitHub API Calls Remaining | 5000 Installed Version | 1.34.0 Stage | running Available Repositories | 1391 Downloaded Repositories | 2 HACS Data | okAccuWeather
can_reach_server | ok -- | -- remaining_requests | 16Home Assistant Cloud
logged_in | false -- | -- can_reach_cert_server | ok can_reach_cloud_auth | ok can_reach_cloud | okHome Assistant Supervisor
host_os | Home Assistant OS 12.4 -- | -- update_channel | stable supervisor_version | supervisor-2024.06.0 agent_version | 1.6.0 docker_version | 26.1.4 disk_total | 30.8 GB disk_used | 17.5 GB healthy | true supported | true host_connectivity | true supervisor_connectivity | true ntp_synchronized | true virtualization | vmware board | ova supervisor_api | ok version_api | ok installed_addons | File editor (5.8.0), Advanced SSH & Web Terminal (18.0.0), Z-Wave JS (0.6.2), Let's Encrypt (5.0.22), Asterisk (4.2.1)Dashboards
dashboards | 5 -- | -- resources | 1 views | 12 mode | storageRecorder
oldest_recorder_run | June 16, 2024 at 08:30 -- | -- current_recorder_run | June 23, 2024 at 19:16 estimated_db_size | 466.98 MiB database_engine | sqlite database_version | 3.44.2Anything in the Supervisor logs that might be useful for us?
Anything in the add-on logs that might be useful for us?
Additional information
No response