Let's Encrypt: Selected DNS Provider: null

orcaman98 commented 1 month ago

Describe the issue you are experiencing

Let's Encrypt fails to obtain certificate using DNS method.

Log contains these key lines:

[16:51:18] INFO: Selected DNS Provider: null certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey

Used configuration:

email: censored@gmail.com
domains:
  - also.censored.com
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns:
  provider: dns-dynu
  dynu_auth_token: obviouslycensored

Example configuration in addon documentation:

email: your.email@example.com
domains:
  - your.domain.tld
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns:
  provider: dns-dynu
  dynu_auth_token: 0123456789abcdef

Issue has existed since the introduction of Dynu DNS support for this add-on, as far as I know. I've previously obtained a certificate by using certbot directly, bypassing this add-on. I just got tired of waiting for someone else to report it.

The slight email formatting difference in the configuration does not seem to be relevant in testing. I think the formatting I initially used and show here was generated by the form.

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.2.1

Steps to reproduce the issue

1.Configure addon using form, possibly edit generated config file.

Save configuration and restart addon.
Run, and view log. ...

System Health information

System Information

version	core-2024.10.1
installation_type	Home Assistant OS
dev	false
hassio	true
docker	true
user	root
virtualenv	false
python_version	3.12.4
os_name	Linux
os_version	6.6.31-haos-raspi
arch	aarch64
timezone	America/New_York
config_dir	/config

Home Assistant Cloud

Home Assistant Supervisor

Dashboards

Recorder

Anything in the Supervisor logs that might be useful for us?

Logger: homeassistant.components.hassio
Source: components/hassio/websocket_api.py:135
integration: Home Assistant Supervisor (documentation, issues)
First occurred: 4:51:36 PM (5 occurrences)
Last logged: 5:04:34 PM

Failed to to call /addons/core_letsencrypt/stats - Container addon_core_letsencrypt is not running

Anything in the add-on logs that might be useful for us?

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[16:59:32] INFO: Selected DNS Provider: null
[16:59:32] INFO: Use propagation seconds: 60
[16:59:32] INFO: Detecting existing certificate type for censored.censored.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[16:59:37] INFO: Existing certificate using 'rsa' key type.
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Additional information

No response

orcaman98 commented 1 month ago

Edited to mark config file samples as code snippets to prevent misleading display errors.

evaneaston commented 1 month ago

I'm seeing this as well.

evaneaston commented 1 month ago

Strike that. I logged in via SSH and found the config file (/mnt/data/supervisor/addons/data/core_letsencrypt/options.json) and found that the dns key had and empty object. For example:

{
  "domains": [
    "domain1",
    "domain2"
  ],
  "email": "***",
  "keyfile": "privkey.pem",
  "certfile": "fullchain.pem",
  "challenge": "dns",
  "dns": {}
}

I had simply entered the wrong thing in my configuration. When I changed it to look like this it worked.

nginx-config

orcaman98 commented 1 month ago

If I format mine the same way you did yours, I get: Failed to save add-on configuration, Missing option 'dns' in root in Let's Encrypt (core_letsencrypt)

I suppose it's noteworthy that I did NOT get that error in my earlier attempts.

I'm on HA OS, and haven't yet found an equivalent store with that json you posted.

evaneaston commented 1 month ago

Yeah. I'm on HAOS as well. I don't see anywhere in the UI to specify it either. I recently went to the trouble of setting up ssh access to the host OS specifically so I could workaround a handful of deficiencies in the UI.

I did try the Nginx Proxy Manager, but it doesn't support DNS ACME challenges on my hosting provider. And I think I would have had to manually copy certs into the add-on container...which requires host ssh access.

At least the official NGINX Home Assistant SSL proxy mounts /ssl and the Lets Encrypt add on works with my DNS provider.

orcaman98 commented 1 month ago

I'm using this addon https://github.com/hassio-addons/addon-ssh for SSH access, and /data and /mnt appear empty with ls -a

home-assistant / addons