search

troykelly / hassio-addons-letsencrypt-lexicon

Home Assistant Addon that provides Let's Encrypt with Lexicon
Apache License 2.0
5 stars 2 forks source link

Cant get this to work with Godaddy #31

Closed jwaltrip4 closed 7 months ago

jwaltrip4 commented 7 months ago

Problem/Motivation

Installed addin. Filled out configuration. Ran it. No cert created,

Expected behavior

Certificates created and linked to HA

Actual behavior

Here is log,

6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh

-----------------------------------------------------------
 Add-on: Let's Encrypt with Lexicon
 Manage certificate from Let's Encrypt using Lexicon DNS
-----------------------------------------------------------
 Add-on version: 3.0.2
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.2  (amd64 / qemux86-64)
 Home Assistant Core: 2023.12.3
 Home Assistant Supervisor: 2023.11.6
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun certificates (no readiness notification)
s6-rc: info: service legacy-services successfully started
[12:55:52] INFO: Starting Certificate Refresh...
[12:55:52] INFO: Seconds between each refresh is set to: 86400
[12:56:05] INFO: [domain_name_com]: domain.name.com
[12:56:05] INFO: Requesting domains from LetsEncrypt
# Home Assistant Domains
# Provider: null
hazmat.waltrips.com > hazmat_waltrips_com
# END Home Assistant Domains
# INFO: Using main config file /etc/dehydrated/config
Processing domain.name.com
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for domain.name.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
deploy_challenge called: domain.name.com, REDACTED, REDACTED

Steps to reproduce

See above. installed, configed, ran.

Am I missing something?

Proposed changes

troykelly commented 7 months ago

Hi @jwaltrip4 Is there any log after the deploy challenge (deploy_challenge)?

It can take a few minutes to create the DNS records, and the prove the challenge with Let's Encrypt, but you should have something like the below after your last log line...

 + 1 pending challenge(s)
 + Deploying challenge tokens...
deploy_challenge called: test004.example.invalid, REDACTED, REDACTED
RESULT
------
True
 + Responding to challenge for test004.example.invalid authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
clean_challenge called: test004.example.invalid, REDACTED, REDACTED
RESULT
------
True
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
deploy_cert called: test004.example.invalid, /ssl/test004_example_invalid/privkey.pem, /ssl/test004_example_invalid/cert.pem, /ssl/test004_example_invalid/fullchain.pem, /ssl/test004_example_invalid/chain.pem
 + Done!
[13:48:21] INFO: Copying domains and keys
[13:48:21] INFO: Cleaning Up
# INFO: Using main config file /etc/dehydrated/config
[13:48:21] INFO: Certificates refreshed at @ 13:48:21
jwaltrip4 commented 7 months ago

I waited longer... this seems to be complete log.


s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh

-----------------------------------------------------------
 Add-on: Let's Encrypt with Lexicon
 Manage certificate from Let's Encrypt using Lexicon DNS
-----------------------------------------------------------
 Add-on version: 3.0.2
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.2  (amd64 / qemux86-64)
 Home Assistant Core: 2023.12.3
 Home Assistant Supervisor: 2023.11.6
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun certificates (no readiness notification)
s6-rc: info: service legacy-services successfully started
[11:44:21] INFO: Starting Certificate Refresh...
[11:44:21] INFO: Seconds between each refresh is set to: 86400
[11:44:34] INFO: [REDACTED]:    REDACTED
[11:44:34] INFO: Requesting domains from LetsEncrypt
# Home Assistant Domains
# Provider: null
REDACTED > REDACTED
# END Home Assistant Domains
# INFO: Using main config file /etc/dehydrated/config
Processing hazmat.waltrips.com
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for hazmat.waltrips.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
deploy_challenge called: REDACTED, REDACTED, REDACTED
usage: lexicon [-h] [--version] [--delegated DELEGATED]
               [--config-dir CONFIG_DIR]
               {aliyun,aurora,auto,azure,cloudflare,cloudns,cloudxns,conoha,constellix,ddns,digitalocean,dinahosting,directadmin,dnsimple,dnsmadeeasy,dnspark,dnspod,dreamhost,dynu,easydns,easyname,euserv,exoscale,gandi,gehirn,glesys,godaddy,googleclouddns,gransy,gratisdns,henet,hetzner,hostingde,hover,infoblox,infomaniak,internetbs,inwx,joker,linode,linode4,localzone,luadns,memset,misaka,mythicbeasts,namecheap,namecom,namesilo,netcup,nfsn,njalla,nsone,oci,onapp,online,ovh,plesk,pointhq,porkbun,powerdns,rackspace,rage4,rcodezero,route53,safedns,sakuracloud,softlayer,transip,ultradns,valuedomain,vercel,vultr,webgo,yandex,yandexcloud,zeit,zilore,zonomi}
               ...
lexicon: error: argument provider_name: invalid choice: 'null' (choose from 'aliyun', 'aurora', 'auto', 'azure', 'cloudflare', 'cloudns', 'cloudxns', 'conoha', 'constellix', 'ddns', 'digitalocean', 'dinahosting', 'directadmin', 'dnsimple', 'dnsmadeeasy', 'dnspark', 'dnspod', 'dreamhost', 'dynu', 'easydns', 'easyname', 'euserv', 'exoscale', 'gandi', 'gehirn', 'glesys', 'godaddy', 'googleclouddns', 'gransy', 'gratisdns', 'henet', 'hetzner', 'hostingde', 'hover', 'infoblox', 'infomaniak', 'internetbs', 'inwx', 'joker', 'linode', 'linode4', 'localzone', 'luadns', 'memset', 'misaka', 'mythicbeasts', 'namecheap', 'namecom', 'namesilo', 'netcup', 'nfsn', 'njalla', 'nsone', 'oci', 'onapp', 'online', 'ovh', 'plesk', 'pointhq', 'porkbun', 'powerdns', 'rackspace', 'rage4', 'rcodezero', 'route53', 'safedns', 'sakuracloud', 'softlayer', 'transip', 'ultradns', 'valuedomain', 'vercel', 'vultr', 'webgo', 'yandex', 'yandexcloud', 'zeit', 'zilore', 'zonomi')
ERROR: deploy_challenge hook returned with non-zero exit code
[11:44:48] WARNING: certificate refresh crashed, halting add-on
[11:44:48] INFO: certificate refresh stoped, restarting...
s6-rc: info: service legacy-services: stopping
[11:44:48] INFO: certificate refresh stoped, restarting...
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped```
jwaltrip4 commented 7 months ago

Also... does this adding install certbot, etc as part of its install..... or does this need to be sintalleed separatly?

troykelly commented 7 months ago

@jwaltrip4 Do you have the configuration items for GoDaddy on the configuration page? It should look something like the screenshot below.

Also... does this adding install certbot, etc as part of its install..... or does this need to be sintalleed separately?

Long answer: Addon's are all self-contained docker containers, anything they need will (typically) be part of the docker image.

Short answer: Nothing needs to be installed apart from the addon.

Screenshot by Dropbox Capture

jwaltrip4 commented 7 months ago

My config looks just like that, excep I have the actual key and secret :)

How does my second log look? is this working?

Where does the app put the PEM files?

Also... I am running the KVM image from HA.... do the addons install as docker images on that?

troykelly commented 7 months ago

@jwaltrip4 Can you provide a sanitised example of your setup. It doesn't look like you are setting the data per the documentation, there should be lines like the below:

[16:39:39] INFO: Set godaddy_auth_key
[16:39:39] INFO: Set godaddy_auth_secret

I've added more debugging output in version 3.0.6, but from what I can see the configuration isn't set, or it's not set correctly.

If you change to yaml mode:

Screenshot by Dropbox Capture

You should have something like:

Screenshot by Dropbox Capture

I don't have a GoDaddy account, so I can't test that GoDaddy specifically is working, but given I can't see the important log entries with regard to setting the godaddy data, and the provider type - I'm guessing it's a config issue.

jwaltrip4 commented 7 months ago

Here is the YAML

email: waltrip.alt@gmail.com
updatedelay: 30
domains:
  - XXXXXXX.waltrips.com
certfile: fullchain.pem
keyfile: privkey.pem
dns:
  dns:
    provider: godaddy
    godaddy_auth_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    godaddy_auth_secret: XXXXXXXXXXXXXXXXXXXXXXX

I will also do some work with my key and secreat to make sure they are working. I created them for this, but will look and see if I can create a script to make sure.

jwaltrip4 commented 7 months ago

Note: was was able to create DNS records with a script using the key and secret

troykelly commented 7 months ago

There's two dns:'s

Screenshot by Dropbox Capture

email: waltrip.alt@gmail.com
updatedelay: 30
domains:
  - XXXXXXX.waltrips.com
certfile: fullchain.pem
keyfile: privkey.pem
dns:
  provider: godaddy
  godaddy_auth_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  godaddy_auth_secret: XXXXXXXXXXXXXXXXXXXXXXX
jwaltrip4 commented 7 months ago

That seems to have fixed it.

On thing that confuses me about all of the various tools is none seem to explain the mechanics. I use Lets encyopt for my apache websites and it spells out what is done and where it goes. I know where to look for the certs.

All of the home assis projects dont seem to mention where to look and what to look for.

thansk kindly for your work and help on this.

troykelly commented 7 months ago

This addon is meant to be a drop-in replacement for the existing certificate generator "LetsEncrypt". The other addon is fine if you expose your server directly, but not if you want to generate one or more certificates on a non-public server.

Most (all?) Home Assistant addons expect the certificates to be in /ssl, and this script follows that pattern. Any additional certificates are in folders under /ssl.