Closed jwaltrip4 closed 7 months ago
Hi @jwaltrip4
Is there any log after the deploy challenge (deploy_challenge
)?
It can take a few minutes to create the DNS records, and the prove the challenge with Let's Encrypt, but you should have something like the below after your last log line...
+ 1 pending challenge(s)
+ Deploying challenge tokens...
deploy_challenge called: test004.example.invalid, REDACTED, REDACTED
RESULT
------
True
+ Responding to challenge for test004.example.invalid authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
clean_challenge called: test004.example.invalid, REDACTED, REDACTED
RESULT
------
True
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
deploy_cert called: test004.example.invalid, /ssl/test004_example_invalid/privkey.pem, /ssl/test004_example_invalid/cert.pem, /ssl/test004_example_invalid/fullchain.pem, /ssl/test004_example_invalid/chain.pem
+ Done!
[13:48:21] INFO: Copying domains and keys
[13:48:21] INFO: Cleaning Up
# INFO: Using main config file /etc/dehydrated/config
[13:48:21] INFO: Certificates refreshed at @ 13:48:21
I waited longer... this seems to be complete log.
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-banner.sh
-----------------------------------------------------------
Add-on: Let's Encrypt with Lexicon
Manage certificate from Let's Encrypt using Lexicon DNS
-----------------------------------------------------------
Add-on version: 3.0.2
You are running the latest version of this add-on.
System: Home Assistant OS 11.2 (amd64 / qemux86-64)
Home Assistant Core: 2023.12.3
Home Assistant Supervisor: 2023.11.6
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
cont-init: info: /etc/cont-init.d/00-banner.sh exited 0
cont-init: info: running /etc/cont-init.d/01-log-level.sh
cont-init: info: /etc/cont-init.d/01-log-level.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun certificates (no readiness notification)
s6-rc: info: service legacy-services successfully started
[11:44:21] INFO: Starting Certificate Refresh...
[11:44:21] INFO: Seconds between each refresh is set to: 86400
[11:44:34] INFO: [REDACTED]: REDACTED
[11:44:34] INFO: Requesting domains from LetsEncrypt
# Home Assistant Domains
# Provider: null
REDACTED > REDACTED
# END Home Assistant Domains
# INFO: Using main config file /etc/dehydrated/config
Processing hazmat.waltrips.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for hazmat.waltrips.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
deploy_challenge called: REDACTED, REDACTED, REDACTED
usage: lexicon [-h] [--version] [--delegated DELEGATED]
[--config-dir CONFIG_DIR]
{aliyun,aurora,auto,azure,cloudflare,cloudns,cloudxns,conoha,constellix,ddns,digitalocean,dinahosting,directadmin,dnsimple,dnsmadeeasy,dnspark,dnspod,dreamhost,dynu,easydns,easyname,euserv,exoscale,gandi,gehirn,glesys,godaddy,googleclouddns,gransy,gratisdns,henet,hetzner,hostingde,hover,infoblox,infomaniak,internetbs,inwx,joker,linode,linode4,localzone,luadns,memset,misaka,mythicbeasts,namecheap,namecom,namesilo,netcup,nfsn,njalla,nsone,oci,onapp,online,ovh,plesk,pointhq,porkbun,powerdns,rackspace,rage4,rcodezero,route53,safedns,sakuracloud,softlayer,transip,ultradns,valuedomain,vercel,vultr,webgo,yandex,yandexcloud,zeit,zilore,zonomi}
...
lexicon: error: argument provider_name: invalid choice: 'null' (choose from 'aliyun', 'aurora', 'auto', 'azure', 'cloudflare', 'cloudns', 'cloudxns', 'conoha', 'constellix', 'ddns', 'digitalocean', 'dinahosting', 'directadmin', 'dnsimple', 'dnsmadeeasy', 'dnspark', 'dnspod', 'dreamhost', 'dynu', 'easydns', 'easyname', 'euserv', 'exoscale', 'gandi', 'gehirn', 'glesys', 'godaddy', 'googleclouddns', 'gransy', 'gratisdns', 'henet', 'hetzner', 'hostingde', 'hover', 'infoblox', 'infomaniak', 'internetbs', 'inwx', 'joker', 'linode', 'linode4', 'localzone', 'luadns', 'memset', 'misaka', 'mythicbeasts', 'namecheap', 'namecom', 'namesilo', 'netcup', 'nfsn', 'njalla', 'nsone', 'oci', 'onapp', 'online', 'ovh', 'plesk', 'pointhq', 'porkbun', 'powerdns', 'rackspace', 'rage4', 'rcodezero', 'route53', 'safedns', 'sakuracloud', 'softlayer', 'transip', 'ultradns', 'valuedomain', 'vercel', 'vultr', 'webgo', 'yandex', 'yandexcloud', 'zeit', 'zilore', 'zonomi')
ERROR: deploy_challenge hook returned with non-zero exit code
[11:44:48] WARNING: certificate refresh crashed, halting add-on
[11:44:48] INFO: certificate refresh stoped, restarting...
s6-rc: info: service legacy-services: stopping
[11:44:48] INFO: certificate refresh stoped, restarting...
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped```
Also... does this adding install certbot, etc as part of its install..... or does this need to be sintalleed separatly?
@jwaltrip4 Do you have the configuration items for GoDaddy on the configuration page? It should look something like the screenshot below.
Also... does this adding install certbot, etc as part of its install..... or does this need to be sintalleed separately?
Long answer: Addon's are all self-contained docker containers, anything they need will (typically) be part of the docker image.
Short answer: Nothing needs to be installed apart from the addon.
My config looks just like that, excep I have the actual key and secret :)
How does my second log look? is this working?
Where does the app put the PEM files?
Also... I am running the KVM image from HA.... do the addons install as docker images on that?
@jwaltrip4 Can you provide a sanitised example of your setup. It doesn't look like you are setting the data per the documentation, there should be lines like the below:
[16:39:39] INFO: Set godaddy_auth_key
[16:39:39] INFO: Set godaddy_auth_secret
I've added more debugging output in version 3.0.6
, but from what I can see the configuration isn't set, or it's not set correctly.
If you change to yaml
mode:
You should have something like:
I don't have a GoDaddy account, so I can't test that GoDaddy specifically is working, but given I can't see the important log entries with regard to setting the godaddy data, and the provider type - I'm guessing it's a config issue.
Here is the YAML
email: waltrip.alt@gmail.com
updatedelay: 30
domains:
- XXXXXXX.waltrips.com
certfile: fullchain.pem
keyfile: privkey.pem
dns:
dns:
provider: godaddy
godaddy_auth_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
godaddy_auth_secret: XXXXXXXXXXXXXXXXXXXXXXX
I will also do some work with my key and secreat to make sure they are working. I created them for this, but will look and see if I can create a script to make sure.
Note: was was able to create DNS records with a script using the key and secret
There's two dns:
's
email: waltrip.alt@gmail.com
updatedelay: 30
domains:
- XXXXXXX.waltrips.com
certfile: fullchain.pem
keyfile: privkey.pem
dns:
provider: godaddy
godaddy_auth_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
godaddy_auth_secret: XXXXXXXXXXXXXXXXXXXXXXX
That seems to have fixed it.
On thing that confuses me about all of the various tools is none seem to explain the mechanics. I use Lets encyopt for my apache websites and it spells out what is done and where it goes. I know where to look for the certs.
All of the home assis projects dont seem to mention where to look and what to look for.
thansk kindly for your work and help on this.
This addon is meant to be a drop-in replacement for the existing certificate generator "LetsEncrypt". The other addon is fine if you expose your server directly, but not if you want to generate one or more certificates on a non-public server.
Most (all?) Home Assistant addons expect the certificates to be in /ssl
, and this script follows that pattern. Any additional certificates are in folders under /ssl
.
Problem/Motivation
Installed addin. Filled out configuration. Ran it. No cert created,
Expected behavior
Certificates created and linked to HA
Actual behavior
Here is log,
Steps to reproduce
See above. installed, configed, ran.
Am I missing something?
Proposed changes