Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let's Encrypt: Selected DNS Provider: null #3790

Open
orcaman98 opened this issue Oct 8, 2024 · 8 comments
Open

Let's Encrypt: Selected DNS Provider: null #3790

orcaman98 opened this issue Oct 8, 2024 · 8 comments

Comments

@orcaman98
Copy link

orcaman98 commented Oct 8, 2024
edited
Loading

Describe the issue you are experiencing

Let's Encrypt fails to obtain certificate using DNS method.

Log contains these key lines:

[16:51:18] INFO: Selected DNS Provider: null
certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey

Used configuration:

email: [email protected]
domains:
  - also.censored.com
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns:
  provider: dns-dynu
  dynu_auth_token: obviouslycensored

Example configuration in addon documentation:

email: [email protected]
domains:
  - your.domain.tld
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns:
  provider: dns-dynu
  dynu_auth_token: 0123456789abcdef

Issue has existed since the introduction of Dynu DNS support for this add-on, as far as I know. I've previously obtained a certificate by using certbot directly, bypassing this add-on. I just got tired of waiting for someone else to report it.

The slight email formatting difference in the configuration does not seem to be relevant in testing. I think the formatting I initially used and show here was generated by the form.

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.2.1

Steps to reproduce the issue

1.Configure addon using form, possibly edit generated config file.
2. Save configuration and restart addon.
3. Run, and view log.
...

System Health information

System Information

version core-2024.10.1
installation_type Home Assistant OS
dev false
hassio true
docker true
user root
virtualenv false
python_version 3.12.4
os_name Linux
os_version 6.6.31-haos-raspi
arch aarch64
timezone America/New_York
config_dir /config
Home Assistant Cloud
logged_in false
can_reach_cert_server ok
can_reach_cloud_auth ok
can_reach_cloud ok
Home Assistant Supervisor
host_os Home Assistant OS 13.1
update_channel stable
supervisor_version supervisor-2024.10.0
agent_version 1.6.0
docker_version 26.1.4
disk_total 234.3 GB
disk_used 12.4 GB
healthy true
supported true
host_connectivity true
supervisor_connectivity true
ntp_synchronized true
virtualization
board rpi4-64
supervisor_api ok
version_api ok
installed_addons Mosquitto broker (6.4.1), Let's Encrypt (5.2.1), Z-Wave JS UI (3.13.2), openWakeWord (1.10.0), Whisper (2.1.2), Advanced SSH & Web Terminal (19.0.0), Studio Code Server (5.17.1), NGINX Home Assistant SSL proxy (3.11.0), Piper (1.5.2), Rhasspy 3 (en) (0.0.4)
Dashboards
dashboards 2
resources 0
views 7
mode storage
Recorder
oldest_recorder_run October 3, 2024 at 4:38 AM
current_recorder_run October 8, 2024 at 4:49 PM
estimated_db_size 60.46 MiB
database_engine sqlite
database_version 3.45.3

Anything in the Supervisor logs that might be useful for us?

Logger: homeassistant.components.hassio
Source: components/hassio/websocket_api.py:135
integration: Home Assistant Supervisor (documentation, issues)
First occurred: 4:51:36 PM (5 occurrences)
Last logged: 5:04:34 PM

Failed to to call /addons/core_letsencrypt/stats - Container addon_core_letsencrypt is not running

Anything in the add-on logs that might be useful for us?

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[16:59:32] INFO: Selected DNS Provider: null
[16:59:32] INFO: Use propagation seconds: 60
[16:59:32] INFO: Detecting existing certificate type for censored.censored.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[16:59:37] INFO: Existing certificate using 'rsa' key type.
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Additional information

No response
@orcaman98
Copy link
Author

Edited to mark config file samples as code snippets to prevent misleading display errors.

@evaneaston
Copy link

I'm seeing this as well.

@evaneaston
Copy link

Strike that. I logged in via SSH and found the config file (/mnt/data/supervisor/addons/data/core_letsencrypt/options.json) and found that the dns key had and empty object. For example:

{
  "domains": [
    "domain1",
    "domain2"
  ],
  "email": "***",
  "keyfile": "privkey.pem",
  "certfile": "fullchain.pem",
  "challenge": "dns",
  "dns": {}
}

I had simply entered the wrong thing in my configuration. When I changed it to look like this it worked.

nginx-config

@orcaman98
Copy link
Author

If I format mine the same way you did yours, I get:
Failed to save add-on configuration, Missing option 'dns' in root in Let's Encrypt (core_letsencrypt)

I suppose it's noteworthy that I did NOT get that error in my earlier attempts.

I'm on HA OS, and haven't yet found an equivalent store with that json you posted.

@evaneaston
Copy link

Yeah. I'm on HAOS as well. I don't see anywhere in the UI to specify it either. I recently went to the trouble of setting up ssh access to the host OS specifically so I could workaround a handful of deficiencies in the UI.

I did try the Nginx Proxy Manager, but it doesn't support DNS ACME challenges on my hosting provider. And I think I would have had to manually copy certs into the add-on container...which requires host ssh access.

At least the official NGINX Home Assistant SSL proxy mounts /ssl and the Lets Encrypt add on works with my DNS provider.

@orcaman98
Copy link
Author

I'm using this addon https://github.com/hassio-addons/addon-ssh for SSH access, and /data and /mnt appear empty with ls -a

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Nov 17, 2024
@orcaman98
Copy link
Author

This is still an issue.

@github-actions github-actions bot removed the stale label Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evaneaston @orcaman98