Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let's Encrypt: dns_transip_global_key should be yes or no #3876

Open
rbeumer opened this issue Dec 30, 2024 · 5 comments
Open

Let's Encrypt: dns_transip_global_key should be yes or no #3876

rbeumer opened this issue Dec 30, 2024 · 5 comments
Labels
add-on: letsencrypt

Comments

@rbeumer
Copy link

rbeumer commented Dec 30, 2024

Describe the issue you are experiencing

The renewal of my certificate is suddenly failing. I'm seeing the following error in the logs:

[09:18:58] INFO: Selected DNS Provider: dns-transip
[09:18:58] INFO: Use propagation seconds: 60
[09:18:58] INFO: Increasing DNS propagation limit for TransIP to at least 240 seconds.
[09:18:58] INFO: Detecting existing certificate type for [redacted]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[09:19:03] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for [redacted]
Encountered exception during recovery: ValueError: dns_transip_global_key should have either 'yes' or 'no' as value
An unexpected error occurred:
ValueError: dns_transip_global_key should have either 'yes' or 'no' as value
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

dns_transip_global_key has been added to my addon config but it keeps failing and giving the same error message:

domains:
  - "*.[redacted]"
email: [redacted]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
  provider: dns-transip
  dns_transip_global_key: 'yes' (with or without quotes)
  transip_username: [redacted]
  transip_api_key: |
    [redacted]
keytype: rsa

Changing the value to no also doesn't change the behavior

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.2.10

Steps to reproduce the issue

  1. start the addon and check the logs

System Health information

There are currently no repairs pending

Anything in the Supervisor logs that might be useful for us?

2024-12-30 09:27:12.339 ERROR (SyncWorker_1) [supervisor.docker.manager] Container addon_core_letsencrypt is not running
2024-12-30 09:27:31.086 WARNING (MainThread) [supervisor.addons.options] Unknown option 'dns_transip_global_key' for Let's Encrypt (core_letsencrypt)
2024-12-30 09:27:31.087 WARNING (MainThread) [supervisor.addons.options] Option 'keytype' does not exist in the schema for Let's Encrypt (core_letsencrypt)

Anything in the add-on logs that might be useful for us?

See the issue description

Additional information

No response
@agners
Copy link
Member

agners commented Dec 30, 2024

Hm, I see the parameter has been introduced with #3835, and is now essentially mandatory for DNS challenge of type dns-transip. Ideally I guess the script would just assume a default value if not given to prevent breaking existing configs. This also got discussed here:
#3855 (comment)

FWIW, the correct name of the add-on config option is transip_global_key (without the dns_ prefix). Then it should work for you.

@Ascathon
Copy link

Ascathon commented Jan 3, 2025

Yep, that did work (without dns_). Thank you.

@rrooggiieerr
Copy link

Hi! Just wanted to share that my existing dns-transip config broke due to the missing transip_global_key. I think it should use a default setting if the option is missing.

@eakoning
Copy link

Would it be possible to somehow intercept these kinds of messages (like An unexpected error occurred: ValueError: dns_transip_global_key should have either 'yes' or 'no' as value) from various logs inside HA and render them on a dashboard in an overview so you can see something is failing hard? I really had no clue my cert was expired and could not be renewed of this and then all of a sudden everything falls apart. No way to use the app or bookmarked URLs to the application. All not working. That's kind of annoying.

What I'm asking is a simple way to get notified in your dashboard that something needs to be looked at ASAP, without having to grind through the logs of all moving parts, integrations, add-ons and whatnot every other day.

@hapklaar
Copy link

hapklaar commented Feb 1, 2025

Same issue here. Would be great if errors like these would be shown as a HASS notification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
add-on: letsencrypt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@agners @eakoning @rbeumer @hapklaar @rrooggiieerr @Ascathon