Letsencrypt add-on and transip dns challenge

basm · March 14, 2021, 2:42pm

Hi All,

I’m new to Home Assisant and I’m setting it up for the first time. I’m an IT engineer with with a lot of Windows and infrastructure experience but my linux knowlegde is very basic but it’s growing.

I’ve installed home assistant on a ESXi host with an OVA. So far so good and I’m running now version 2021.3.4.

Security and privacy is high on my list so I started with the add-on for let’s encrypt. Followed the manual but something goes wrong and I can’t get it to work.

This is my config:

email: [email protected]
domains:
  - my.domain.name
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns: {}
provider: dns-transip
propagation_seconds: 240
transip_username: transipusername
transip_api_key: >-

When I start the add on and I checked the log the following lines are there:
[services.d] starting services
[services.d] done.
[14:53:00] INFO: Selected DNS Provider: null
[14:53:00] INFO: Use propagation seconds: 60
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey

I expected that the line selected DNS provider would say TransIP and in the documentation for transip dns challenge it says “The propagation limit will be automatically raised to 240 seconds.”. And in the log it still says 60 seconds.

If I look further under system I noticed that the following lines are written:
21-03-14 14:34:00 WARNING (MainThread) [supervisor.addons.options] Option ‘provider’ does not exist in the schema for Let’s Encrypt (core_letsencrypt)
21-03-14 14:34:00 WARNING (MainThread) [supervisor.addons.options] Option ‘propagation_seconds’ does not exist in the schema for Let’s Encrypt (core_letsencrypt)
21-03-14 14:34:00 WARNING (MainThread) [supervisor.addons.options] Option ‘transip_username’ does not exist in the schema for Let’s Encrypt (core_letsencrypt)
21-03-14 14:34:00 WARNING (MainThread) [supervisor.addons.options] Option ‘transip_api_key’ does not exist in the schema for Let’s Encrypt (core_letsencrypt)

I don’t know what to do now to get this fixed, this goes for now beyond my knowlegde so any help how to get the interface on ssl would be much appreciated.

poudenes · July 27, 2021, 4:59pm

Did you find out to let this work? Im using NPM and want use DNS Challenge with TransIP also

max018 · December 6, 2021, 2:03am

I found this thread while looking for a solution to my issues. Not sure if you’re still looking for a solution, but your hierarchy of the YAML is incorrect for setting the DNS provider. The last several lines are supposed to be under dns.

email: [email protected]
domains:
  - my.domain.name
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns: 
  provider: dns-transip
  propagation_seconds: 240
  transip_username: transipusername
  transip_api_key: >-

My issue turned out to be using - instead of _ in one of the parameters, but I hope this helps someone anyways.

ygmail · January 16, 2022, 7:39pm

I am just trying to setup a dns challange with Transip, but it doesn’t work… I created an API key and so on, but I receive the following error in the log:

Encountered exception during recovery: transip.exceptions.TransIPHTTPError: 401: Your key signature is invalid or API is not enabled in your account

Which is weird, because I am certain I have created the API token. Something with my config? I did it like this:

email: [email protected]
domains:
  - mydomain.tld
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
dns: 
  provider: dns-transip
  transip_username: myusername
  transip_api_key: |
     -----BEGIN PRIVATE KEY-----
     ********************
     -----END PRIVATE KEY-----

Anyone else having issues? I am lost for now…