LetsEncrypt Development Direction

Development
1

Hi,
I’d like to ask someone more familiar for direction. I would like to contribute and fix missing feature that impacts me - ability to issue LetsEncrypt certificates using Scaleway DNS API as dns challenge. This is currently handled by official Let’s Encrypt Addon. While there are options to install community plugins, etc. I’d like to get this to official addon.

I raised PR LetsEncrypt: Add support for Scaleway DNS by blami · Pull Request #4139 · home-assistant/addons · GitHub and it was closed with valid reason that certbot-dns-scaleway plugin I used looks stale. @agners who closed the PR recommended (not only to me but to few other fellow contributors who wanted to do same for whatever else provider) to use certbot-dns-multi which is wrapper over go-acme/lego that itself is up to date but Python wrapper certbot-dns-multi seems to:

  1. be using outdated and defunct setuptools-golang which cannot work as Go dropped ability to support multiple Go shared objects within single Python binary (you cannot load 2 native modules built using Go) - that is minor annoyance for us as we need only one, bigger issue I see is build dependency of certbot-dns-multi is deprecated and archived without replacement.

  2. currently does not work with Alpine because their choice of libc (musl) does not support init TLS when doing dlopen() and libraries built using Go (such as certbot-dns-multi) require this. There is way to “workaround” but requires musl to be build with extra settings which Alpine does not do.

I am willing to contribute and get support for new DNS providers as I believe HA should support vast array of options and have clear way forward for adding support for these.

Besides me taking ownership of outdated Scaleway plugin (which only solves Scaleway if accepted as solution to move my PR forward) what are our options? certbot-dns-multi does not seem great for limitations I listed above.

Would it be ok to completely redo letsencrypt as to use e.g. acme.sh or lego directly as they both support more providers than certbot Python addon does and seem to be less prone to staleness than certbots “no more core plugins” seem-to-be-policy.

I am willing to take on this task and make sure everything is backwards compatible, or eventually create new official acme.sh plugin (but feel having two would be a bit confusing for newcomers), just want some validation or explanation what is the expectation and longer-term vision when it comes to adding more DNS providers.

Thanks!

2

I’d suggest you join the HA Discord server and give yourself the developer role so you have access to the developer channels. A lot more dev discussion happens there.

1 Like
3

Thanks, I will do so. I am new to HA development and in APAC timezone so wanted to see if there’s asynchronous channel like mailinglist.

4

I am just puzzled that no wrapper for acme.sh is written, this would then be straightforward.