New acme.sh add-on

Share your Projects! Custom Integrations
1

Hi, first time posting here!
Thought I’d share my add-on acme.sHomeassistant.
https://codeberg.org/hupf/homeassistant-addons/src/branch/main/acmeshomeassistant

It’s an acme.sh wrapper add-on for Home Assistant. I use it for the DNS01 challenges with letsencrypt and the acme-dns api (which sadly isnt supported by the letsencrypt add-on).

Feel free to try it out and give me some feedback :slight_smile:

2 Likes
2

Hi. Thanks for sharing. Plug-in is not a term that is used by HA and I see it is an add-on. Would you mind using that term to avoid confusion?

1 Like
3

Thanks! Fixed

1 Like
4

I was not going to register on Codeberg to log an issue, but the addon fails:

  • The optional fields server/keylength must be added in the UI, otherwise save does not work.

When configured it fails without any proper error messages:

-----------------------------------------------------------
 Add-on: acme.sHomeassistant
 Wrapper around acme.sh client to fetch TLS certificates
-----------------------------------------------------------
 Add-on version: 1.3.0
 You are running the latest version of this add-on.
 System: Home Assistant OS 16.3  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2025.11.3
 Home Assistant Supervisor: 2025.11.4
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/10-acme-init.sh
INFO: Loading configuration...
INFO: Preparing required directories for acme client...
INFO: Starting acme client...
INFO: Configuring Auto Upgrade...
DEBUG: Executing: /usr/bin/acme.sh --upgrade --auto-upgrade --config-home /data/acme.sh
DEBUG: [Sun Nov 23 14:30:50 CET 2025] Already up to date!
DEBUG: [Sun Nov 23 14:30:50 CET 2025] Upgrade successful!
INFO: Installing acme.sh cron job...
DEBUG: Executing: /usr/bin/acme.sh --install-cronjob --config-home /data/acme.sh
DEBUG: [Sun Nov 23 14:30:50 CET 2025] Usinging the current script from: /usr/share/acme.sh/acme.sh
DEBUG: [Sun Nov 23 14:30:50 CET 2025] Installing cron job
INFO: Registering account...
DEBUG: Executing: /usr/bin/acme.sh --register-account -m XXXXXX --server letsencrypt --config-home /data/acme.sh
DEBUG: [Sun Nov 23 14:30:52 CET 2025] Registering account: https://acme-v02.api.letsencrypt.org/directory
DEBUG: [Sun Nov 23 14:30:53 CET 2025] Already registered
DEBUG: [Sun Nov 23 14:30:53 CET 2025] ACCOUNT_THUMBPRINT='Pz8-AzyXPHXh-9VkdIPfnM1_YPHC68AJp825fVfWXN8'
INFO: Issuing certificate for domain(s): ['XXXXXXX']...
DEBUG: Executing: /usr/bin/acme.sh --issue --domain XXXXXXX --keylength ec-256 --dns dns_hetznercloud --server letsencrypt --config-home /data/acme.sh
ERROR: acme client failure!
Traceback (most recent call last):
  File "/etc/acme_wrapper/main.py", line 53, in main
    acme_client.issue(config.domains, config.keylength, config.server, config.dns, dns_env_vars)
  File "/etc/acme_wrapper/acme_client.py", line 77, in issue
    run_command(cmd, dns_env_vars, ok_codes)
  File "/etc/acme_wrapper/utils.py", line 49, in run_command
    raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['/usr/bin/acme.sh', '--issue', '--domain', 'XXXXXXX', '--keylength', 'ec-256', '--dns', 'dns_hetznercloud', '--server', 'letsencrypt', '--config-home', '/data/acme.sh']' returned non-zero exit status 1.
cont-init: info: /etc/cont-init.d/10-acme-init.sh exited 1
cont-init: warning: some scripts exited nonzero
s6-rc: warning: unable to start service legacy-cont-init: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.

FWIW: The Certificate Expiry Addon does support “DNS-Challenges”:

image
image2038×476 9.04 KB

1 Like
5

Hi! Thank you so much for your feedback!
I have released version 1.3.1 of the addon to address some of the issues:

  • The optional fields should now actually be optional.
  • Additionally error messages should now actually be printed to the log.

I also realized that even in v1.3.1 the auto upgrade doesn’t work, since I used the packaged version of acme.sh from alpine. That’s why dns_hetznercloud isn’t available yet.
I’ll probably address this in another upcoming release!

Could you expand on the Certificate Expiry Addon please? I just found a Certificate Expiry Addon which can’t actually issue certificates (I believe).

6

Now in version 1.4.0 it should actually use the most recent version of acme.sh