Skip to content

Latest commit

 

History

History
973 lines (766 loc) · 22.1 KB

File metadata and controls

973 lines (766 loc) · 22.1 KB

Hass.io Add-on: Letsencrypt with Lexicon

Let's Encrypt is a certificate authority that provides free X.509 certificates for Transport Layer Security encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

Supports aarch64 Architecture Supports amd64 Architecture Supports armhf Architecture Supports armv7 Architecture Supports i386 Architecture

About

Setting up Letsencrypt allows you to use validated certificates for your webpages and webinterfaces.

It requires you to own the domain you are requesting the certificate for.

The generated certificate can be used within others addons.

Source Version

Source Lexicon

Installation

The installation of this add-on is straightforward and easy to do.

  1. Navigate in your Home Assistant frontend to Hass.io -> Add-on Store.
  2. Add a new repository by URL https://github.com/troykelly/hassio-addons
  3. Find the "letslexicon" add-on and click it.
  4. Click on the "INSTALL" button.

How to use

Note: You will need to also set up an automation to update your certificates regularly. See "automations" below.

To use this add-on, you need to supply the config for your DNS provider

  • Requires you to use one of the supported DNS providers (See "Supported DNS providers" below)
  • Allows to request wildcard certificates (*.yourdomain.com)
  • Doesn’t need you to open a port to your hass.io host on your router.

Configuration Note

If using the 'UI' editor, do not include the "dns" key. ie in the DNS Configuration section you will just have something like

provider: godaddy
godaddy_auth_key: SPECIFY THE KEY TO ACCESS THE API
godaddy_auth_secret: SPECIFY THE SECRET TO ACCESS THE API

Minimum Configuration

You always need to provide the email and domain entries within the configuration yaml, or in the UI:

email: [email protected]
domains:
  - home-assistant.io

In addition add the fields according to the credentials required by your dns provider (just add the ones you need - not all):

aliyun

dns:
  provider: aliyun
  aliyun_auth_key_id: SPECIFY ACCESS KEY ID FOR AUTHENTICATION
  aliyun_auth_secret: SPECIFY ACCESS SECRET FOR AUTHENTICATION

aurora

dns:
  provider: aurora
  aurora_auth_api_key: SPECIFY API KEY FOR AUTHENTICATION
  aurora_auth_secret_key: SPECIFY THE SECRET KEY FOR AUTHENTICATION

azure

dns:
  provider: azure
  azure_auth_client_id: SPECIFY THE CLIENT ID (AKA APPLICATION ID) OF THE APP REGISTRATION
  azure_auth_client_secret: SPECIFY THE CLIENT SECRET OF THE APP REGISTRATION
  azure_auth_subscription_id: SPECIFY THE SUBSCRIPTION ID ATTACHED TO THE RESOURCE GROUP
  azure_auth_tenant_id: SPECIFY THE TENANT ID (AKA DIRECTORY ID) OF THE APP REGISTRATION
  azure_resource_group: SPECIFY THE RESOURCE GROUP HOSTING THE DNS ZONE TO EDIT

cloudflare

dns:
  provider: cloudflare
  cloudflare_auth_token: SPECIFY TOKEN FOR AUTHENTICATION (GLOBAL API KEY OR API TOKEN)
  cloudflare_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION (FOR GLOBAL API KEY ONLY)
  cloudflare_zone_id: SPECIFY THE ZONE ID (IF SET, API TOKEN CAN BE SCOPED TO THE TARGET ZONE)

cloudns

dns:
  provider: cloudns
  cloudns_auth_id: SPECIFY USER ID FOR AUTHENTICATION
  cloudns_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  cloudns_auth_subid: SPECIFY SUBUSER ID FOR AUTHENTICATION
  cloudns_auth_subuser: SPECIFY SUBUSER NAME FOR AUTHENTICATION
  cloudns_port: SPECIFY THE SRV RECORD PORT
  cloudns_weight: SPECIFY THE SRV RECORD WEIGHT

cloudxns

dns:
  provider: cloudxns
  cloudxns_auth_token: SPECIFY SECRET-KEY FOR AUTHENTICATION
  cloudxns_auth_username: SPECIFY API-KEY FOR AUTHENTICATION

conoha

dns:
  provider: conoha
  conoha_auth_password: SPECIFY API USER PASSWORD FOR AUTHENTICATION. ONLY USED IF –AUTH-TOKEN IS EMPTY.
  conoha_auth_region: SPECIFY REGION. IF EMPTY, REGION ‘TYO1’ WILL BE USED.
  conoha_auth_tenant_id: SPECIFY TENAND ID FOR AUTHENTICATION. ONLY USED IF –AUTH-TOKEN IS EMPTY.
  conoha_auth_token: SPECIFY TOKEN FOR AUTHENTICATION. IF EMPTY, THE USERNAME AND PASSWORD WILL BE USED TO CREATE A TOKEN.
  conoha_auth_username: SPECIFY API USERNAME FOR AUTHENTICATION. ONLY USED IF –AUTH-TOKEN IS EMPTY.

constellix

dns:
  provider: constellix
  constellix_auth_token: SPECIFY SECRET KEY FOR AUTHENTICATE=
  constellix_auth_username: SPECIFY THE API KEY USERNAME FOR AUTHENTICATION

ddns

dns:
  provider: ddns
  ddns_auth_token: SPECIFY THE KEY USED IN FORMAT <ALG>:<KEY_ID>:<SECRET>
  ddns_ddns_server: SPECIFY IP OF THE DDNS SERVER

digitalocean

dns:
  provider: digitalocean
  digitalocean_auth_token: SPECIFY TOKEN FOR AUTHENTICATION

dinahosting

dns:
  provider: dinahosting
  dinahosting_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  dinahosting_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

directadmin

dns:
  provider: directadmin
  directadmin_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION (OR LOGIN KEY FOR TWO-FACTOR AUTHENTICATION)
  directadmin_auth_username: SPECIFY USERNAME FOR AUTHENTICATION
  directadmin_endpoint: SPECIFY THE DIRECTADMIN ENDPOINT

dnsimple

dns:
  provider: dnsimple
  dnsimple_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  dnsimple_auth_token: SPECIFY API TOKEN FOR AUTHENTICATION
  dnsimple_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

dnsmadeeasy

dns:
  provider: dnsmadeeasy
  dnsmadeeasy_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  dnsmadeeasy_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

dnspark

dns:
  provider: dnspark
  dnspark_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  dnspark_auth_username: SPECIFY API KEY FOR AUTHENTICATION

dnspod

dns:
  provider: dnspod
  dnspod_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  dnspod_auth_username: SPECIFY API ID FOR AUTHENTICATION

dnsservices

dns:
  provider: dnsservices
  dnsservices_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  dnsservices_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

dreamhost

dns:
  provider: dreamhost
  dreamhost_auth_token: SPECIFY API KEY FOR AUTHENTICATION

duckdns

dns:
  provider: duckdns
  duckdns_auth_token: SPECIFY THE ACCOUNT TOKEN FOR AUTHENTICATION

dynu

dns:
  provider: dynu
  dynu_auth_token: SPECIFY API KEY FOR AUTHENTICATION

easydns

dns:
  provider: easydns
  easydns_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  easydns_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

easyname

dns:
  provider: easyname
  easyname_auth_password: SPECIFY PASSWORD USED TO AUTHENTICATE
  easyname_auth_username: SPECIFY USERNAME USED TO AUTHENTICATE

euserv

dns:
  provider: euserv
  euserv_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  euserv_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

exoscale

dns:
  provider: exoscale
  exoscale_auth_key: SPECIFY API KEY FOR AUTHENTICATION
  exoscale_auth_secret: SPECIFY API SECRET FOR AUTHENTICATION

flexibleengine

dns:
  provider: flexibleengine
  flexibleengine_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  flexibleengine_zone_id: SPECIFY THE ZONE ID

gandi

dns:
  provider: gandi
  gandi_api_protocol: (OPTIONAL) SPECIFY GANDI API PROTOCOL TO USE: RPC (DEFAULT) OR REST
  gandi_auth_token: SPECIFY GANDI API KEY

gehirn

dns:
  provider: gehirn
  gehirn_auth_secret: SPECIFY ACCESS SECRET FOR AUTHENTICATION
  gehirn_auth_token: SPECIFY ACCESS TOKEN FOR AUTHENTICATION

glesys

dns:
  provider: glesys
  glesys_auth_token: SPECIFY API KEY
  glesys_auth_username: SPECIFY USERNAME (CL12345)

godaddy

dns:
  provider: godaddy
  godaddy_auth_key: SPECIFY THE KEY TO ACCESS THE API
  godaddy_auth_secret: SPECIFY THE SECRET TO ACCESS THE API

googleclouddns

dns:
  provider: googleclouddns
  googleclouddns_auth_service_account_info: SPECIFY THE SERVICE ACCOUNT INFO IN THE GOOGLE JSON FORMAT: CAN BE EITHER THE PATH OF A FILE PREFIXED BY ‘FILE::’ (EG. FILE::/TMP/SERVICE_ACCOUNT_INFO.JSON) OR THE BASE64 ENCODED CONTENT OF THIS FILE PREFIXED BY ‘BASE64::’ (EG. BASE64::EYJHBGCIOYJ…)

gransy

dns:
  provider: gransy
  gransy_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  gransy_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

gratisdns

dns:
  provider: gratisdns
  gratisdns_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  gratisdns_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

henet

dns:
  provider: henet
  henet_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  henet_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

hetzner

dns:
  provider: hetzner
  hetzner_auth_token: SPECIFY HETZNER DNS API TOKEN

hostingde

dns:
  provider: hostingde
  hostingde_auth_token: SPECIFY API KEY FOR AUTHENTICATION

hover

dns:
  provider: hover
  hover_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  hover_auth_totp_secret: SPECIFY BASE32-ENCODED SHARED SECRET TO GENERATE AN OTP FOR AUTHENTICATION
  hover_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

infoblox

dns:
  provider: infoblox
  infoblox_auth_psw: SPECIFY THE PASSWORD TO ACCESS THE INFOBLOX WAPI
  infoblox_auth_user: SPECIFY THE USER TO ACCESS THE INFOBLOX WAPI
  infoblox_ib_host: SPECIFY INFOBLOX HOST EXPOSING THE WAPI
  infoblox_ib_view: SPECIFY DNS VIEW TO MANAGE AT THE INFOBLOX

infomaniak

dns:
  provider: infomaniak
  infomaniak_auth_token: SPECIFY THE TOKEN

internetbs

dns:
  provider: internetbs
  internetbs_auth_key: SPECIFY API KEY FOR AUTHENTICATION
  internetbs_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION

inwx

dns:
  provider: inwx
  inwx_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  inwx_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

joker

dns:
  provider: joker
  joker_auth_token: SPECIFY THE API KEY TO CONNECT TO THE JOKER.COM API

linode

dns:
  provider: linode
  linode_auth_token: SPECIFY API KEY FOR AUTHENTICATION

linode4

dns:
  provider: linode4
  linode4_auth_token: SPECIFY API KEY FOR AUTHENTICATION

localzone

dns:
  provider: localzone
  localzone_filename: SPECIFY LOCATION OF ZONE MASTER FILE

luadns

dns:
  provider: luadns
  luadns_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  luadns_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

memset

dns:
  provider: memset
  memset_auth_token: SPECIFY API KEY FOR AUTHENTICATION

misaka

dns:
  provider: misaka
  misaka_auth_token: SPECIFY TOKEN FOR AUTHENTICATION

mythicbeasts

dns:
  provider: mythicbeasts
  mythicbeasts_auth_password: SPECIFY API CREDENTIALS PASSWORD
  mythicbeasts_auth_token: SPECIFY API TOKEN FOR AUTHENTICATION
  mythicbeasts_auth_username: SPECIFY API CREDENTIALS USERNAME

namecheap

dns:
  provider: namecheap
  namecheap_auth_client_ip: CLIENT IP ADDRESS TO SEND TO NAMECHEAP API CALLS
  namecheap_auth_sandbox: WHETHER TO USE THE SANDBOX SERVER
  namecheap_auth_token: SPECIFY API TOKEN FOR AUTHENTICATION
  namecheap_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

namecom

dns:
  provider: namecom
  namecom_auth_token: SPECIFY AN API TOKEN
  namecom_auth_username: SPECIFY A USERNAME

namesilo

dns:
  provider: namesilo
  namesilo_auth_token: SPECIFY KEY FOR AUTHENTICATION

netcup

dns:
  provider: netcup
  netcup_auth_api_key: SPECIFY API KEY FOR AUTHENTICATION
  netcup_auth_api_password: SPECIFY API PASSWORD FOR AUTHENTICATION
  netcup_auth_customer_id: SPECIFY CUSTOMER NUMBER FOR AUTHENTICATION

nfsn

dns:
  provider: nfsn
  nfsn_auth_token: SPECIFY TOKEN USED TO AUTHENTICATE
  nfsn_auth_username: SPECIFY USERNAME USED TO AUTHENTICATE

njalla

dns:
  provider: njalla
  njalla_auth_token: SPECIFY API TOKEN FOR AUTHENTICATION

nsone

dns:
  provider: nsone
  nsone_auth_token: SPECIFY TOKEN FOR AUTHENTICATION

oci

dns:
  provider: oci
  oci_auth_config_file: THE FULL PATH INCLUDING FILENAME TO AN OCI CONFIGURATION FILE.
  oci_auth_fingerprint: THE FINGERPRINT FOR THE PUBLIC KEY THAT WAS ADDED TO THE CALLING USER.
  oci_auth_key_content: THE FULL CONTENT OF THE CALLING USER’S PRIVATE SIGNING KEY IN PEM FORMAT.
  oci_auth_key_file: THE FULL PATH INCLUDING FILENAME TO THE CALLING USER’S PRIVATE SIGNING KEY IN PEM FORMAT.
  oci_auth_pass_phrase: IF THE PRIVATE KEY IS ENCRYPTED, THE PASS PHRASE MUST BE PROVIDED.
  oci_auth_profile: THE NAME OF THE PROFILE TO USE (CASE-SENSITIVE).
  oci_auth_region: AN OCI REGION IDENTIFIER. SELECT THE CLOSEST REGION FOR BEST PERFORMANCE.
  oci_auth_tenancy: THE OCID OF YOUR TENANCY.
  oci_auth_type: VALID OPTIONS ARE ‘API_KEY’ (DEFAULT) OR ‘INSTANCE_PRINCIPAL’.
  oci_auth_user: THE OCID OF THE USER CALLING THE API.

onapp

dns:
  provider: onapp
  onapp_auth_server: SPECIFY URL TO THE ONAPP CONTROL PANEL SERVER
  onapp_auth_token: SPECIFY API KEY FOR THE ONAPP ACCOUNT
  onapp_auth_username: SPECIFY EMAIL ADDRESS OF THE ONAPP ACCOUNT

online

dns:
  provider: online
  online_auth_token: SPECIFY PRIVATE API TOKEN

ovh

dns:
  provider: ovh
  ovh_auth_application_key: SPECIFY THE APPLICATION KEY
  ovh_auth_application_secret: SPECIFY THE APPLICATION SECRET
  ovh_auth_consumer_key: SPECIFY THE CONSUMER KEY
  ovh_auth_entrypoint: SPECIFY THE OVH ENTRYPOINT

plesk

dns:
  provider: plesk
  plesk_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  plesk_auth_username: SPECIFY USERNAME FOR AUTHENTICATION
  plesk_plesk_server: SPECIFY URL TO THE PLESK WEB UI, INCLUDING THE PORT

pointhq

dns:
  provider: pointhq
  pointhq_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  pointhq_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

porkbun

dns:
  provider: porkbun
  porkbun_auth_key: SPECIFY API KEY FOR AUTHENTICATION
  porkbun_auth_secret: SPECIFY SECRET API KEY FOR AUTHENTICATION

powerdns

dns:
  provider: powerdns
  powerdns_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  powerdns_pdns_disable_notify: DISABLE SLAVE NOTIFICATIONS FROM MASTER
  powerdns_pdns_server: URI FOR POWERDNS SERVER
  powerdns_pdns_server_id: SERVER ID TO INTERACT WITH

rackspace

dns:
  provider: rackspace
  rackspace_auth_account: SPECIFY ACCOUNT NUMBER FOR AUTHENTICATION
  rackspace_auth_api_key: SPECIFY API KEY FOR AUTHENTICATION. ONLY USED IF –AUTH-TOKEN IS EMPTY.
  rackspace_auth_token: SPECIFY TOKEN FOR AUTHENTICATION. IF EMPTY, THE USERNAME AND API KEY WILL BE USED TO CREATE A TOKEN.
  rackspace_auth_username: SPECIFY USERNAME FOR AUTHENTICATION. ONLY USED IF –AUTH-TOKEN IS EMPTY.
  rackspace_sleep_time: NUMBER OF SECONDS TO WAIT BETWEEN UPDATE REQUESTS.

rage4

dns:
  provider: rage4
  rage4_auth_token: SPECIFY TOKEN FOR AUTHENTICATION
  rage4_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

rcodezero

dns:
  provider: rcodezero
  rcodezero_auth_token: SPECIFY TOKEN FOR AUTHENTICATION

route53

dns:
  provider: route53
  route53_auth_access_key: SPECIFY ACCESS_KEY FOR AUTHENTICATION
  route53_auth_access_secret: SPECIFY ACCESS_SECRET FOR AUTHENTICATION
  route53_auth_token: ALTERNATIVE WAY TO SPECIFY THE ACCESS_SECRET FOR AUTHENTICATION
  route53_auth_username: ALTERNATIVE WAY TO SPECIFY THE ACCESS_KEY FOR AUTHENTICATION
  route53_private_zone: INDICATES WHAT KIND OF HOSTED ZONE TO USE. IF TRUE, USE ONLY PRIVATE ZONES. IF FALSE, USE ONLY PUBLIC ZONES
  route53_zone_id: THE AWS HOSTEDZONE ID TO USE; E.G. ‘A1B2ZABCDEFGHI’

safedns

dns:
  provider: safedns
  safedns_auth_token: SPECIFY THE API KEY TO AUTHENTICATE WITH

sakuracloud

dns:
  provider: sakuracloud
  sakuracloud_auth_secret: SPECIFY ACCESS SECRET FOR AUTHENTICATION
  sakuracloud_auth_token: SPECIFY ACCESS TOKEN FOR AUTHENTICATION

softlayer

dns:
  provider: softlayer
  softlayer_auth_api_key: SPECIFY API PRIVATE KEY FOR AUTHENTICATION
  softlayer_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

transip

dns:
  provider: transip
  transip_auth_api_key: SPECIFY THE PRIVATE KEY TO USE FOR API AUTHENTICATION, IN PEM FORMAT: CAN BE EITHER THE PATH OF THE KEY FILE (EG. /TMP/KEY.PEM) OR THE BASE64 ENCODED CONTENT OF THIS FILE PREFIXED BY ‘BASE64::’ (EG. BASE64::EYJHBGCIOYJ…)
  transip_auth_key_is_global: SET THIS FLAG IS THE PRIVATE KEY USED IS A GLOBAL KEY WITH NO IP WHITELIST RESTRICTION
  transip_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

ultradns

dns:
  provider: ultradns
  ultradns_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  ultradns_auth_token: SPECIFY TOKEN FOR AUTHENTICATION; IF NOT SET –AUTH-TOKEN, –AUTH-PASSWORD ARE USED
  ultradns_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

valuedomain

dns:
  provider: valuedomain
  valuedomain_auth_token: SPECIFY YOUYR API TOKEN

vercel

dns:
  provider: vercel
  vercel_auth_token: SPECIFY YOUR API TOKEN

vultr

dns:
  provider: vultr
  vultr_auth_token: SPECIFY TOKEN FOR AUTHENTICATION

webgo

dns:
  provider: webgo
  webgo_auth_password: SPECIFY PASSWORD FOR AUTHENTICATION
  webgo_auth_username: SPECIFY USERNAME FOR AUTHENTICATION

wedos

dns:
  provider: wedos
  wedos_auth_pass: SPECIFY PASSWORD FOR WAPI
  wedos_auth_username: SPECIFY EMAIL ADDRESS FOR AUTHENTICATION

yandex

dns:
  provider: yandex
  yandex_auth_token: SPECIFY PDD TOKEN (HTTPS://YANDEX.COM/DEV/DOMAIN/DOC/CONCEPTS/ACCESS.HTML)

yandexcloud

dns:
  provider: yandexcloud
  yandexcloud_auth_token: SPECIFY THE IAM TOKEN (HTTPS://CLOUD.YANDEX.COM/EN/DOCS/DNS/API-REF/AUTHENTICATION)
  yandexcloud_cloud_id: SPECIFY THE CLOUD ID (VISIBLE IN THE CLOUD SELECTOR IN THE WEB INTERFACE), MIGHT BE NEEDED IF DNS ZONE ID IS NOT SET
  yandexcloud_dns_zone_id: SPECIFY THE DNS ZONE ID (CAN BE OBTAINED FROM WEB INTERFACE)
  yandexcloud_folder_id: SPECIFY THE FOLDER ID (HTTPS://CLOUD.YANDEX.COM/EN/DOCS/RESOURCE-MANAGER/OPERATIONS/FOLDER/GET-ID) MIGHT BE NEEDED IF DNS ZONE ID IS NOT SET

zeit

dns:
  provider: zeit
  zeit_auth_token: SPECIFY YOUR API TOKEN

zilore

dns:
  provider: zilore
  zilore_auth_key: SPECIFY THE ZILORE API KEY TO USE

zonomi

dns:
  provider: zonomi
  zonomi_auth_entrypoint: USE ZONOMI OR RIMUHOSTING API
  zonomi_auth_token: SPECIFY TOKEN FOR AUTHENTICATION

Configuration

Add-on configuration:

email: [email protected]
domains:
  - home-assistant.io
dns:
  provider: dns-cloudflare
  cloudflare_username: [email protected]
  cloudflare_token: 31242lk3j4ljlfdwsjf0

Supported DNS providers

  • aliyun
  • aurora
  • azure
  • cloudflare
  • cloudns
  • cloudxns
  • conoha
  • constellix
  • ddns
  • digitalocean
  • dinahosting
  • directadmin
  • dnsimple
  • dnsmadeeasy
  • dnspark
  • dnspod
  • dnsservices
  • dreamhost
  • duckdns
  • dynu
  • easydns
  • easyname
  • euserv
  • exoscale
  • flexibleengine
  • gandi
  • gehirn
  • glesys
  • godaddy
  • googleclouddns
  • gransy
  • gratisdns
  • henet
  • hetzner
  • hostingde
  • hover
  • infoblox
  • infomaniak
  • internetbs
  • inwx
  • joker
  • linode
  • linode4
  • localzone
  • luadns
  • memset
  • misaka
  • mythicbeasts
  • namecheap
  • namecom
  • namesilo
  • netcup
  • nfsn
  • njalla
  • nsone
  • oci
  • onapp
  • online
  • ovh
  • plesk
  • pointhq
  • porkbun
  • powerdns
  • rackspace
  • rage4
  • rcodezero
  • route53
  • safedns
  • sakuracloud
  • softlayer
  • transip
  • ultradns
  • valuedomain
  • vercel
  • vultr
  • webgo
  • wedos
  • yandex
  • yandexcloud
  • zeit
  • zilore
  • zonomi

Automations

To save on system resources, the container for this addon shuts down on completion. The process will not renew your certificates unless they are nearing expriy, so you can and should check every day, in case for some reason there has been a failure to check.

The service slug for this addon is 99c39c95_letslexicon.

Via the UI

Create a time triggered script (to be friendly to Let's Encrypt don't set it "on the hour" - set it for 02:38 for example). The script just needs to call a service, as below:

restart_addon

Manually creating

- id: certrenew
  alias: Check for certificate renewal
  description: Starts the Let's Lexicon Addon every day
  trigger:
    - platform: time
  at: 13260
  condition: []
  action:
    - service: hassio.addon_start
  data:
  addon: 99c39c95_letslexicon
  mode: single

Known issues and limitations

  • I made this in an afternoon because the core Let's Encrypt Add-on didn't support lexicon. Go easy.

Support

Got questions?

You have several options to get them answered:

In case you've found a bug, please open an issue on our GitHub.