Fix route53, add google dns, fix documentation (#988)

* #987 fixed documentation link

* fix route53, add google dns, fix documentation

* Using "null", using share folder for google dns

* Additional documentation added

* Added argument array

* Update CHANGELOG.md

* Update config.json

* Update README.md

* Fix code style

Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>

README.md

@@ -61,7 +61,7 @@ systems that have installed Hass.io.
 
     HomeMatic central based on OCCU.
 
-- **[Let's Encrypt](/duckdns/README.md)**
+- **[Let's Encrypt](/letsencrypt/README.md)**
 
     Manage an create certificates from Let's Encrypt.
 

letsencrypt/CHANGELOG.md

@@ -2,8 +2,10 @@
 
 ## 4.3
 
+- Added support for google dns
+- Fixed AWS support
+- Updated documentation
 - Update cerbot to 1.0.0
-- Fix issue with DNS provider AWS
 
 ## 4.2
 

letsencrypt/README.md

@@ -9,7 +9,7 @@ Let's Encrypt is a certificate authority that provides free X.509 certificates f
 Setting up Letsencrypt allows you to use validated certificates for your webpages and webinterfaces.
 It requires you to own the domain you are requesting the certificate for.
 
-The generated certificate can be used within others addons.
+The generated certificate can be used within others addons. By default the path and file for the certificates within other addons will refer to the files generated within this addon.
 
 ## Installation
 
@@ -23,20 +23,20 @@ Follow these steps to get the add-on installed on your system:
 
 To use this add-on, you have two options on how to get your certificate:
 
-1. http challenge:
+### 1. http challenge:
    - Requires Port 80 to be available from the internet and your domain assigned to the externally assigned IP address
    - Doesnt allow wildcard certificates (*.yourdomain.com).
 
-2. dns challenge
+### 2. dns challenge
    - Requires you to use one of the supported DNS providers (See "Supported DNS providers" below)
    - Allows to request wildcard certificates (*.yourdomain.com)
    - Doesn’t need you to open a port to your hass.io host on your router.
 
-You always need to provide the following entries within the configuration:
+### You always need to provide the following entries within the configuration:
 
 ```json
   "email": "your@email.com"
-  "domains": "yourdomain.com" // use "*.yourdomain.com" for wildcard certificates.
+  "domains": ["yourdomain.com"] // use "*.yourdomain.com" for wildcard certificates.
   "challenge": "http OR dns"
 ```
 
@@ -57,6 +57,7 @@ In addition add the fields according to the credentials required by your dns pro
 "dnsimple_token": "",
 "dnsmadeeasy_api_key": "",
 "dnsmadeeasy_secret_key": "",
+"google_creds": "", (Credentials file)
 "gehirn_api_token": "",
 "gehirn_api_secret": "",
 "linode_key": "",
@@ -79,16 +80,34 @@ In addition add the fields according to the credentials required by your dns pro
 "sakuracloud_api_secret": ""
 ```
 
-## Configuration
+## Example Configurations
 
-Add-on configuration:
 
+### http challenge:
 ```json
 {
   "email": "hello@home-assistant.io",
   "domains": [
     "home-assistant.io"
   ],
+  "certfile": "fullchain.pem",
+  "keyfile": "privkey.pem",
+  "challenge": "http",
+  "dns": {
+    }
+}
+```
+
+
+### dns challenge:
+```json
+{
+  "email": "hello@home-assistant.io",
+  "domains": [
+    "home-assistant.io"
+  ],
+  "certfile": "fullchain.pem",
+  "keyfile": "privkey.pem",
   "challenge": "dns",
   "dns": {
     "provider": "dns-cloudflare",
@@ -98,6 +117,41 @@ Add-on configuration:
 }
 ```
 
+
+### google dns challenge:
+```json
+{
+  "email": "hello@home-assistant.io",
+  "domains": [
+    "home-assistant.io"
+  ],
+  "certfile": "fullchain.pem",
+  "keyfile": "privkey.pem",
+  "challenge": "dns",
+  "dns": {
+    "provider": "dns-google",
+    "google_creds": "google.json"
+  }
+}
+```
+Please copy your credentials file "google.json" into the "share" shared folder on the hass.io host before starting the service. 
+
+One way is to use the "Samba" add on to make the folder available via network or SSH Add-on.
+
+
+The credential file can be created and downloaded when creating the service user within the Google cloud.
+You can find additional information in regards to the required permissions in the "credentials" section here:
+
+https://github.com/certbot/certbot/blob/master/certbot-dns-google/certbot_dns_google/__init__.py
+
+## Certificate files
+
+The certificate files will be available within the "ssl" share after sucessful request of the certificates.
+
+By default other addons are refering to the correct path of the certificates.
+You can in addition find the files via the "samba" addon within the "ssl" share.
+
+
 ## Supported DNS providers
 
 ```json
@@ -107,7 +161,7 @@ dns-digitalocean
 dns-dnsimple
 dns-dnsmadeeasy
 dns-gehirn
-dns-google (Currently not fully implemented)
+dns-google
 dns-linode
 dns-luadns
 dns-nsone
@@ -119,7 +173,6 @@ dns-sakuracloud
 
 ## Known issues and limitations
 
-- Currently the google dns provider is not supported. Let us know if you want to use google, so we can test the required settings together.
 
 ## Support
 

letsencrypt/config.json

@@ -1,6 +1,6 @@
 {
   "name": "Let's Encrypt",
-  "version": "4.2",
+  "version": "4.3",
   "slug": "letsencrypt",
   "description": "Manage certificate from Let's Encrypt",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/letsencrypt",
@@ -13,7 +13,7 @@
   "ports_description": {
     "80/tcp": "Only needed for http challenge"
   },
-  "map": ["ssl:rw"],
+  "map": ["ssl:rw", "share"],
   "options": {
     "email": null,
     "domains": [null],
@@ -40,6 +40,7 @@
       "dnsmadeeasy_secret_key": "str?",
       "gehirn_api_token": "str?",
       "gehirn_api_secret": "str?",
+      "google_creds": "str?",
       "linode_key": "str?",
       "linode_version": "str?",
       "luadns_email": "email?",

letsencrypt/data/run.sh

@@ -7,6 +7,12 @@ CERTFILE=$(bashio::config 'certfile')
 CHALLENGE=$(bashio::config 'challenge')
 DNS_PROVIDER=$(bashio::config 'dns.provider')
 
+if [[ "$CHALLENGE" == "dns" ]]; then
+  bashio::log.info "Selected DNS Provider: $(bashio::config 'dns.provider')"
+else
+  bashio::log.info "Selected http verification"
+fi
+
 CERT_DIR=/data/letsencrypt
 WORK_DIR=/data/workdir
 
@@ -15,6 +21,7 @@ mkdir -p "$CERT_DIR"
 mkdir -p "/ssl"
 chmod +x /run.sh
 touch /data/dnsapikey
+PROVIDER_ARGUMENTS=()
 
 echo -e "dns_cloudflare_email = $(bashio::config 'dns.cloudflare_email')\n" \
   "dns_cloudflare_api_key = $(bashio::config 'dns.cloudflare_api_key')\n" \
@@ -46,13 +53,29 @@ echo -e "dns_cloudflare_email = $(bashio::config 'dns.cloudflare_email')\n" \
   "dns_sakuracloud_api_secret = $(bashio::config 'dns.sakuracloud_api_secret')" > /data/dnsapikey
 chmod 600 /data/dnsapikey
 
-# AWS workaround
+# AWS
 if bashio::config.exists 'dns.aws_access_key_id' && bashio::config.exists 'dns.aws_secret_access_key'; then
     AWS_ACCESS_KEY_ID="$(bashio::config 'dns.aws_access_key_id')"
     AWS_SECRET_ACCESS_KEY="$(bashio::config 'dns.aws_secret_access_key')"
 
     export AWS_ACCESS_KEY_ID
     export AWS_SECRET_ACCESS_KEY
+    PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}")
+#Google
+elif bashio::config.exists 'dns.google_creds'; then
+    GOOGLE_CREDS="$(bashio::config 'dns.google_creds')"
+
+    export GOOGLE_CREDS
+    if [ -f "/share/${GOOGLE_CREDS}" ]; then
+      cp -f "/share/${GOOGLE_CREDS}" "/data/${GOOGLE_CREDS}"
+      chmod 600 "/data/${GOOGLE_CREDS}"
+    else
+      bashio::log.info "Google Credentials File doesnt exists in folder share."
+    fi
+    PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/${GOOGLE_CREDS}")
+#All others
+else
+    PROVIDER_ARGUMENTS+=("--${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" /data/dnsapikey)
 fi
 
 # Generate new certs
@@ -64,7 +87,7 @@ if [ ! -d "$CERT_DIR/live" ]; then
 
     echo "$DOMAINS" > /data/domains.gen
     if [ "$CHALLENGE" == "dns" ]; then
-        certbot certonly --non-interactive --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" "--$DNS_PROVIDER" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" --email "$EMAIL" --agree-tos --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "$CHALLENGE" "${DOMAIN_ARR[@]}"
+        certbot certonly --non-interactive --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" "${PROVIDER_ARGUMENTS[@]}" --email "$EMAIL" --agree-tos --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "$CHALLENGE" "${DOMAIN_ARR[@]}"
     else
         certbot certonly --non-interactive --standalone --email "$EMAIL" --agree-tos --config-dir "$CERT_DIR" --work-dir "$WORK_DIR" --preferred-challenges "$CHALLENGE" "${DOMAIN_ARR[@]}"
     fi