Add option for SSL cert algorithm in DuckDNS addon (#2189)

* Add option for SSL cert algorithm in DuckDNS addon * Documentation * Apply suggestions from code review Co-authored-by: Joakim Sørensen <hi@ludeeus.dev> * Update CHANGELOG * Apply suggestions from code review Co-authored-by: Joakim Sørensen <hi@ludeeus.dev> Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
2025-12-17 05:04:21 +01:00 · 2021-09-27 12:19:23 +02:00
parent 9a8ec53529
commit fb3919fc31
4 changed files with 22 additions and 6 deletions
--- a/duckdns/CHANGELOG.md
+++ b/duckdns/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog

+## 1.14.0
+
+- Add option to specify algorithm used for SSL certificates
+
 ## 1.13.0

 - Update base to 3.14
--- a/duckdns/DOCS.md
+++ b/duckdns/DOCS.md
@@ -62,6 +62,15 @@ The name of the private key file generated by Let's Encrypt. The private key fil

 **Note**: _The file is stored in `/ssl/`, which is the default for Home Assistant_

+#### Option `lets_encrypt.algo` (optional)
+
+Public key algorithm that will be used.
+
+Supported values: `rsa`, `prime256v1` and `secp384r1`. 
+
+The default is `secp384r1`
+
+
 ### Option: `ipv4` (optional)

 By default, Duck DNS will auto detect your IPv4 address and use that.
--- a/duckdns/config.json
+++ b/duckdns/config.json
@@ -1,6 +1,6 @@
 {
  "name": "Duck DNS",
-  "version": "1.13.0",
+  "version": "1.14.0",
  "slug": "duckdns",
  "description": "Free Dynamic DNS (DynDNS or DDNS) service with Let's Encrypt support",
  "url": "https://github.com/home-assistant/hassio-addons/tree/master/duckdns",
@@ -11,7 +11,8 @@
    "lets_encrypt": {
      "accept_terms": false,
      "certfile": "fullchain.pem",
-      "keyfile": "privkey.pem"
+      "keyfile": "privkey.pem",
+      "algo": "secp384r1"
    },
    "token": null,
    "domains": [null],
@@ -22,7 +23,8 @@
    "lets_encrypt": {
      "accept_terms": "bool",
      "certfile": "str",
-      "keyfile": "str"
+      "keyfile": "str",
+      "algo": "list(rsa|prime256v1|secp384r1)"
    },
    "ipv4": "str?",
    "ipv6": "str?",
--- a/duckdns/data/run.sh
+++ b/duckdns/data/run.sh
@@ -12,6 +12,7 @@ if bashio::config.has_value "ipv6"; then IPV6=$(bashio::config 'ipv6'); else IPV
 TOKEN=$(bashio::config 'token')
 DOMAINS=$(bashio::config 'domains | join(",")')
 WAIT_TIME=$(bashio::config 'seconds')
+ALGO=$(bashio::config 'lets_encrypt.algo')

 # Function that performe a renew
 function le_renew() {
@@ -36,7 +37,7 @@ function le_renew() {
        domain_args+=("--domain" "${domain}")
    done

-    dehydrated --cron --hook ./hooks.sh --challenge dns-01 "${domain_args[@]}" --out "${CERT_DIR}" --config "${WORK_DIR}/config" || true
+    dehydrated --cron --algo "${ALGO}" --hook ./hooks.sh --challenge dns-01 "${domain_args[@]}" --out "${CERT_DIR}" --config "${WORK_DIR}/config" || true
    LE_UPDATE="$(date +%s)"
 }

@@ -72,11 +73,11 @@ while true; do
    else
        bashio::log.warning "${answer}"
    fi
-    
+
    now="$(date +%s)"
    if bashio::config.true 'lets_encrypt.accept_terms' && [ $((now - LE_UPDATE)) -ge 43200 ]; then
        le_renew
    fi
-    
+
    sleep "${WAIT_TIME}"
 done