Let's Encrypt: dns_transip_global_key should be yes or no

[rbeumer]

Describe the issue you are experiencing

The renewal of my certificate is suddenly failing. I'm seeing the following error in the logs:

[09:18:58] INFO: Selected DNS Provider: dns-transip
[09:18:58] INFO: Use propagation seconds: 60
[09:18:58] INFO: Increasing DNS propagation limit for TransIP to at least 240 seconds.
[09:18:58] INFO: Detecting existing certificate type for [redacted]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[09:19:03] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for [redacted]
Encountered exception during recovery: ValueError: dns_transip_global_key should have either 'yes' or 'no' as value
An unexpected error occurred:
ValueError: dns_transip_global_key should have either 'yes' or 'no' as value
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

dns_transip_global_key has been added to my addon config but it keeps failing and giving the same error message:

domains:
  - "*.[redacted]"
email: [redacted]
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
  provider: dns-transip
  dns_transip_global_key: 'yes' (with or without quotes)
  transip_username: [redacted]
  transip_api_key: |
    [redacted]
keytype: rsa

Changing the value to no also doesn't change the behavior

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.2.10

Steps to reproduce the issue

1. start the addon and check the logs

System Health information

There are currently no repairs pending

Anything in the Supervisor logs that might be useful for us?

2024-12-30 09:27:12.339 ERROR (SyncWorker_1) [supervisor.docker.manager] Container addon_core_letsencrypt is not running
2024-12-30 09:27:31.086 WARNING (MainThread) [supervisor.addons.options] Unknown option 'dns_transip_global_key' for Let's Encrypt (core_letsencrypt)
2024-12-30 09:27:31.087 WARNING (MainThread) [supervisor.addons.options] Option 'keytype' does not exist in the schema for Let's Encrypt (core_letsencrypt)

Anything in the add-on logs that might be useful for us?

See the issue description

Additional information

No response

[agners]

Hm, I see the parameter has been introduced with #3835, and is now essentially mandatory for DNS challenge of type dns-transip. Ideally I guess the script would just assume a default value if not given to prevent breaking existing configs. This also got discussed here:
#3855 (comment)

FWIW, the correct name of the add-on config option is transip_global_key (without the dns_ prefix). Then it should work for you.

[Ascathon]

Yep, that did work (without dns_). Thank you.