fix: ionos.ini format for modern certbot-dns-ionos (2.3.2)#36
Merged
Conversation
…(2.3.2) After the certbot flag fixes, `easy proxy certbot-ionos` reached the plugin but aborted: "Missing properties in credentials configuration file /etc/letsencrypt/ionos.ini" — dns_ionos_endpoint / dns_ionos_prefix / dns_ionos_secret not found. The current certbot-dns-ionos plugin dropped the dns_ionos_api_key / dns_ionos_api_secret keys. Write the supported keys instead: dns_ionos_prefix = <api-key> (IONOS public prefix) dns_ionos_secret = <api-secret> dns_ionos_endpoint = https://api.hosting.ionos.com (override: IONOS_API_ENDPOINT) Stored credentials are unchanged — only the ini key names and the new endpoint line. Verified the format against the plugin README. Tests: new assertion that ionos.ini is written with prefix/secret/endpoint and no legacy api_key. Full suite 55/55. Knowledge base: recorded that `npm install -g` while the proxy is up breaks the live container's easyhome bind mount (cause of the nginx reload failure seen on ethicserver) — recreate the container after a CLI upgrade. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
montoyaedu
added a commit
that referenced
this pull request
Jun 9, 2026
- SERVER_RUNBOOK.md: recovery runbook for ethicserver after the certbot failures — update CLI, recreate the container (broken bind mount + load the valid cert), switch to an auto-renewing IONOS wildcard, plus troubleshooting and cert-verification commands. - STATE.md: was stale at v2.0.0; now reflects v2.3.2, the 2026-06-09 certbot fixes (#35/#36), current WIP/blockers, and next steps. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem (follow-up to #35)
With the certbot flags fixed (#35),
easy proxy certbot-ionos ethiclab.itnow reaches the IONOS plugin but aborts:The current
certbot-dns-ionosplugin droppeddns_ionos_api_key/dns_ionos_api_secret.Fix (
commands/proxy.sh)Write the supported keys:
<prefix>.<secret>, so the storedionos/api-keyis the public prefix andionos/api-secretis the secret — stored credentials are unchanged, only the ini key names + the new endpoint line.IONOS_API_ENDPOINT(default covers all accounts).helgeerbe/certbot-dns-ionos).Tests
New assertion that
ionos.iniis written withprefix/secret/endpointand no legacyapi_key. Full suite 55/55.Release
Patch 2.3.1 → 2.3.2 (package.json, CLAUDE.md, CHANGELOG, version tests).
Also recorded (knowledge base, not a code change here)
The
easy proxy reloadfailure on the server (open() "/usr/local/share/easy/nginx.conf" failed) is caused by runningnpm install -gwhile the proxy container is up — it rewriteseasyhome/, breaking the live container's bind mount. Fix is to recreate the container after a CLI upgrade (easy proxy destroy && easy proxy create, orrestart). Documented as a gotcha.🤖 Generated with Claude Code