From 7929cdbcbbd701f15efcb1d0b06210b080904898 Mon Sep 17 00:00:00 2001
From: kdepasquale <kyle.depasquale@gmail.com>
Date: Mon, 9 Dec 2024 12:53:18 -0800
Subject: [PATCH 1/4] Update to use new hurricane electric plugin

The old plugin hasn't been updated since 2019. A newer plugin has been much more recently maintained and should be used instead, as this fixes several bugs.
---
 letsencrypt/Dockerfile  | 4 ++--
 letsencrypt/build.yaml  | 2 +-
 letsencrypt/config.yaml | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
index ef4b69a752a..36464371667 100644
--- a/letsencrypt/Dockerfile
+++ b/letsencrypt/Dockerfile
@@ -15,7 +15,7 @@ ARG \
     CERTBOT_DNS_DUCKDNS_VERSION \
     CERTBOT_DNS_DYNU_VERSION \
     CERTBOT_DNS_EASYDNS_VERSION \
-    CERTBOT_DNS_HE_VERSION \
+    CERTBOT_DNS_HURRICANE_ELECTRIC_VERSION \
     CERTBOT_DNS_HETZNER_VERSION \
     CERTBOT_DNS_INFOMANIAK_VERSION \
     CERTBOT_DNS_INWX_VERSION \
@@ -90,7 +90,7 @@ RUN \
         certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \
         certbot-dns-inwx==${CERTBOT_DNS_INWX_VERSION} \
         certbot-dns-dreamhost==${CERTBOT_DNS_DREAMHOST_VERSION} \
-        certbot-dns-he==${CERTBOT_DNS_HE_VERSION} \
+        certbot-dns-hurrricane-electric==${CERTBOT_DNS_HURRICANE_ELECTRRIC_VERSION} \
         certbot-dns-easydns==${CERTBOT_DNS_EASYDNS_VERSION} \
         certbot-dns-domainoffensive==${CERTBOT_DNS_DOMAINOFFENSIVE_VERSION} \
         certbot-dns-websupport==${CERTBOT_DNS_WEBSUPPORT_VERSION} \
diff --git a/letsencrypt/build.yaml b/letsencrypt/build.yaml
index b19965e081a..ae147f8bfe7 100644
--- a/letsencrypt/build.yaml
+++ b/letsencrypt/build.yaml
@@ -19,7 +19,7 @@ args:
   CERTBOT_DNS_DUCKDNS_VERSION: 1.3
   CERTBOT_DNS_DYNU_VERSION: 0.0.5
   CERTBOT_DNS_EASYDNS_VERSION: 0.1.4
-  CERTBOT_DNS_HE_VERSION: 1.0.0
+  CERTBOT_DNS_HURRICANE_ELECTRIC_VERSION: 0.1.0
   CERTBOT_DNS_HETZNER_VERSION: 2.0.1
   CERTBOT_DNS_INFOMANIAK_VERSION: 0.2.2
   CERTBOT_DNS_INWX_VERSION: 2.2.0
diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
index c65f30cd26b..055338ca70f 100644
--- a/letsencrypt/config.yaml
+++ b/letsencrypt/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 5.2.8
+version: 5.2.9
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt

From 781cc4065d7dac86cc282680d452e1a6646fe584 Mon Sep 17 00:00:00 2001
From: kdepasquale <kyle.depasquale@gmail.com>
Date: Mon, 9 Dec 2024 14:15:06 -0800
Subject: [PATCH 2/4] commit additional changes

---
 letsencrypt/CHANGELOG.md | 4 ++++
 letsencrypt/Dockerfile   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
index ea494c5fd4f..afeab9fbfd4 100644
--- a/letsencrypt/CHANGELOG.md
+++ b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.2.9
+
+- Use a newer, maintained Hurricane Electric plugin
+
 ## 5.2.8
 
 - Add transip global_key parameter to support authentication without IP whitelist requirements
diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
index 36464371667..489454318ce 100644
--- a/letsencrypt/Dockerfile
+++ b/letsencrypt/Dockerfile
@@ -90,7 +90,7 @@ RUN \
         certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \
         certbot-dns-inwx==${CERTBOT_DNS_INWX_VERSION} \
         certbot-dns-dreamhost==${CERTBOT_DNS_DREAMHOST_VERSION} \
-        certbot-dns-hurrricane-electric==${CERTBOT_DNS_HURRICANE_ELECTRRIC_VERSION} \
+        certbot-dns-hurricane-electric==${CERTBOT_DNS_HURRICANE_ELECTRIC_VERSION} \
         certbot-dns-easydns==${CERTBOT_DNS_EASYDNS_VERSION} \
         certbot-dns-domainoffensive==${CERTBOT_DNS_DOMAINOFFENSIVE_VERSION} \
         certbot-dns-websupport==${CERTBOT_DNS_WEBSUPPORT_VERSION} \

From 536fdca765ad85d9cd524ef5b1a4e29b1f1fa3f8 Mon Sep 17 00:00:00 2001
From: kdepasquale <kyle.depasquale@gmail.com>
Date: Thu, 12 Dec 2024 16:13:33 -0800
Subject: [PATCH 3/4] update to use dns-hurricane_electric

Uses new provider name, cleans up whitespace
---
 letsencrypt/CHANGELOG.md                             | 5 +++--
 letsencrypt/config.yaml                              | 2 +-
 letsencrypt/rootfs/etc/cont-init.d/file-structure.sh | 4 ++--
 letsencrypt/rootfs/etc/services.d/lets-encrypt/run   | 8 ++++----
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
index afeab9fbfd4..451e8258f57 100644
--- a/letsencrypt/CHANGELOG.md
+++ b/letsencrypt/CHANGELOG.md
@@ -1,8 +1,9 @@
 # Changelog
 
-## 5.2.9
+## 5.2.11
 
-- Use a newer, maintained Hurricane Electric plugin
+- Use a newer, maintained Hurricane Electric plugin.
+- Note that this requires the provider name to be updated from dns-he to dns-hurricane_electric
 
 ## 5.2.8
 
diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
index 055338ca70f..afd56bc07ca 100644
--- a/letsencrypt/config.yaml
+++ b/letsencrypt/config.yaml
@@ -109,7 +109,7 @@ schema:
       dns-hetzner|dns-infomaniak|dns-ionos|dns-joker|dns-linode|dns-loopia|dns-luadns|\
       dns-mijn-host|dns-njalla|dns-nsone|dns-porkbun|dns-ovh|dns-rfc2136|dns-route53|\
       dns-sakuracloud|dns-namecheap|dns-netcup|dns-simply|dns-gandi|dns-transip|dns-inwx|\
-      dns-dreamhost|dns-he|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|\
+      dns-dreamhost|dns-hurricane_electric|dns-easydns|dns-domainoffensive|dns-websupport|dns-noris|\
       dns-plesk)?"
     rfc2136_algorithm: str?
     rfc2136_name: str?
diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
index 3fc49c04427..cc6b7a4b4ad 100755
--- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
+++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
@@ -73,8 +73,8 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
       "dns_cloudns_auth_password = $(bashio::config 'dns.cloudns_auth_password')\n" \
       "dns_dreamhost_baseurl = $(bashio::config 'dns.dreamhost_baseurl')\n" \
       "dns_dreamhost_api_key = $(bashio::config 'dns.dreamhost_api_key')\n" \
-      "dns_he_user = $(bashio::config 'dns.he_user')\n" \
-      "dns_he_pass = $(bashio::config 'dns.he_pass')\n" \
+      "dns_hurricane_electric_user = $(bashio::config 'dns.he_user')\n" \
+      "dns_hurricane_electric_pass = $(bashio::config 'dns.he_pass')\n" \
       "dns_easydns_endpoint = $(bashio::config 'dns.easydns_endpoint')\n" \
       "dns_easydns_usertoken = $(bashio::config 'dns.easydns_token')\n" \
       "dns_easydns_userkey = $(bashio::config 'dns.easydns_key')\n" \
diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
index 041f6db4b0a..1027021ea97 100755
--- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
+++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
@@ -61,12 +61,12 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-namecheap" ]; th
     bashio::config.require 'dns.namecheap_username'
     bashio::config.require 'dns.namecheap_api_key'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
-    
+
 #mijn.host
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-mijn-host" ]; then
     bashio::config.require 'dns.mijn_host_api_key'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
-    
+
 #Netcup
 elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-netcup" ]; then
     bashio::config.require 'dns.netcup_customer_id'
@@ -243,7 +243,7 @@ elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-dreamhost" ]; th
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--dns-dreamhost-credentials" "/data/dnsapikey")
 
 # Hurricane Electric
-elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-he" ]; then
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-hurricane_electric" ]; then
     bashio::config.require 'dns.he_user'
     bashio::config.require 'dns.he_pass'
     PROVIDER_ARGUMENTS+=("--authenticator" "${DNS_PROVIDER}" "--${DNS_PROVIDER}-credentials" "/data/dnsapikey" "--${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
@@ -308,7 +308,7 @@ if bashio::config.exists 'key_type'; then
     fi
 else
     bashio::log.info "Detecting existing certificate type for ${DOMAIN_ARR[1]}"
-    readarray -t CBCERTS < <(certbot certificates --non-interactive --cert-name "${DOMAIN_ARR[1]}" --config-dir "$CERT_DIR" --work-dir "$WORK_DIR") 
+    readarray -t CBCERTS < <(certbot certificates --non-interactive --cert-name "${DOMAIN_ARR[1]}" --config-dir "$CERT_DIR" --work-dir "$WORK_DIR")
     for output in "${CBCERTS[@]}"; do
         if [[ $output =~ "No certificates found." ]]; then
             bashio::log.info "No certificate found - using 'ecdsa' key type."

From ba469fc92213676dc2cc3e15d42a76bfda6c4336 Mon Sep 17 00:00:00 2001
From: kdepasquale <kyle.depasquale@gmail.com>
Date: Thu, 12 Dec 2024 16:20:03 -0800
Subject: [PATCH 4/4] Bump to 5.2.11

---
 letsencrypt/config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
index 8886a226498..a0d4c6f812a 100644
--- a/letsencrypt/config.yaml
+++ b/letsencrypt/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 5.2.9
+version: 5.2.11
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt