diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
index 55c44b8cc4d..24ef1704c03 100644
--- a/letsencrypt/CHANGELOG.md
+++ b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
# Changelog
+## 5.4.12
+
+- Allow to change User-Agent (either fully or partially)
+
## 5.4.10
- Update certbot-dns-desec to 1.3.1
diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md
index 0decadafa14..f96b6b73996 100644
--- a/letsencrypt/DOCS.md
+++ b/letsencrypt/DOCS.md
@@ -255,6 +255,27 @@ When you specify a custom ACME server, the *Dry Run* and *Issue test certificate
+
+ Change User-Agent
+
+For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
+
+Setting field `user_agent` will completely override value of User-Agent:
+
+ ```yaml
+ user_agent: "HomeAssistant"
+ ```
+
+Setting field `user_agent_comment` will add value to CertBot User-Agent header:
+
+ ```yaml
+ user_agent_comment: "HomeAssistant"
+ ```
+
+Note `user_agent_comment` will be ignored if `user_agent` is set.
+
+
+
Selecting the Key Type
diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
index 5414f546429..c384918a24d 100644
--- a/letsencrypt/config.yaml
+++ b/letsencrypt/config.yaml
@@ -169,6 +169,8 @@ schema:
elliptic_curve: list(secp256r1|secp384r1)?
acme_server: url?
acme_root_ca_cert: str?
+ user_agent: str?
+ user_agent_comment: str?
verbose: bool?
dry_run: bool?
test_cert: bool?
diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
index b4ba9c3eac0..b8316d7fa33 100755
--- a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
+++ b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
@@ -19,6 +19,8 @@ CHALLENGE=$(bashio::config 'challenge')
DNS_PROVIDER=$(bashio::config 'dns.provider')
ACME_SERVER=$(bashio::config 'acme_server')
ACME_ROOT_CA_CERT=$(bashio::config 'acme_root_ca_cert')
+USER_AGENT=$(bashio::config 'user_agent')
+USER_AGENT_COMMENT=$(bashio::config 'user_agent_comment')
EAB_KID=$(bashio::config 'eab_kid')
EAB_HMAC_KEY=$(bashio::config 'eab_hmac_key')
DRY_RUN=$(bashio::config 'dry_run')
@@ -354,6 +356,14 @@ if [ "${VERBOSE}" = "true" ]; then
ADDITIONAL_ARGS+=("-vvv")
fi
+# Add user agent if set
+if [ -n "${USER_AGENT}" ]; then
+ ADDITIONAL_ARGS+=("--user-agent" "${USER_AGENT}")
+fi
+if [ -n "${USER_AGENT_COMMENT}" ]; then
+ ADDITIONAL_ARGS+=("--user-agent-comment" "${USER_AGENT_COMMENT}")
+fi
+
# Gather all domains into a plaintext file
DOMAIN_ARR=()
for line in $DOMAINS; do
diff --git a/letsencrypt/translations/en.yaml b/letsencrypt/translations/en.yaml
index 81812c43e83..2b7b8bbd87f 100644
--- a/letsencrypt/translations/en.yaml
+++ b/letsencrypt/translations/en.yaml
@@ -28,6 +28,12 @@ configuration:
Only relevant with a custom ACME server using a certificate signed by an
untrusted certificate authority (CA) that requires addition to the trust
store.
+ user_agent:
+ name: User Agent
+ description: User-Agent HTTP header sent by addon.
+ user_agent_comment:
+ name: User Agent Comment
+ description: Comment added to addon User-Agent HTTP header.
dns:
name: DNS
description: DNS Provider configuration