Skip to content

LetsEncrypt: Allow to set User-Agent #4140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

LetsEncrypt: Allow to set User-Agent #4140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions letsencrypt/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## 5.4.12

- Allow to change User-Agent (either fully or partially)

## 5.4.10

- Update certbot-dns-desec to 1.3.1
Expand Down
21 changes: 21 additions & 0 deletions letsencrypt/DOCS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,27 @@ When you specify a custom ACME server, the *Dry Run* and *Issue test certificate

</details>

<details>
<summary>Change User-Agent</summary>

For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.

Setting field `user_agent` will completely override value of User-Agent:

```yaml
user_agent: "HomeAssistant"
```

Setting field `user_agent_comment` will add value to CertBot User-Agent header:

```yaml
user_agent_comment: "HomeAssistant"
```

Note `user_agent_comment` will be ignored if `user_agent` is set.

</details>
Comment on lines +258 to +277
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Tighten wording, fix style, and use sentence-style heading; Certbot casing

Adopt a direct tone, fix “addon”→“add-on”, “CertBot”→“Certbot”, and sentence-style capitalization in the summary. Also simplify the guidance and precedence note.

Apply:

-<details>
-  <summary>Change User-Agent</summary>
-
-For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
-
-Setting field `user_agent` will completely override value of User-Agent:
+<details>
+  <summary>Change user agent</summary>
+
+For auditing and provider policy compliance, override the User-Agent HTTP header that the add-on and its providers send on outbound requests.
+
+Set `user_agent` to override the entire User-Agent header:
 
   ```yaml
   user_agent: "HomeAssistant"

-Setting field user_agent_comment will add value to CertBot User-Agent header:
+Set user_agent_comment to append a value to Certbot’s default User-Agent header:

user_agent_comment: "HomeAssistant"

-Note user_agent_comment will be ignored if user_agent is set.
+user_agent_comment is ignored when user_agent is set.

```
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<details>
<summary>Change User-Agent</summary>
For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
Setting field `user_agent` will completely override value of User-Agent:
```yaml
user_agent: "HomeAssistant"
```
Setting field `user_agent_comment` will add value to CertBot User-Agent header:
```yaml
user_agent_comment: "HomeAssistant"
```
Note `user_agent_comment` will be ignored if `user_agent` is set.
</details>
<details>
<summary>Change user agent</summary>
For auditing and provider policy compliance, override the User-Agent HTTP header that the add-on and its providers send on outbound requests.
Set `user_agent` to override the entire User-Agent header:
🧰 Tools
🪛 LanguageTool

[grammar] ~261-~261: There might be a mistake here.
Context: ...auditing purposes it might be useful to override User-Agent HTTP header that addon and i...

(QB_NEW_EN)

[grammar] ~261-~261: Ensure spelling is correct
Context: ...to override User-Agent HTTP header that addon and its providers send when making requ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~263-~263: There might be a mistake here.
Context: ...ting field user_agent will completely override value of User-Agent: ```yaml user_...

(QB_NEW_EN)

[grammar] ~269-~269: There might be a mistake here.
Context: ...eld user_agent_comment will add value to CertBot User-Agent header: ```yaml ...

(QB_NEW_EN)

🤖 Prompt for AI Agents 
In letsencrypt/DOCS.md around lines 258 to 277, tighten wording and style:
change "addon" to "add-on", "CertBot" to "Certbot", and make the details summary
sentence-style (e.g., "Change user-agent"); rephrase instructions to use direct
imperatives ("Set `user_agent` ..." and "Set `user_agent_comment` to append
..."), use "append" and the possessive "Certbot’s default User-Agent header",
and replace the precedence note with "`user_agent_comment` is ignored when
`user_agent` is set." Ensure the YAML examples remain but adjust surrounding
prose to match these corrected phrases and capitalization.


<details>
<summary>Selecting the Key Type</summary>

Expand Down
2 changes: 2 additions & 0 deletions letsencrypt/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,8 @@ schema:
elliptic_curve: list(secp256r1|secp384r1)?
acme_server: url?
acme_root_ca_cert: str?
user_agent: str?
user_agent_comment: str?
verbose: bool?
dry_run: bool?
test_cert: bool?
Expand Down
10 changes: 10 additions & 0 deletions letsencrypt/rootfs/etc/services.d/lets-encrypt/run
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ CHALLENGE=$(bashio::config 'challenge')
DNS_PROVIDER=$(bashio::config 'dns.provider')
ACME_SERVER=$(bashio::config 'acme_server')
ACME_ROOT_CA_CERT=$(bashio::config 'acme_root_ca_cert')
USER_AGENT=$(bashio::config 'user_agent')
USER_AGENT_COMMENT=$(bashio::config 'user_agent_comment')
EAB_KID=$(bashio::config 'eab_kid')
EAB_HMAC_KEY=$(bashio::config 'eab_hmac_key')
DRY_RUN=$(bashio::config 'dry_run')
Expand Down Expand Up @@ -354,6 +356,14 @@ if [ "${VERBOSE}" = "true" ]; then
ADDITIONAL_ARGS+=("-vvv")
fi

# Add user agent if set
if [ -n "${USER_AGENT}" ]; then
ADDITIONAL_ARGS+=("--user-agent" "${USER_AGENT}")
fi
if [ -n "${USER_AGENT_COMMENT}" ]; then
ADDITIONAL_ARGS+=("--user-agent-comment" "${USER_AGENT_COMMENT}")
fi

# Gather all domains into a plaintext file
DOMAIN_ARR=()
for line in $DOMAINS; do
Expand Down
6 changes: 6 additions & 0 deletions letsencrypt/translations/en.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ configuration:
Only relevant with a custom ACME server using a certificate signed by an
untrusted certificate authority (CA) that requires addition to the trust
store.
user_agent:
name: User Agent
description: User-Agent HTTP header sent by addon.
user_agent_comment:
name: User Agent Comment
description: Comment added to addon User-Agent HTTP header.
Comment on lines +31 to +36
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix wording; use “add-on”; clarify semantics and precedence

Improve clarity and correctness of UI strings.

   user_agent:
     name: User Agent
-    description: User-Agent HTTP header sent by addon.
+    description: User-Agent header sent by the add-on.
   user_agent_comment:
     name: User Agent Comment
-    description: Comment added to addon User-Agent HTTP header.
+    description: Comment appended to Certbot’s default User-Agent header. Ignored if User Agent is set.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
user_agent:
name: User Agent
description: User-Agent HTTP header sent by addon.
user_agent_comment:
name: User Agent Comment
description: Comment added to addon User-Agent HTTP header.
user_agent:
name: User Agent
description: User-Agent header sent by the add-on.
user_agent_comment:
name: User Agent Comment
description: Comment appended to Certbot’s default User-Agent header. Ignored if User Agent is set.
🤖 Prompt for AI Agents 
In letsencrypt/translations/en.yaml around lines 31 to 36, update the strings to
use “add-on” instead of “addon” and make the descriptions clearer about what
each field represents and how they interact: change user_agent.description to
something like "User-Agent HTTP header sent by the add-on." and change
user_agent_comment.description to something like "Optional comment appended to
the add-on User-Agent header; if present it will be included after the main
User-Agent value." Ensure wording is concise and clarifies that the comment is
appended and its position/precedence relative to the main header.

dns:
name: DNS
description: DNS Provider configuration
Expand Down