LetsEncrypt: Allow to set User-Agent

[blami]

• Add user_agent and user_agent_comment that directly map to certbot arguments of same name.

This allows to edit User-Agent header sent by certbot to DNS provider which might be required for audit purposes or as another form of scoping the security policy at DNS host side.

Summary by CodeRabbit

• New Features
  • Added optional settings to customize the HTTP User-Agent (full override) and an additional User-Agent comment for outbound Certbot requests; defaults unchanged if not set.
• Documentation
  • Updated configuration docs to explain the two User-Agent options, their effects and precedence.
• Chores
  • Added English UI labels and descriptions for the new settings.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds two optional configuration fields, user_agent and user_agent_comment; exposes them in translations; wires them into the runtime run script to pass Certbot --user-agent and --user-agent-comment when set; documents the fields in DOCS.md (the new sections appear duplicated).

Changes

Cohort / File(s)	Summary of changes
Runtime invocation update letsencrypt/rootfs/etc/services.d/lets-encrypt/run	Reads USER_AGENT and USER_AGENT_COMMENT at startup and conditionally appends --user-agent "<value>" and --user-agent-comment "<value>" to Certbot ADDITIONAL_ARGS. No behavior change if unset.
Configuration schema letsencrypt/config.yaml	Adds optional string fields user_agent and user_agent_comment to the add-on configuration schema.
Translations / i18n letsencrypt/translations/en.yaml	Adds configuration.user_agent and configuration.user_agent_comment entries with name and description.
Documentation letsencrypt/DOCS.md	Inserts two "Change User-Agent" sections describing user_agent (overrides header) and user_agent_comment (appends to CertBot User-Agent); the sections were added in two places resulting in duplicate documentation.
Changelog letsencrypt/CHANGELOG.md	Adds a new entry for version 5.4.12: "Allow to change User-Agent (either fully or partially)".

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as User / Config
  participant S as Add-on start / run script
  participant C as Certbot

  U->>S: Provide config (user_agent?, user_agent_comment?)
  S->>S: Read USER_AGENT / USER_AGENT_COMMENT
  alt USER_AGENT set
    S->>S: Append --user-agent "<value>" to ADDITIONAL_ARGS
  else
    S->>S: No --user-agent flag
  end
  alt USER_AGENT_COMMENT set
    S->>S: Append --user-agent-comment "<value>" to ADDITIONAL_ARGS
  else
    S->>S: No --user-agent-comment flag
  end
  S->>C: Invoke certbot with constructed args
  C-->>S: Return result / exit status

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

letsencrypt/DOCS.md (1)

258-278: Clarify semantics, tighten style, and fix capitalization/hyphenation for the new section; also document the empty-string behavior

• Use sentence-style capitalization in the summary.
• Use direct, imperative style per the repo docs guidance.
• Hyphenate “add-on,” capitalize the HTTP header as “User-Agent,” and use “Certbot” (not “CertBot”).
• Certbot ignores --user-agent-comment if --user-agent is set; an empty string ("") for --user-agent suppresses the UA header entirely. Cite below.

Apply this diff to the section:

-<details>
-  <summary>Change User-Agent</summary>
-
-For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
-
-Setting field `user_agent` will completely override value of User-Agent:
-
-  ```yaml
-  user_agent: "HomeAssistant"
-  ```
-
-Setting field `user_agent_comment` will add value to CertBot User-Agent header:
-
-  ```yaml
-  user_agent_comment: "HomeAssistant"
-  ```
-
-Note `user_agent_comment` will be ignored if `user_agent` is set.
-
-</details>
+<details>
+  <summary>Change user agent</summary>
+
+Override the User-Agent HTTP header sent by the add-on and its providers for auditing.
+
+Set the `user_agent` field to override the User-Agent header:
+
+  ```yaml
+  user_agent: "Home Assistant"
+  ```
+
+Set the `user_agent_comment` field to append a value to Certbot’s default User-Agent header:
+
+  ```yaml
+  user_agent_comment: "Home Assistant"
+  ```
+
+`user_agent_comment` is ignored if `user_agent` is set. To suppress the header entirely, set `user_agent` to an empty string ("").
+
+</details>

Certbot docs: --user-agent-comment “ignored if --user-agent is set,” and setting --user-agent to "" hides the UA. (eff-certbot.readthedocs.io, man.fyi)

letsencrypt/translations/en.yaml (1)

31-36: Align wording with header capitalization and “add-on” hyphenation; clarify comment behavior

Use “User-Agent” and “add-on” for consistency, and note that the comment is ignored when User-Agent is set.

Apply this diff:

   user_agent:
-    name: User Agent
-    description: User-Agent HTTP header sent by addon.
+    name: User-Agent
+    description: User-Agent HTTP header sent by the add-on.
   user_agent_comment:
-    name: User Agent Comment
-    description: Comment added to addon User-Agent HTTP header.
+    name: User-Agent comment
+    description: Comment added to the add-on User-Agent header. Ignored if User-Agent is set.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d6a856f and 6738b6c.

📒 Files selected for processing (4)

• letsencrypt/DOCS.md (1 hunks)
• letsencrypt/config.yaml (1 hunks)
• letsencrypt/rootfs/etc/services.d/lets-encrypt/run (2 hunks)
• letsencrypt/translations/en.yaml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

*/**(html|markdown|md)

⚙️ CodeRabbit configuration file

*/**(html|markdown|md): - For instructional content in documentation, use a direct and authoritative tone. Avoid expressions of politeness such as 'may' or 'please', and ensure the goal of the instruction is fronted.

• Apply the Microsoft Style Guide to ensure documentation maintains clarity and conciseness.
• In step-by-step instructions, front the location phrase in the instructional sentence.
• In step-by-step instructions, front the 'goal' in the instructional sentence.
• In step-by-step instructions, if in doubt what to front, front the 'goal' before the location phrase in the instructional sentence.
• do not hyphenate terms like 'top-right' or 'bottom-left' with 'corner'

*/**(html|markdown|md): - Use bold to mark UI strings.

• If "" are used to mark UI strings, replace them by bold.

• Be brief in your replies and don't add fluff like "thank you for..." and "Please let me know if"

• Use sentence-style capitalization also in headings.

do not comment on HTML used for icons

Avoid flagging inline HTML for embedding videos in future reviews for this repository.

Files:

• letsencrypt/config.yaml
• letsencrypt/DOCS.md

🪛 LanguageTool

letsencrypt/DOCS.md

[grammar] ~261-~261: There might be a mistake here.
Context: ...auditing purposes it might be useful to override User-Agent HTTP header that addon and i...

(QB_NEW_EN)

---

[grammar] ~261-~261: Ensure spelling is correct
Context: ...to override User-Agent HTTP header that addon and its providers send when making requ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[grammar] ~263-~263: There might be a mistake here.
Context: ...ting field user_agent will completely override value of User-Agent: ```yaml user_...

(QB_NEW_EN)

---

[grammar] ~269-~269: There might be a mistake here.
Context: ...eld user_agent_comment will add value to CertBot User-Agent header: ```yaml ...

(QB_NEW_EN)

🔇 Additional comments (3)

letsencrypt/DOCS.md (1)

258-278: No duplicate “Change user agent” section found

I ran a search for both <summary>Change user agent</summary> and <summary>Change User-Agent</summary> and found only the single occurrence at lines 258–261 in letsencrypt/DOCS.md. There are no duplicate sections to remove.

Likely an incorrect or invalid review comment.

letsencrypt/config.yaml (1)

172-173: Schema extension looks good; confirm UI exposure and release hygiene

The optional strings map cleanly to the runtime script. No validation issues from schema perspective.

• Ensure these options render in the add-on UI and the translations keys resolve.
• Bump add-on version in a release commit when merging (current: 5.4.9). Add a changelog entry noting the new options.

letsencrypt/rootfs/etc/services.d/lets-encrypt/run (1)

22-23: Wiring new config keys into the script is correct

Reading user_agent and user_agent_comment from config is consistent with other options.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge Base: Disabled due to data retention organization setting

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6738b6c and 8dfff64.

📒 Files selected for processing (4)

• letsencrypt/DOCS.md (1 hunks)
• letsencrypt/config.yaml (1 hunks)
• letsencrypt/rootfs/etc/services.d/lets-encrypt/run (2 hunks)
• letsencrypt/translations/en.yaml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• letsencrypt/rootfs/etc/services.d/lets-encrypt/run
• letsencrypt/translations/en.yaml

🧰 Additional context used

📓 Path-based instructions (1)

*/**(html|markdown|md)

⚙️ CodeRabbit configuration file

*/**(html|markdown|md): - For instructional content in documentation, use a direct and authoritative tone. Avoid expressions of politeness such as 'may' or 'please', and ensure the goal of the instruction is fronted.

• Apply the Microsoft Style Guide to ensure documentation maintains clarity and conciseness.
• In step-by-step instructions, front the location phrase in the instructional sentence.
• In step-by-step instructions, front the 'goal' in the instructional sentence.
• In step-by-step instructions, if in doubt what to front, front the 'goal' before the location phrase in the instructional sentence.
• do not hyphenate terms like 'top-right' or 'bottom-left' with 'corner'

*/**(html|markdown|md): - Use bold to mark UI strings.

• If "" are used to mark UI strings, replace them by bold.

• Be brief in your replies and don't add fluff like "thank you for..." and "Please let me know if"

• Use sentence-style capitalization also in headings.

do not comment on HTML used for icons

Avoid flagging inline HTML for embedding videos in future reviews for this repository.

Files:

• letsencrypt/config.yaml
• letsencrypt/DOCS.md

🪛 LanguageTool

letsencrypt/DOCS.md

[grammar] ~261-~261: There might be a mistake here.
Context: ...auditing purposes it might be useful to override User-Agent HTTP header that addon and i...

(QB_NEW_EN)

---

[grammar] ~261-~261: Ensure spelling is correct
Context: ...to override User-Agent HTTP header that addon and its providers send when making requ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[grammar] ~263-~263: There might be a mistake here.
Context: ...ting field user_agent will completely override value of User-Agent: ```yaml user_...

(QB_NEW_EN)

---

[grammar] ~269-~269: There might be a mistake here.
Context: ...eld user_agent_comment will add value to CertBot User-Agent header: ```yaml ...

(QB_NEW_EN)

🔇 Additional comments (2)

letsencrypt/DOCS.md (1)

258-277: No duplicate “Change User-Agent” section found
Only one occurrence exists in letsencrypt/DOCS.md; no action needed.

letsencrypt/config.yaml (1)

172-173: Confirm user-agent quoting and Certbot flag support

• Quoting is correct: the run script uses a Bash array (ADDITIONAL_ARGS+=("--user-agent" "${USER_AGENT}") and similarly for --user-agent-comment"), which ensures proper quotation.
• Certbot support: validate that the ${CERTBOT_VERSION} pinned in letsencrypt/Dockerfile includes both --user-agent and --user-agent-comment (for example, by running certbot --help | grep user-agent in the built image).

[coderabbitai]

⚠️ Potential issue

Tighten wording, fix style, and use sentence-style heading; Certbot casing

Adopt a direct tone, fix “addon”→“add-on”, “CertBot”→“Certbot”, and sentence-style capitalization in the summary. Also simplify the guidance and precedence note.

Apply:

-<details>
-  <summary>Change User-Agent</summary>
-
-For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
-
-Setting field `user_agent` will completely override value of User-Agent:
+<details>
+  <summary>Change user agent</summary>
+
+For auditing and provider policy compliance, override the User-Agent HTTP header that the add-on and its providers send on outbound requests.
+
+Set `user_agent` to override the entire User-Agent header:
 
   ```yaml
   user_agent: "HomeAssistant"

-Setting field user_agent_comment will add value to CertBot User-Agent header:
+Set user_agent_comment to append a value to Certbot’s default User-Agent header:

user_agent_comment: "HomeAssistant"

-Note user_agent_comment will be ignored if user_agent is set.
+user_agent_comment is ignored when user_agent is set.

```

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<details>
	<summary>Change User-Agent</summary>
	For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
	Setting field `user_agent` will completely override value of User-Agent:
	```yaml
	user_agent: "HomeAssistant"
	```
	Setting field `user_agent_comment` will add value to CertBot User-Agent header:
	```yaml
	user_agent_comment: "HomeAssistant"
	```
	Note `user_agent_comment` will be ignored if `user_agent` is set.
	</details>
	<details>
	<summary>Change user agent</summary>
	For auditing and provider policy compliance, override the User-Agent HTTP header that the add-on and its providers send on outbound requests.
	Set `user_agent` to override the entire User-Agent header:

🧰 Tools

🪛 LanguageTool

[grammar] ~261-~261: There might be a mistake here.
Context: ...auditing purposes it might be useful to override User-Agent HTTP header that addon and i...

(QB_NEW_EN)

---

[grammar] ~261-~261: Ensure spelling is correct
Context: ...to override User-Agent HTTP header that addon and its providers send when making requ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[grammar] ~263-~263: There might be a mistake here.
Context: ...ting field user_agent will completely override value of User-Agent: ```yaml user_...

(QB_NEW_EN)

---

[grammar] ~269-~269: There might be a mistake here.
Context: ...eld user_agent_comment will add value to CertBot User-Agent header: ```yaml ...

(QB_NEW_EN)

🤖 Prompt for AI Agents

In letsencrypt/DOCS.md around lines 258 to 277, tighten wording and style:
change "addon" to "add-on", "CertBot" to "Certbot", and make the details summary
sentence-style (e.g., "Change user-agent"); rephrase instructions to use direct
imperatives ("Set `user_agent` ..." and "Set `user_agent_comment` to append
..."), use "append" and the possessive "Certbot’s default User-Agent header",
and replace the precedence note with "`user_agent_comment` is ignored when
`user_agent` is set." Ensure the YAML examples remain but adjust surrounding
prose to match these corrected phrases and capitalization.

[blami]

I made same cleanups as in #4139 . This PR is meant to be merged after #4139 as they both change Let's Encrypt. Feel free to update CHANGELOG.md accordingly if different order is preferred.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

letsencrypt/DOCS.md (1)

258-277: Tighten wording; sentence-style heading; fix “addon”→“add-on”, “CertBot”→“Certbot”; clarify precedence

Apply the edits below for tone, style, and accuracy.

-<details>
-  <summary>Change User-Agent</summary>
-
-For auditing purposes it might be useful to override User-Agent HTTP header that addon and its providers send when making requests.
-
-Setting field `user_agent` will completely override value of User-Agent:
+<details>
+  <summary>Change user agent</summary>
+
+For auditing and provider policy compliance, override the User-Agent header that the add-on and its providers send on outbound requests.
+
+Set `user_agent` to override the entire User-Agent header:
 
   ```yaml
   user_agent: "HomeAssistant"

-Setting field user_agent_comment will add value to CertBot User-Agent header:
+Set user_agent_comment to append a value to Certbot’s default User-Agent header:

user_agent_comment: "HomeAssistant"

-Note user_agent_comment will be ignored if user_agent is set.
+user_agent_comment is ignored when user_agent is set.

```

Run to check for duplicate “Change user agent” sections:

#!/bin/bash
rg -nP 'Change (User-Agent|user agent)' letsencrypt/DOCS.md -C1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge Base: Disabled due to data retention organization setting

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8dfff64 and 62a47b1.

📒 Files selected for processing (5)

• letsencrypt/CHANGELOG.md (1 hunks)
• letsencrypt/DOCS.md (1 hunks)
• letsencrypt/config.yaml (1 hunks)
• letsencrypt/rootfs/etc/services.d/lets-encrypt/run (2 hunks)
• letsencrypt/translations/en.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• letsencrypt/CHANGELOG.md

🚧 Files skipped from review as they are similar to previous changes (2)

• letsencrypt/config.yaml
• letsencrypt/rootfs/etc/services.d/lets-encrypt/run

🧰 Additional context used

📓 Path-based instructions (1)

*/**(html|markdown|md)

⚙️ CodeRabbit configuration file

*/**(html|markdown|md): - For instructional content in documentation, use a direct and authoritative tone. Avoid expressions of politeness such as 'may' or 'please', and ensure the goal of the instruction is fronted.

• Apply the Microsoft Style Guide to ensure documentation maintains clarity and conciseness.
• In step-by-step instructions, front the location phrase in the instructional sentence.
• In step-by-step instructions, front the 'goal' in the instructional sentence.
• In step-by-step instructions, if in doubt what to front, front the 'goal' before the location phrase in the instructional sentence.
• do not hyphenate terms like 'top-right' or 'bottom-left' with 'corner'

*/**(html|markdown|md): - Use bold to mark UI strings.

• If "" are used to mark UI strings, replace them by bold.

• Be brief in your replies and don't add fluff like "thank you for..." and "Please let me know if"

• Use sentence-style capitalization also in headings.

do not comment on HTML used for icons

Avoid flagging inline HTML for embedding videos in future reviews for this repository.

Files:

• letsencrypt/DOCS.md

🪛 LanguageTool

letsencrypt/DOCS.md

[grammar] ~261-~261: There might be a mistake here.
Context: ...auditing purposes it might be useful to override User-Agent HTTP header that addon and i...

(QB_NEW_EN)

---

[grammar] ~261-~261: Ensure spelling is correct
Context: ...to override User-Agent HTTP header that addon and its providers send when making requ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[grammar] ~263-~263: There might be a mistake here.
Context: ...ting field user_agent will completely override value of User-Agent: ```yaml user_...

(QB_NEW_EN)

---

[grammar] ~269-~269: There might be a mistake here.
Context: ...eld user_agent_comment will add value to CertBot User-Agent header: ```yaml ...

(QB_NEW_EN)

[coderabbitai]

⚠️ Potential issue

Fix wording; use “add-on”; clarify semantics and precedence

Improve clarity and correctness of UI strings.

   user_agent:
     name: User Agent
-    description: User-Agent HTTP header sent by addon.
+    description: User-Agent header sent by the add-on.
   user_agent_comment:
     name: User Agent Comment
-    description: Comment added to addon User-Agent HTTP header.
+    description: Comment appended to Certbot’s default User-Agent header. Ignored if User Agent is set.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	user_agent:
	name: User Agent
	description: User-Agent HTTP header sent by addon.
	user_agent_comment:
	name: User Agent Comment
	description: Comment added to addon User-Agent HTTP header.
	user_agent:
	name: User Agent
	description: User-Agent header sent by the add-on.
	user_agent_comment:
	name: User Agent Comment
	description: Comment appended to Certbot’s default User-Agent header. Ignored if User Agent is set.

🤖 Prompt for AI Agents

In letsencrypt/translations/en.yaml around lines 31 to 36, update the strings to
use “add-on” instead of “addon” and make the descriptions clearer about what
each field represents and how they interact: change user_agent.description to
something like "User-Agent HTTP header sent by the add-on." and change
user_agent_comment.description to something like "Optional comment appended to
the add-on User-Agent header; if present it will be included after the main
User-Agent value." Ensure wording is concise and clarifies that the comment is
appended and its position/precedence relative to the main header.