just can't get it to work. the errors indicate login issues, and I've tried everything I can think of. one thing that perplexs me is the 2fa-totp-secret - how do I know what this is before they send it? I've tried putting in what I get texted and then resubmitting, but doesn't work.
Searched the internet and can't find anything like this - similar, but none of the potential solutions worked for me. Got locked out of hover.com and had to reset my password too.
Would you provide more details about what you actually tried? Are you using Certbot? If so, what is the command? Or, what other method have you tried? There are numerous ways to request certs.
Where did you get the instructions for those options? Do they have a support forum?
We don't see Hover on this forum very often. I thought they did not offer a DNS API for adding/deleting the TXT records for a DNS Challenge. That appears to be what you are trying to do.
I also thought their name servers were just ns1.hover.com and ns2. But, your DNS is configured to use a different group of DNS servers.
Are you even sure what you are trying to do is supported by your DNS provider?
I suspect the extraction of the totp-secret may involve a somewhat unusual enrollment method (like signing up for the two-factor authentication at Hover.com using a desktop TOTP app instead of a mobile app, and then extracting the secret value from the desktop app, or something). It's actually somewhat unusual that end users (as opposed to API service administrators) have any way to get access to their TOTP secret strings!
Not really. You cannot configure your 2FA app without the TOTP seed. It is present in every setup QR code, even if the provider doesn't offeran option to view the string in plain text. It may be unusual for basic users to know that, but any user can access it during 2FA setup since the process cannot be completed without sharing that value with the user.
Thanks everyone - you've been a great help - I truely appreciate your insight. My confusion was the "2fa-totp-secret". I thought that it was the "web code" (random number generated every 30 seconds) but it is exactly as you've indicated - it's the "secret key" which is generated with the QR code.
Hover is moving from email/text 2FA to mandating an authenticator app. I switched my account settings to enable this (turned off 2FA, turned it back on) which then took me through the process of generating a QR code and activating in an Authenticator App - in the process it gave me the "secret key" (to use just in case the QR code doesn't work) - I've captured all this and printed it out for future.
Worked perfectly
for future as I could not find anything on the web indicating an "easy" solution to this - below parameters in laymans terms - hope it helps someone in the future.
dns_hover_hoverurl = https://www.hover.com
dns_hover_username = your console user name
dns_hover_password = your password
dns_hover_totpsecret = secret key used to generate the QR code which you use to activate in the authenticator app
I want to repeat - you guys are great. So often it's difficult to get help as a non expert. I have much experience coding, but it's not my profession, and have never been formally trained. Simple brainstorming really helps someone like me think things through. Would not have been able to do it without you.
Thanks. Currently NPM uses Certbot ACME Client for that. The EFF, who supports Certbot, does not provide a DNS plugin for Hover but there are 3rd party plugins for many other systems.
@linkp Thanks for the correction! That makes perfect sense. I was somehow thinking there there was some form of interactivity in the protocol that resulted in a secret string jointly created between the site and the authenticator software, but of course you're right that it's unilateral and therefore the secret is directly present within the QR code.
@mpavia I'm glad this information helped you figure out what was needed here!
