Issues with FreeDNS DNS Cert Validation

I am trying to setup SWAG for the first time. I use FreeDNS and am trying to get this container to generate a Wildcard cert for my domain from ZeroSSL using DNS validation. The trouble is, it never creates or updates any records at FreeDNS. I have entered my credentials in dns-conf/freedns.ini and chmod’d the file to 600 so the container log would stop complaining about that.

So, the issue is, it doesn’t ever complete domain validation and never issues a cert. Perhaps more importantly, I cannot find a log entry anywhere that indicates why it is failing or for what I should be looking at.

If I change it to issue for specific subdomains and do http validation it works fine. So I don’t think there is any issue with the ZeroSSL portion, just the domain validation with FreeDNS.

Can anyone help me find those logs so I can help myself diagnose the issue? At this point I am completely blind, not knowing much about this container and software stack. I am very familiar with DNS and PKI. Any help would be greatly appreciated.


Here is a scrubbed log from the container log output for what it’s worth.

chown: cannot dereference ‘/config/keys/letsencrypt’: No such file or directory
awk: /config/etc/letsencrypt/renewal/ No such file or directory
awk: /config/etc/letsencrypt/renewal/ No such file or directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name (expected /etc/letsencrypt/renewal/
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
All authorizations were not finalized by the CA.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done

  ██╗     ███████╗██╗ ██████╗
  ██║     ██╔════╝██║██╔═══██╗
  ██║     ███████╗██║██║   ██║
  ██║     ╚════██║██║██║   ██║
  ╚══════╝╚══════╝╚═╝ ╚═════╝

Brought to you by

To support the app dev(s) visit:
Certbot: Support EFF's Work on Certbot | Electronic Frontier Foundation

To support LSIO projects visit:


User UID: 99
User GID: 100

generating self-signed keys in /config/keys, you can replace these with your own keys if required
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
Variables set:

Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
ZeroSSL does not support staging mode, ignoring STAGING variable
ZeroSSL is selected as the cert provider, registering cert with
SUBDOMAINS entered, processing
Wildcard cert for will be requested
E-mail address entered:
dns validation via freedns plugin is selected
Retrieving EAB from ZeroSSL
Generating new certificate
Account registered.
Requesting a certificate for *
Waiting 120 seconds for DNS changes to propagate
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/freedns.ini file.

As far as I know, none of my referenced volumes are remote or read only, so I am not sure what that log entry is all about. Permissions look good from the review I have done so far.


That log doesn’t even exist/get written on my system by the way.

That produces the following:
Saving debug log to /var/log/letsencrypt/letsencrypt.log <----Again, file doesn’t exist
Plugins selected: Authenticator dns-freedns, Installer cpanel
Requesting a certificate for *
Performing the following challenges:
dns-01 challenge for
insert new txt record <------ This never gets created, or at least I never see it in my management panel
Waiting 120 seconds for DNS changes to propagate

This timer does not seem to be honored at all. Whatever mine is getting hung up on waits for much longer than 2 minutes, probably closer to 30, though I haven’t timed it yet. Even if I adjust the timeout, it doesn’t honor my setting, hangs forever before producing the final message shown in my second post.

Thanks for any guidance anyone can provide.

As you can see from your logs you are not running a supported config. I suggest you join discord, open a thread, provide your docker compose and container logs and we go from there.

I suspect you are using a remote mount for /config which we do not support or recommend