I have problems with the swag container when creating the certificate. According to the log there is no certificate, although it says that it was created before:
Log
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=Europe/Berlin
URL=sub.duckdns.org
SUBDOMAINS=
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=duckdns
DNSPLUGIN=duckdns
EMAIL=
STAGING=
No subdomains defined
No e-mail address entered or address invalid
duckdns validation is selected
the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Registering without email!
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for sub.duckdns.org
Running manual-auth-hook command: /app/duckdns-txt
Output from manual-auth-hook command duckdns-txt:
OKsleeping 60
Error output from manual-auth-hook command duckdns-txt:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
100 2 0 2 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
100 2 0 2 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sub.duckdns.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sub.duckdns.org/privkey.pem
Your cert will expire on 2020-11-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct.
Config
/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create
--name=‚swag'
--net=‚proxy‘
-e TZ="Europe/Berlin“
-e HOST_OS=„Unraid"
-e 'URL‘=‚sub.duckdns.org'
-e 'DHLEVEL'=‚2048'
-e 'ONLY_SUBDOMAINS'=‚true'
-e 'VALIDATION'=‚duckdns'
-e 'DUCKDNSTOKEN‘=‚token'
-e 'PUID'=’99'
-e 'PGID'=‚100'
-e 'DNSPLUGIN'=‚duckdns'
-e 'SUBDOMAINS'=‚'
-p ‚port:port/tcp‘
-v '/mnt/user/appdata/swag':'/config':’rw'
--cap-add=NET_ADMIN
'linuxserver/swag'
I had success when I set SUBDOMAINS to wildcard, but the certificate is then issued to *.sub.duckdns.org, which of course leads to a security warning in the browser.
DUCKDNSTOKEN seems to be passed correctly, because the token appears in /config/donoteditthisfile.conf