Swag cpanel dns keep getting Unable to find SOA record

milkboy · 17 March 2025 07:28

first time using swag so please be kind.

so my setup:

mydomain com - main server & dns running on cpanel hosting
analytic mydomain com - on a debian 12 vps running docker and analytic app,

DNS from #1 “A” records point to #2 IP address. ssh can connect to the analytic domain.
Swag docker is running on #2
I have configured to VALIDATION=dns, set config/dns-conf/cpanel.ini with the correct credentials, url and API token (triple checked it).

But when i run swag, i keep getting Error adding TXT record: Unable to find SOA record

Any pointer / help would be appriciated.
thanks.

result of $:docker compose up

swag  | Linuxserver.io version: 3.3.0-ls370
swag  | Build-date: 2025-03-15T03:31:31+00:00
swag  | ───────────────────────────────────────
swag  |
swag  | using keys found in /config/keys
swag  | Variables set:
swag  | PUID=1000
swag  | PGID=100
swag  | TZ=utc/UTC
swag  | URL=mydomain.com
swag  | SUBDOMAINS=www.analytic,analytic
swag  | EXTRA_DOMAINS=
swag  | ONLY_SUBDOMAINS=true
swag  | VALIDATION=dns
swag  | CERTPROVIDER=
swag  | DNSPLUGIN=cpanel
swag  | EMAIL=
swag  | STAGING=false
swag  |
swag  | Using Let's Encrypt as the cert provider
swag  | SUBDOMAINS entered, processing
swag  | Sub-domains processed are: www.analytic.mydomain.com,analytic.mydomain.com
swag  | No e-mail address entered or address invalid
swag  | dns validation via cpanel plugin is selected
swag  | Generating new certificate
swag  | Saving debug log to /config/log/letsencrypt/letsencrypt.log
swag  | Requesting a certificate for www.analytic.mydomain.com and analytic.mydomain.com
swag  | Unsafe permissions on credentials configuration file: /config/dns-conf/cpanel.ini
swag  | /config/dns-conf/cpanel.ini: token and password are exclusive, token will be used when both are provided
swag  | Error adding TXT record: Unable to find SOA record.
swag  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /config/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
swag  | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cpanel.ini file.

letsencrypt.log

Note: All IP address and domain are masked. I uses PGID 100 cause multiple users need to access the folder

driz · 17 March 2025 12:04

i would engage cpanel support, especially if you don’t see an SOA record, which certbot is telling you is missing.

milkboy · 18 March 2025 03:01

Thanks for the info. i thought it was swag config error.

You pointed me in the right direction to troubleshoot.

this let me to

github.com/certbot-cpanel/certbot-dns-cpanel

cPanel - unable to find SOA record

opened 12:21PM - 16 Dec 24 UTC

chiragd

I am using your tool via nginx proxy manager. It produced this output: ```… CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Error adding TXT record: Unable to find SOA record. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:519:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) ``` From the logfile mentioned above ``` 2024-12-16 11:38:03,114:DEBUG:acme.client:Storing nonce: GJdccAF6WgNcqXG0vA7O4JvVL0hQFSHPzgQy7q3jle9C4xQgsQ4 2024-12-16 11:38:03,115:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-12-16 11:38:03,115:INFO:certbot._internal.auth_handler:dns-01 challenge for my.domain.uk 2024-12-16 11:38:03,115:INFO:certbot._internal.auth_handler:dns-01 challenge for my.domain.uk 2024-12-16 11:38:03,463:DEBUG:certbot_dns_cpanel.dns_cpanel:{'preevent': {'result': 1}, 'func': 'fetchzones', 'data': [{'statusmsg': 'Zones fetched', 'zones': [REDACTED], 'status': 1}]} 2024-12-16 11:38:04,837:DEBUG:certbot_dns_cpanel.dns_cpanel:{'func': 'fetchzone_records', 'apiversion': 2, 'event': {'result': 1}, 'preevent': {'result': 1}, 'data': [], 'postevent': {'result': 1}, 'module': 'ZoneEdit'} 2024-12-16 11:38:04,837:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) ^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations resps = self.auth.perform(achalls) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/plugins/dns_common.py", line 76, in perform self._perform(domain, validation_domain_name, validation) File "/opt/certbot/lib/python3.11/site-packages/certbot_dns_cpanel/dns_cpanel.py", line 58, in _perform self._get_cpanel_client().add_txt_record(validation_domain_name, validation) File "/opt/certbot/lib/python3.11/site-packages/certbot_dns_cpanel/dns_cpanel.py", line 112, in add_txt_record raise errors.PluginError("Error adding TXT record: %s" % response_data['data'][0]['result']['statusmsg']) certbot.errors.PluginError: Error adding TXT record: Unable to find SOA record. 2024-12-16 11:38:04,839:ERROR:certbot._internal.log:Error adding TXT record: Unable to find SOA record. My web server is (include version): NA ``` Running cPanel with generic host. When logging into cPanel no SOA records are shown. The host says they are only shown in WHM, not cpanel. Running cPanel 120.0.22

which is a similar issue.
the problem it seem from cpanel (bug?) so if you use their add subdomain function
their DNS API behave weirldy (unsure how)

why i did this? this is the only way to get email for the subdomain in cpanel.
how to solve it? see below.

hope this helps someone else.

TL:DR

Delete the subdomain from the domain panel in cpanel.
add subdomian manually using zone editor.
run swag docker with the correct config

system · 23 March 2025 03:02

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.