SWAG, duckdns and multiple domain/subdomaine


I have a pfsense installation that is running acme. On this installation, I was able to create a single certification with duckdns that cover the following:

How can I replicate this with swag?

Here’s how it’s setup in pfsense acme

Thank you

Here’s the certificate

The SWAG container readme says exactly how to do this, do you have a more specific question or perhaps I have misunderstood?

No, the swag container says it cannot do this for duckdns.org.

Also, in the doc, it says that “extra_domains” is ignored for duckdns. And I cannot have a wildcards certs and multiple main domains like I want. So it cannot be done right now. If it is, please tell me where in the doc it says I can do it with duckdns and how to do it, I’ll be just happy XD



I misread those to be a.thing.duckdns.org and b.thing.duckdns.org, my mistake. you are correct that you cannot do that with duckdns.

I’m not seeing where we wrote this?

Note: I do not and have not ever used duckdns so anything i say is purely from reading (which depending on time of day had a large skill fluctuation)

I would say just buy a domain name and use cloudflare to avoid the limitations of duckdns, but i understand that isn’t possible for everyone.

looks like you are correct on extra_domains
docker-swag/run at master · linuxserver/docker-swag (github.com)

Thing is, it’s not a duckdns limitation cause I do have a cert that do that (see screenshot). I did it with ACME on pfsense using DNS Duckdns as validation. My cert is multiple domain, wildcards + main domain like I want.

As for the ignore, I got it from another thread (my bad on bad reference)

One of our teammembers is checking if the duckdns certbot plugin will allow it since a single duckdns account can have 5 primary subdomains.

As to the limitation, I can’t speak to that. If you have example of how to do it with certbot using the duckdns plugin, please share those and we can try to utilize that in our code.

To be honest I don’t know. I know that ACME plugin can do it in pfsense. But it seems it require my token for each entry (I can in fact select different method for each entry for the same cert). I don’t know how it’s doing it, but I did find this:

edit: Also in the certbot duckdns plugin, under usage
Note: You cannot create certificates for multiple DuckDNS domains with one certbot call. This is because DuckDNS only allows one TXT record. If certificates for several domains should be created at the same time, then the same number of distinct DNS TXT records must be created. To solve the problem, you simply have to make a separate certbot call for each domain.