SWAG failed to certify main domain of duckdns.org

joaocasarin · 27 December 2023 00:44

Well, I tried following every single step available on this LSIO page and yet, nothing seems to work.

My scenario (same happens both on MacOS and Windows 11):

Port forwarding (WORKING):
- Forward WAN 80 TCP > local 8000. Map to port 80 on SWAG
- Forward WAN 443 TCP > local 4499. Map to port 443 on SWAG

Let’s Encrypt for wildcards (WORKING):

docker-compose:

version: "3.9"

services:
  swag:
    image: linuxserver/swag:version-2.8.0
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Sao_Paulo
      - URL=<my_domain>
      - SUBDOMAINS=wildcard
      - VALIDATION=duckdns
      - DUCKDNSTOKEN=<my_token>
      - EMAIL=<my_email>@hotmail.com
      - ONLY_SUBDOMAINS=true
    volumes:
      - ./swag:/config
    ports:
      - 4499:443
      - 8000:80
    restart: unless-stopped

Result: when I access https://anything.<my_domain>.duckdns.org, it works, the certificate is there and the browser accepts it.

Let’s Encrypt for main domain (THIS IS THE PROBLEM, NOT WORKING!)

docker-compose:

version: "3.9"

services:
  swag:
    image: linuxserver/swag:version-2.8.0
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Sao_Paulo
      - URL=duckdns.org
      - SUBDOMAINS=<my_domain>
      - VALIDATION=http
      - DUCKDNSTOKEN=<my_token>
      - EMAIL=<my_email>@hotmail.com
      - ONLY_SUBDOMAINS=true
    volumes:
      - ./swag:/config
    ports:
      - 4499:443
      - 8000:80
    restart: unless-stopped

Result: after the container is started, it waits a few seconds to try the certification but it always failt. It is not something regarding my firewall neither my port forwarding rules, since the wildcard certs WORK!

PROBLEM HERE
So the problem is regarding the certification of my main duckdns domain, it never works. Here it is the container full log with omitted sensitive data: [migrations] started[migrations] 01-nginx-site-confs-default: executing...[m - Pastebin.com

What am I missing to certify only my domain? I certified my wildcards just to verify if there were any issues with my firewall and port forwarding rules, but there are not, so I just deleted the wildcard certification container.

driz · 27 December 2023 00:56

As mentioned in the swag guide, this is a limitation with duckdns’ certbot implementation and is expected behavior

In your second compose you’re also trying to claim you own duckdns which would obviously be inaccurate

joaocasarin · 27 December 2023 01:12

I understand the video is in portuguese, but could you take a look at this youtube video? https://youtu.be/DT3IVbdIOfo?si=XF9s0zLDc2wGZx2f&t=551

I sent the video in the exact moment the guy had the docker-compose filled with the duckdns data, and as you can see, my compose is literally the same as his, however mine doesn’t work but his setup works, he will show the container logs right after that moment of the link.

driz · 27 December 2023 01:14

Pass, I have no interest in watching a video made by people who aren’t us about our product

joaocasarin · 27 December 2023 01:45

Well, in this case there is an user with problem and no help…

aptalca · 27 December 2023 05:04

If you followed some random person’s video and it didn’t work, you can contact them and ask them for support

driz · 27 December 2023 14:35

The user reported in discord that after following OUR guide, things work as expected. closing and locking this thread.

As a note to others, if you think following a random youtuber on how to use something we make is a better idea than following the guidance we make… you’re special