Hi,
(note, these domains all are .org / .com, but discourse won’t let me post with links)
I’m trying to set up an additional subdomain to route through to my DuckDNS domain, mainly as a proof of concept prior to moving away from an existing hosted web provider. Existing set up with DuckDNS works perfectly, with a certificate generated for *.mydomain.duckdns.
What I’m now trying to set up is:
- I have a separate subdomain,
newsub.existingdomain -
newsub.existingdomainis a CNAME fortest.mydomain.duckdns - traffic to
newsub.existingdomainhits nginx, and is proxied totest.mydomain.duckdns - accessing
test.mydomain.duckdnsworks perfectly - accessing
newsub.existingdomain, the browser complains of invalid SSL certificate because*.mydomain.duckdnsdoesn’t matchnewsub.existingdomain, and the certificate doesn’t mentionnewsub.existingdomain. If you manually click through the warning, it works.
I’ve added newsub.existingdomain in EXTRA_DOMAINS, recreated the container, verified it’s being picked up in the logs, and there are no error messages but I don’t see it being picked up in the challenges, and I don’t see it listed in the certificate. Am I doing something wrong, or is EXTRA_DOMAINS not supported with DuckDNS?
Snippet from docker-compose.yml:
swag:
environment:
- URL=subdomain.duckdns
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=xxx
- EXTRA_DOMAINS=newsub.existingdomain
Snippet from swag log:
swag | EXTRA_DOMAINS entered, processing
swag | Extra domains processed are: -d newsub.existingdomain
swag | duckdns validation is selected
swag | the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns
swag | Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
swag | Saving debug log to /var/log/letsencrypt/letsencrypt.log
swag | No match found for cert-path /config/etc/letsencrypt/live/mydomain.duckdns/fullchain.pem!
swag | Generating new certificate
swag | Saving debug log to /var/log/letsencrypt/letsencrypt.log
swag | Plugins selected: Authenticator manual, Installer None
swag | Obtaining a new certificate
swag | Performing the following challenges:
swag | dns-01 challenge for mydomain.duckdns
swag | Running manual-auth-hook command: /app/duckdns-txt
swag | Output from manual-auth-hook command duckdns-txt:
swag | OKsleeping 60
swag |
swag | Error output from manual-auth-hook command duckdns-txt:
swag | % Total % Received % Xferd Average Speed Time Time Time Current
swag | Dload Upload Total Spent Left Speed
swag |
swag | 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
swag | 100 2 0 2 0 0 2 0 --:–:-- --:–:-- --:–:-- 2
swag |
swag | Waiting for verification…
swag | Cleaning up challenges
swag | IMPORTANT NOTES:
swag | - Congratulations! Your certificate and chain have been saved at:
Thank you in advance,