aptalca
commented
2 months ago From your log:
[env-init] Your secret: FILE__URL
contains a trailing newline and may not work as expectedClosed TheRedCyclops closed 2 months ago
aptalca
commented
2 months ago From your log:
[env-init] Your secret: FILE__URL
contains a trailing newline and may not work as expected
TheRedCyclops
commented
2 months ago Fixed, same error
aptalca
commented
2 months ago if you're getting the same error, then you did not fix it
TheRedCyclops
commented
2 months ago I mean without the: [env-init] Your secret: FILE__URL contains a trailing newline and may not work as expected
aptalca
commented
2 months ago Post a full log
TheRedCyclops
commented
2 months ago $>> docker logs swag -f
[mod-init] Running Docker Modification Logic
[mod-init] Adding linuxserver/mods:universal-docker to container
[mod-init] Downloading linuxserver/mods:universal-docker from lscr.io
[mod-init] Installing linuxserver/mods:universal-docker
[mod-init] linuxserver/mods:universal-docker applied to container
[mod-init] Adding linuxserver/mods:swag-auto-proxy to container
[mod-init] Downloading linuxserver/mods:swag-auto-proxy from lscr.io
[mod-init] Installing linuxserver/mods:swag-auto-proxy
[mod-init] linuxserver/mods:swag-auto-proxy applied to container
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
[env-init] EMAIL set from FILE__EMAIL
[env-init] SUBDOMAINS set from FILE__SUBDOMAINS
[env-init] URL set from FILE__URL
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 913
User GID: 1003
───────────────────────────────────────
Linuxserver.io version: 2.11.0-ls319
Build-date: 2024-08-17T03:21:18+00:00
───────────────────────────────────────
using keys found in /config/keys
Variables set:
PUID=913
PGID=1003
TZ=Europe/Madrid
URL=pc.CENSORED.net
SUBDOMAINS=
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
CERTPROVIDER=zerossl
DNSPLUGIN=ovh
EMAIL=CENSORED
STAGING=false
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name .pc.CENSORED.net (expected /etc/letsencrypt/renewal/.pc.CENSORED.net.conf).
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ZeroSSL is selected as the cert provider, registering cert with CENSORED
E-mail address entered: CENSORED
dns validation via ovh plugin is selected
Retrieving EAB from ZeroSSL
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for pc.CENSORED.net
Waiting 200 seconds for DNS changes to propagate
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/pc.CENSORED.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/pc.CENSORED.net/privkey.pem
This certificate expires on 2024-11-20.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/ovh.ini file.
I have gone through the code for certificate generation and have found the issue, if no subdomain is specified or it is specified as part of the domain (such as in this case) a broken symlink is created, /config/keys/letsencrypt points to /etc/letsencrypt/live/.subdomain.domain.com instead of /etc/letsencrypt/live/subdomain.domain.com, notice the dot at the start, this breaks validation
aptalca
commented
2 months ago Looks like you left SUBDOMAINS blank, but set ONLY_SUBDOMAINS=true. Those are contradictory.
aptalca
commented
2 months ago You need to set the URL to the top domain you control, ie. mydomain.com. Then you set SUBDOMAINS to any subdomain you like, ie. test,blah. When you set ONLY_SUBDOMAINS=true, the cert will cover test.mydomain.com and blah.mydomain.com, but not mydomain.com
Without ONLY_SUBDOMAINS=true, the cert will cover all three
TheRedCyclops
commented
2 months ago Ok, a check for that would be nice, but the issue is solved otherwise. Thanks!
Is there an existing issue for this?
Current Behavior
The certificate is generated but it is not recognized
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/ovh.ini file.Expected Behavior
The certificate is recognized
Steps To Reproduce
Attempt to start container See logs
Environment
CPU architecture
x86-64
Docker creation
Container logs