Cant get the swag instance page (NAS running OMV6)

roeegg2 · June 17, 2023, 3:48pm

Hey,

I've been trying to enable remote access to some services such as Jellyfin and Nextcloud on Docker.

I've been following this tutorial:

[[How-To] Route a domain through cloudflare with automatic IP updating]([How-To] Route a domain through cloudflare with automatic IP updating - Guides - openmediavault)

I've followed this tutorial once already and I managed to make it work, but I made some stupid mistake and had to reinstall everything.

I can't figure out what have I done wrong and why isnt it working.

I am attaching my docker-compose file, swag logs, dns records:

swag docker-compose:
---
version: "2.1"
services:
  swag:
    image: ghcr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000  #ADJUST
      - PGID=100   #ADJUST
      - URL=mydomain.com  #ADJUST
      - SUBDOMAINS=www
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - CERTPROVIDER=zerossl
    volumes:
      - /srv/dev-disk-by-uuid-3d2edd1f-14a1-d901-0026-891f14a1d901/swagConf:/config  #ADJUST
    ports:
      - 444:443
      - 81:80
    restart: unless-stopped

swag logs:
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    100
───────────────────────────────────────

using keys found in /config/keys
Variables set:
PUID=1000
PGID=100
TZ=
URL=mydomain.com
SUBDOMAINS=www
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=
STAGING=

Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d www.mydomain.com
No e-mail address entered or address invalid
dns validation via cloudflare plugin is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for mydomain.com and www.mydomain.com
Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini
Waiting 10 seconds for DNS changes to propagate

Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these problems:
  Domain: www.mydomain.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.mydomain.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 10 seconds).

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.

I've been sitting at this for hours, and would really appreciate any help. If there is anything else I should provide, let me know and Ill attach it.

I'm new to all of this so sorry in advance for my lack of knowledge.

linkp · June 17, 2023, 5:19pm

What does any of that have to do with Let's Encrypt certificate issuance?

Osiris · June 17, 2023, 6:00pm

Well, even though the Docker compose file says "CERTPROVIDER=zerossl", for some reason the "swag" (whatever that may be) logs show Let's Encrypt being used.

Anyway, the error message already gives a hint and I haven't heard OP saying they've tried that already. Also, the #help section questionnaire has "magically" vanished, so here it is again:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

danb35 · June 17, 2023, 6:41pm

Did you, in fact, adjust this to reflect your actual domain?

rg305 · June 17, 2023, 7:24pm

This is a very small piece of the puzzle:

What's the rest of that "puzzle" look like?

Osiris · June 17, 2023, 7:40pm

Not sure if it's a relevant piece when using the dns-01 challenge

system · July 17, 2023, 7:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.