Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mpacheco.net
I ran this command: docker compose up -d
docker compose (relevant):
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
cap_add:
- NET_ADMIN
depends_on:
- dockerproxy
environment:
- PUID=${SWAG_UID}
- PGID=${GID}
- UMASK=${UMASK}
- TZ=${TIMEZONE}
- FILE__URL=/run/secrets/domain
- VALIDATION=dns
- FILE__SUBDOMAINS=/run/secrets/subdomains #optional
- CERTPROVIDER= #optional
- DNSPLUGIN=ovh #optional
- PROPAGATION=1800 #optional
- FILE__EMAIL=/run/secrets/email #optional
- ONLY_SUBDOMAINS=true #optional
- EXTRA_DOMAINS= #optional
- STAGING=false #optional
- DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy
- DOCKER_HOST=dockerproxy
volumes:
- ${SWAG_CONFIG}:/config
ports:
- 444:443
labels:
- diun.enable=true
secrets:
- email
- domain
- subdomains
restart: unless-stopped
It produced this output:
[mod-init] Running Docker Modification Logic
[mod-init] Adding linuxserver/mods:universal-docker to container
[mod-init] Downloading linuxserver/mods:universal-docker from lscr.io
[mod-init] Installing linuxserver/mods:universal-docker
[mod-init] linuxserver/mods:universal-docker applied to container
[mod-init] Adding linuxserver/mods:swag-auto-proxy to container
[mod-init] Downloading linuxserver/mods:swag-auto-proxy from lscr.io
[mod-init] Installing linuxserver/mods:swag-auto-proxy
[mod-init] linuxserver/mods:swag-auto-proxy applied to container
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
[env-init] EMAIL set from FILE__EMAIL
[env-init] SUBDOMAINS set from FILE__SUBDOMAINS
[env-init] URL set from FILE__URL
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 913
User GID: 1003
───────────────────────────────────────
Linuxserver.io version: 2.11.0-ls319
Build-date: 2024-08-17T03:21:18+00:00
───────────────────────────────────────
generating self-signed keys in /config/keys, you can replace these with your own keys if required
-----
Variables set:
PUID=913
PGID=1003
TZ=Europe/Madrid
URL=mpacheco.net
SUBDOMAINS=pc
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=ovh
EMAIL=CENSORED
STAGING=false
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name pc.mpacheco.net (expected /etc/letsencrypt/renewal/pc.mpacheco.net.conf).
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Sub-domains processed are: pc.mpacheco.net
E-mail address entered: CENSORED
dns validation via ovh plugin is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for pc.mpacheco.net
Unsafe permissions on credentials configuration file: /config/dns-conf/ovh.ini
Waiting 1800 seconds for DNS changes to propagate
Certbot failed to authenticate some domains (authenticator: dns-ovh). The Certificate Authority reported these problems:
Domain: pc.mpacheco.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pc.mpacheco.net - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-ovh. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-ovh-propagation-seconds (currently 1800 seconds).
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/ovh.ini file.
My web server is (include version):
SWAG (nginx)
lscr.io/linuxserver/swag latest e8fc40a76ba1
The operating system my web server runs on is (include version):
Docker, Alpine, Arch Linux host
My hosting provider, if applicable, is:
selfhosted
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0
The DNS-01 challenge works with ZeroSSL and Let's Debug but it doesn't seem to work for Let's encrypt