Swag with omv and docker error

Help
1

Trying to run OMV with docker and swag to host nextcloud.
Getting an error after configuring docker-compose.yml

My domain is: serv-bn@duckdns.org

I ran this command: docker logs -f swag

It produced this output:

cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1001
PGID=100
TZ=Europe/Berlin
URL=serv-bn.duckdns.org
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=duckdns
CERTPROVIDER=
DNSPLUGIN=
EMAIL=this.email
STAGING=

Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for serv-bn.duckdns.org will be requested
E-mail address entered: ahmad-drak@github
duckdns validation is selected
the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb401ed48>: Failed to establish a new connection: [Errno -3] Try again'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct.

The operating system my web server runs on is (include version): Armbian 20, Linux Odroidxu4 5.4.181

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): OMV

I did as the error suggested, to check the token, it is correct.

dig acme-v02.api.letsencrypt.org produced this:

; <<>> DiG 9.11.5-P4-5.1+deb10u7-Debian <<>> acme-v02.api.letsencrypt.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58546
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;acme-v02.api.letsencrypt.org.	IN	A

;; ANSWER SECTION:
acme-v02.api.letsencrypt.org. 6794 IN	CNAME	prod.api.letsencrypt.org.
prod.api.letsencrypt.org. 161	IN	CNAME	ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com. 161 IN A 172.65.32.248

;; Query time: 18 msec
;; SERVER: 2001:16b8:1ef6:7700:995e:64fb:ba56:f66b#53(2001:16b8:1ef6:7700:995e:64fb:ba56:f66b)
;; WHEN: Sun Apr 10 15:57:20 CEST 2022
;; MSG SIZE  rcvd: 155

when i try to cat the log file, it returns no such file or directory found.

edit:
running curl -v4 https://acme-v02.api.letsencrypt.org/directory on the host

root@odroidxu4:/home/docker1/nextcloud# curl -v4 https://acme-v02.api.letsencrypt.org/directory
* Expire in 0 ms for 6 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 0 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 1 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 2 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 3 ms for 1 (transfer 0x502950)
* Expire in 3 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 3 ms for 1 (transfer 0x502950)
* Expire in 3 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 5 ms for 1 (transfer 0x502950)
* Expire in 5 ms for 1 (transfer 0x502950)
* Expire in 4 ms for 1 (transfer 0x502950)
* Expire in 5 ms for 1 (transfer 0x502950)
* Expire in 5 ms for 1 (transfer 0x502950)
* Expire in 8 ms for 1 (transfer 0x502950)
* Expire in 7 ms for 1 (transfer 0x502950)
* Expire in 7 ms for 1 (transfer 0x502950)
* Expire in 8 ms for 1 (transfer 0x502950)
* Expire in 7 ms for 1 (transfer 0x502950)
* Expire in 7 ms for 1 (transfer 0x502950)
* Expire in 8 ms for 1 (transfer 0x502950)
* Expire in 9 ms for 1 (transfer 0x502950)
* Expire in 9 ms for 1 (transfer 0x502950)
* Expire in 8 ms for 1 (transfer 0x502950)
* Expire in 10 ms for 1 (transfer 0x502950)
* Expire in 10 ms for 1 (transfer 0x502950)
* Expire in 16 ms for 1 (transfer 0x502950)
* Expire in 13 ms for 1 (transfer 0x502950)
* Expire in 13 ms for 1 (transfer 0x502950)
* Expire in 16 ms for 1 (transfer 0x502950)
* Expire in 13 ms for 1 (transfer 0x502950)
* Expire in 13 ms for 1 (transfer 0x502950)
* Expire in 16 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 16 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 32 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 32 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 64 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 64 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 64 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 64 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 50 ms for 1 (transfer 0x502950)
* Expire in 64 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 64 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 128 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 128 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 250 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
* Expire in 200 ms for 1 (transfer 0x502950)
*   Trying 172.65.32.248...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x502950)
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=acme-v02.api.letsencrypt.org
*  start date: Mar  4 16:00:31 2022 GMT
*  expire date: Jun  2 16:00:30 2022 GMT
*  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x502950)
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.64.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: nginx
< date: Sun, 10 Apr 2022 15:41:54 GMT
< content-type: application/json
< content-length: 658
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
< 
{
  "bH3IKnbKuE8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v02.api.letsencrypt.org left intact

running curl -v4 https://acme-v02.api.letsencrypt.org/directory in the swag container

root@odroidxu4:/home/docker1/nextcloud# docker exec -it d72fc41ef6ef sh
root@d72fc41ef6ef:/# curl -v4 https://acme-v02.api.letsencrypt.org/directory
* Could not resolve host: acme-v02.api.letsencrypt.org
* Closing connection 0
curl: (6) Could not resolve host: acme-v02.api.letsencrypt.org
2

You did cat inside the container, right?

Try this command both on the host and inside the container:

curl -v https://acme-v02.api.letsencrypt.org/directory

1 Like
3

my bad, heres the the log:

root@1b2793d92347:/# cat /var/log/letsencrypt/letsencrypt.log
2022-04-10 15:47:35,487:DEBUG:certbot._internal.main:certbot version: 1.26.0
2022-04-10 15:47:35,489:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-04-10 15:47:35,489:DEBUG:certbot._internal.main:Arguments: ['--renew-by-default', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--non-interactive', '--manual', '--preferred-challenges', 'dns', '--manual-auth-hook', '/app/duckdns-txt', '--rsa-key-size', '4096', '-m', 'ahmad-drak@github', '--no-eff-email', '--agree-tos', '-d', '*.serv-bn.duckdns.org']
2022-04-10 15:47:35,490:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-aliyun:dns-aliyun,PluginEntryPoint#certbot-dns-cpanel:cpanel,PluginEntryPoint#certbot-dns-desec:dns-desec,PluginEntryPoint#certbot-dns-directadmin:directadmin,PluginEntryPoint#certbot-dns-dnspod:dns-dnspod,PluginEntryPoint#certbot-dns-domeneshop:dns-domeneshop,PluginEntryPoint#certbot-dns-he:dns-he,PluginEntryPoint#certbot-dns-hetzner:dns-hetzner,PluginEntryPoint#certbot-dns-infomaniak:dns-infomaniak,PluginEntryPoint#certbot-dns-inwx:dns-inwx,PluginEntryPoint#certbot-dns-ionos:dns-ionos,PluginEntryPoint#certbot-dns-loopia:dns-loopia,PluginEntryPoint#certbot-dns-netcup:dns-netcup,PluginEntryPoint#certbot-dns-njalla:dns-njalla,PluginEntryPoint#certbot-dns-standalone:dns-standalone,PluginEntryPoint#certbot-dns-transip:dns-transip,PluginEntryPoint#certbot-dns-vultr:dns-vultr,PluginEntryPoint#certbot-plugin-gandi:dns,PluginEntryPoint#certbot-plugin-gandi:dns-gandi,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#cpanel,PluginEntryPoint#directadmin,PluginEntryPoint#dns,PluginEntryPoint#dns-aliyun,PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-cloudxns,PluginEntryPoint#dns-desec,PluginEntryPoint#dns-digitalocean,PluginEntryPoint#dns-dnsimple,PluginEntryPoint#dns-dnsmadeeasy,PluginEntryPoint#dns-dnspod,PluginEntryPoint#dns-domeneshop,PluginEntryPoint#dns-gandi,PluginEntryPoint#dns-google,PluginEntryPoint#dns-he,PluginEntryPoint#dns-hetzner,PluginEntryPoint#dns-infomaniak,PluginEntryPoint#dns-inwx,PluginEntryPoint#dns-ionos,PluginEntryPoint#dns-linode,PluginEntryPoint#dns-loopia,PluginEntryPoint#dns-luadns,PluginEntryPoint#dns-netcup,PluginEntryPoint#dns-njalla,PluginEntryPoint#dns-nsone,PluginEntryPoint#dns-ovh,PluginEntryPoint#dns-rfc2136,PluginEntryPoint#dns-route53,PluginEntryPoint#dns-standalone,PluginEntryPoint#dns-transip,PluginEntryPoint#dns-vultr,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-04-10 15:47:35,675:DEBUG:certbot._internal.log:Root logging level set at 30
2022-04-10 15:47:35,680:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2022-04-10 15:47:35,698:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0xb44d6550>
Prep: True
2022-04-10 15:47:35,699:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0xb44d6550> and installer None
2022-04-10 15:47:35,699:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-04-10 15:47:46,618:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-04-10 15:47:46,629:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-04-10 15:47:51,641:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 169, in _new_conn
    conn = connection.create_connection(
  File "/usr/lib/python3.9/site-packages/urllib3/util/connection.py", line 73, in create_connection
    for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
  File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Try again

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 353, in connect
    conn = self._new_conn()
  File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 181, in _new_conn
    raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0xb401ed48>: Failed to establish a new connection: [Errno -3] Try again

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 440, in send
    resp = conn.urlopen(
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb401ed48>: Failed to establish a new connection: [Errno -3] Try again'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1723, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1564, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 818, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 726, in _determine_account
    acc, acme = client.register(
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 216, in register
    acme = acme_from_config_key(config, key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 76, in acme_from_config_key
    client = acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/usr/lib/python3.9/site-packages/acme/client.py", line 877, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/usr/lib/python3.9/site-packages/acme/client.py", line 1239, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python3.9/site-packages/acme/client.py", line 1177, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 529, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 645, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 519, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb401ed48>: Failed to establish a new connection: [Errno -3] Try again'))
2022-04-10 15:47:51,655:ERROR:certbot._internal.log:An unexpected error occurred:
2022-04-10 15:47:51,656:ERROR:certbot._internal.log:requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0xb401ed48>: Failed to establish a new connection: [Errno -3] Try again'))

in host:

Expire in 0 ms for 6 (transfer 0x4b0950)
* Expire in 1 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 2 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 2 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 2 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 2 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)
* Expire in 0 ms for 1 (transfer 0x4b0950)

in container:

oot@1b2793d92347:/# curl -v https://acme-v02.api.letsencrypt.org/directory
* Could not resolve host: acme-v02.api.letsencrypt.org
* Closing connection 0
curl: (6) Could not resolve host: acme-v02.api.letsencrypt.org
4

Your docker daemon has no access to a DNS resolver.

This issue should solve itself if you restart the daemon or you can add a --dns 1.1.1.1 to your docker command (or something like that)

2 Likes
5

Uhm... It should look like this:

% curl -v https://acme-v02.api.letsencrypt.org/directory
*   Trying 172.65.32.248:443...
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /data/data/com.termux/files/usr/etc/tls/cert.pem
*  CApath: /data/data/com.termux/files/usr/etc/tls/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=acme-v02.api.letsencrypt.org
*  start date: Feb 25 15:54:15 2022 GMT
*  expire date: May 26 15:54:14 2022 GMT
*  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /directory]
* h2h3 [:scheme: https]
* h2h3 [:authority: acme-v02.api.letsencrypt.org]
* h2h3 [user-agent: curl/7.82.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0xb400007323688010)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> user-agent: curl/7.82.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< server: nginx
< date: Sun, 10 Apr 2022 14:41:10 GMT
< content-type: application/json
< content-length: 658
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
<
{
  "5117c84-vSs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
}
1 Like
6

It showed up after letting the command run for a while..but only on the ipv6, not ipv4

* Expire in 200 ms for 1 (transfer 0x4f6950)
* Expire in 200 ms for 1 (transfer 0x4f6950)
* Expire in 250 ms for 1 (transfer 0x4f6950)
* Expire in 200 ms for 1 (transfer 0x4f6950)
* Expire in 200 ms for 1 (transfer 0x4f6950)
* Expire in 200 ms for 1 (transfer 0x4f6950)
*   Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
* TCP_NODELAY set
* Expire in 147452 ms for 3 (transfer 0x4f6950)
* Expire in 200 ms for 4 (transfer 0x4f6950)
* Connected to acme-v02.api.letsencrypt.org (2606:4700:60:0:f53d:5624:85c7:3a2c) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=acme-v02.api.letsencrypt.org
*  start date: Feb 25 15:54:15 2022 GMT
*  expire date: May 26 15:54:14 2022 GMT
*  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x4f6950)
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.64.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: nginx
< date: Sun, 10 Apr 2022 15:25:40 GMT
< content-type: application/json
< content-length: 658
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
< 
{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "rE-RDOWGysQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
7

Try:
curl -v4 https://acme-v02.api.letsencrypt.org/directory

1 Like
8

i edited the post to include this info

9

i tried adding that in the docker nano /etc/default/docker but still the same issue

10

There is definitely a DNS issue.

1 Like
11

right, figured as much. Any idea how I could reslove it? I tried adding --dns 1.1.1.1 at nano /etc/default/docker but no luck

12

That's not its place.

docker --dns 1.1.1.1 [options] run image

1 Like
13

Please show this output from within the image:
cat /etc/resolv.conf

1 Like
14 
root@d72fc41ef6ef:/# cat /etc/resolv.conf 
search dns3.digitalcourage.de
nameserver 127.0.0.11
options ndots:0
15

Im not sure I can do that. Im using docker-compose up -d in the directory that contains the docker-compose.yml file

16
2 Likes
17

yea i added dns: 1.1.1.1 to my .yml file. That did the trick. Thank you.

2 Likes
18

It should've worked without, eh.

Docker does that from time to time.

1 Like
19

this is my first ever interaction with docker. been trying to avoid it for so long..not anymore i guess

20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.