From 3fb6e3f54dadb3650cea1ce29beaba8704712b4c Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 6 Oct 2022 14:58:47 +0000 Subject: [PATCH 1/2] Update cpanel and gandi dns plugin handling. Minor adjustments to init logic. --- README.md | 1 + readme-vars.yml | 1 + root/defaults/dns-conf/cpanel.ini | 6 +++--- root/defaults/dns-conf/gandi.ini | 6 +++++- root/defaults/dns-conf/infomaniak.ini | 2 +- root/etc/cont-init.d/50-certbot | 26 ++++++++++++-------------- 6 files changed, 23 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 697c592..9f3fbee 100755 --- a/README.md +++ b/README.md @@ -336,6 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **06.10.22:** - Update cpanel and gandi dns plugin handling. Minor adjustments to init logic. * **05.10.22:** - Use certbot file hooks instead of command line hooks * **04.10.22:** - Add godaddy and porkbun dns plugins. * **03.10.22:** - Add default_server back to default site conf's https listen. diff --git a/readme-vars.yml b/readme-vars.yml index cfd7bef..2571e0a 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -156,6 +156,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "06.10.22:", desc: "Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." } - { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" } - { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." } - { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." } diff --git a/root/defaults/dns-conf/cpanel.ini b/root/defaults/dns-conf/cpanel.ini index 2c2742b..ebe9ba1 100644 --- a/root/defaults/dns-conf/cpanel.ini +++ b/root/defaults/dns-conf/cpanel.ini @@ -1,6 +1,6 @@ # Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials # Replace with your values # include the scheme and the port number (usually 2083 for https) -certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 -certbot_dns_cpanel:cpanel_username = username -certbot_dns_cpanel:cpanel_password = 1234567890abcdef +dns_cpanel_url = https://cpanel.example.com:2083 +dns_cpanel_username = username +dns_cpanel_password = 1234567890abcdef diff --git a/root/defaults/dns-conf/gandi.ini b/root/defaults/dns-conf/gandi.ini index a5c04b3..8f5d596 100644 --- a/root/defaults/dns-conf/gandi.ini +++ b/root/defaults/dns-conf/gandi.ini @@ -1,3 +1,7 @@ # Instructions: https://github.com/obynio/certbot-plugin-gandi#usage # Replace with your value -certbot_plugin_gandi:dns_api_key=APIKEY +# live dns v5 api key +dns_gandi_api_key=APIKEY + +# optional organization id, remove it if not used +#dns_gandi_sharing_id=SHARINGID diff --git a/root/defaults/dns-conf/infomaniak.ini b/root/defaults/dns-conf/infomaniak.ini index 039d261..8b8b828 100644 --- a/root/defaults/dns-conf/infomaniak.ini +++ b/root/defaults/dns-conf/infomaniak.ini @@ -1,3 +1,3 @@ - Instructions: https://github.com/Infomaniak/certbot-dns-infomaniak#via-ini-file +# Instructions: https://github.com/Infomaniak/certbot-dns-infomaniak#via-ini-file # Replace with your values dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index 83b842c..e513111 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -34,9 +34,11 @@ chown -R abc:abc /config/dns-conf # update plugin names in dns conf inis sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini +sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini +sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini # copy default renewal hooks chmod -R +x /defaults/etc/letsencrypt/renewal-hooks @@ -134,16 +136,13 @@ if [ "$VALIDATION" = "dns" ]; then if [ "$DNSPLUGIN" = "route53" ]; then if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then - if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi - PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then - if [ -n "$PROPAGATION" ]; then echo "Gandi dns plugin does not support setting propagation time"; fi - PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini" + elif [[ "$DNSPLUGIN" =~ ^(azure|gandi)$ ]]; then + if [ -n "$PROPAGATION" ]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi + PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini" elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(aliyun|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then + elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then @@ -152,19 +151,16 @@ if [ "$VALIDATION" = "dns" ]; then elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(azure)$ ]]; then - if [ -n "$PROPAGATION" ]; then echo "Azure dns plugin does not support setting propagation time"; fi - PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini" else if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" fi echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected" elif [ "$VALIDATION" = "tls-sni" ]; then - PREFCHAL="--non-interactive --standalone --preferred-challenges http" + PREFCHAL="--standalone --preferred-challenges http" echo "*****tls-sni validation has been deprecated, attempting http validation instead" elif [ "$VALIDATION" = "duckdns" ]; then - PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt" + PREFCHAL="--manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt" chmod +x /app/duckdns-txt echo "duckdns validation is selected" if [ "$SUBDOMAINS" = "wildcard" ]; then @@ -175,7 +171,7 @@ elif [ "$VALIDATION" = "duckdns" ]; then export URL_REAL="-d ${URL}" fi else - PREFCHAL="--non-interactive --standalone --preferred-challenges http" + PREFCHAL="--standalone --preferred-challenges http" echo "http validation is selected" fi @@ -234,7 +230,9 @@ fi if [ -f "/config/keys/letsencrypt/chain.pem" ] && { [ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]; } && [ "${STAGING}" != "true" ] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER + if [[ -f /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem ]]; then + certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER + fi rm -rf /config/etc/letsencrypt/{archive,live,renewal} fi From 53db9755b2fdb01c5912bec362df87d9e1bac4d0 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 6 Oct 2022 18:08:20 +0000 Subject: [PATCH 2/2] Switch to certbot-dns-duckdns --- Dockerfile | 1 + Dockerfile.aarch64 | 1 + Dockerfile.armhf | 1 + README.md | 2 +- readme-vars.yml | 2 +- root/app/duckdns-txt | 8 ------ root/defaults/dns-conf/duckdns.ini | 3 +++ root/etc/cont-init.d/50-certbot | 42 +++++++++++++++++------------- 8 files changed, 32 insertions(+), 28 deletions(-) delete mode 100644 root/app/duckdns-txt create mode 100644 root/defaults/dns-conf/duckdns.ini diff --git a/Dockerfile b/Dockerfile index 6d15830..ce6e588 100755 --- a/Dockerfile +++ b/Dockerfile @@ -116,6 +116,7 @@ RUN \ certbot-dns-dnspod \ certbot-dns-do \ certbot-dns-domeneshop \ + certbot-dns-duckdns \ certbot-dns-dynu \ certbot-dns-gehirn \ certbot-dns-godaddy \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 0ad798f..b810c43 100755 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -116,6 +116,7 @@ RUN \ certbot-dns-dnspod \ certbot-dns-do \ certbot-dns-domeneshop \ + certbot-dns-duckdns \ certbot-dns-dynu \ certbot-dns-gehirn \ certbot-dns-godaddy \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 50f0fc6..92c2a25 100755 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -116,6 +116,7 @@ RUN \ certbot-dns-dnspod \ certbot-dns-do \ certbot-dns-domeneshop \ + certbot-dns-duckdns \ certbot-dns-dynu \ certbot-dns-gehirn \ certbot-dns-godaddy \ diff --git a/README.md b/README.md index 9f3fbee..b400d19 100755 --- a/README.md +++ b/README.md @@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **06.10.22:** - Update cpanel and gandi dns plugin handling. Minor adjustments to init logic. +* **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic. * **05.10.22:** - Use certbot file hooks instead of command line hooks * **04.10.22:** - Add godaddy and porkbun dns plugins. * **03.10.22:** - Add default_server back to default site conf's https listen. diff --git a/readme-vars.yml b/readme-vars.yml index 2571e0a..4e8b7c5 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -156,7 +156,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: - - { date: "06.10.22:", desc: "Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." } + - { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." } - { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" } - { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." } - { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." } diff --git a/root/app/duckdns-txt b/root/app/duckdns-txt deleted file mode 100644 index 9630c4c..0000000 --- a/root/app/duckdns-txt +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -. /config/.donoteditthisfile.conf - -curl https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN}\&token=${ORIGDUCKDNSTOKEN}\&txt=${CERTBOT_VALIDATION} - -echo "sleeping 60" -sleep 60 diff --git a/root/defaults/dns-conf/duckdns.ini b/root/defaults/dns-conf/duckdns.ini new file mode 100644 index 0000000..f0f1508 --- /dev/null +++ b/root/defaults/dns-conf/duckdns.ini @@ -0,0 +1,3 @@ +# Instructions: https://github.com/infinityofspace/certbot_dns_duckdns#credentials-file-or-cli-parameters +# Replace with your API token from your duckdns account. +dns_duckdns_token= diff --git a/root/etc/cont-init.d/50-certbot b/root/etc/cont-init.d/50-certbot index e513111..7c0e7ec 100644 --- a/root/etc/cont-init.d/50-certbot +++ b/root/etc/cont-init.d/50-certbot @@ -23,7 +23,7 @@ for i in "${SANED_VARS[@]}"; do done # check to make sure DNSPLUGIN is selected if dns validation is used -if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then +if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." sleep infinity fi @@ -50,7 +50,7 @@ if [ -f "/config/donoteditthisfile.conf" ]; then mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf fi if [ ! -f "/config/.donoteditthisfile.conf" ]; then - echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf + echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf echo "Created .donoteditthisfile.conf" fi @@ -64,6 +64,25 @@ if [ -z "$VALIDATION" ]; then echo "VALIDATION parameter not set; setting it to http" fi +# set duckdns validation to dns +if [ "$VALIDATION" = "duckdns" ]; then + VALIDATION="dns" + DNSPLUGIN="duckdns" + if [ -n "$DUCKDNSTOKEN" ] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini;then + sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini + fi +fi +if [ "$VALIDATION" = "dns" ] && [ "$DNSPLUGIN" = "duckdns" ]; then + if [ "$SUBDOMAINS" = "wildcard" ]; then + echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org" + export ONLY_SUBDOMAINS=true + else + echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org" + export SUBDOMAINS="" + fi + export EXTRA_DOMAINS="" +fi + # if zerossl is selected or staging is set to true, use the relevant server if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then echo "ZeroSSL does not support staging mode, ignoring STAGING variable" @@ -142,7 +161,7 @@ if [ "$VALIDATION" = "dns" ]; then elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" - elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then + elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|duckdns|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then @@ -159,17 +178,6 @@ if [ "$VALIDATION" = "dns" ]; then elif [ "$VALIDATION" = "tls-sni" ]; then PREFCHAL="--standalone --preferred-challenges http" echo "*****tls-sni validation has been deprecated, attempting http validation instead" -elif [ "$VALIDATION" = "duckdns" ]; then - PREFCHAL="--manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt" - chmod +x /app/duckdns-txt - echo "duckdns validation is selected" - if [ "$SUBDOMAINS" = "wildcard" ]; then - echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org" - export URL_REAL="-d *.${URL}" - else - echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org" - export URL_REAL="-d ${URL}" - fi else PREFCHAL="--standalone --preferred-challenges http" echo "http validation is selected" @@ -189,7 +197,7 @@ rm -rf /config/keys/cert.key ln -s ./letsencrypt/privkey.pem /config/keys/cert.key # checking for changes in cert variables, revoking certs if necessary -if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$DUCKDNSTOKEN" = "$ORIGDUCKDNSTOKEN" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then +if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}" @@ -217,7 +225,7 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! " fi # saving new variables -echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf +echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf # alter extension for error message if [ "$DNSPLUGIN" = "google" ]; then @@ -255,8 +263,6 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then if [ ! -d /config/keys/letsencrypt ]; then if [ "$VALIDATION" = "dns" ]; then echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file." - elif [ "$VALIDATION" = "duckdns" ]; then - echo "ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct." else echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container" fi