[BUG] 2.6.0-ls232 not starting

[golles]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

2.6.0-ls232 isn't starting, 2.6.0-ls231 is fine.

Expected Behavior

No response

Steps To Reproduce

I've updated from 2.6.0-ls231 to 2.6.0-ls232 (latest) and noticed the container isn't starting

Environment

- OS: Ubuntu 22.04.3 LTS
- How docker service was installed:
  - Followed this guide: https://docs.docker.com/engine/install/ubuntu/
  - And `sudo apt install docker-compose`

CPU architecture

x86-64

Docker creation

docker-compose.yaml

...
  swag:
    container_name: swag
    restart: unless-stopped
    image: linuxserver/swag:2.6.0-ls232
    cap_add:
      - NET_ADMIN
    volumes:
      - ${DATA_DIR}/swag:/config
    ports:
      - 80:80
      - 443:443
    environment:
      - EMAIL=${PROXY_CERT_EMAIL}
      - URL=${PROXY_CERT_URL}
      - SUBDOMAINS=${PROXY_CERT_SUBDOMAINS}
      - ONLY_SUBDOMAINS=${PROXY_CERT_ONLY_SUBDOMAINS}
      - VALIDATION=${PROXY_CERT_VALIDATION}
      - DNSPLUGIN=${PROXY_CERT_DNSPLUGIN}
      - PROPAGATION=${PROXY_CERT_PROPAGATION}
      - STAGING=${PROXY_CERT_STAGING}
      - DOCKER_MODS=linuxserver/mods:swag-maxmind
      - MAXMINDDB_LICENSE_KEY=${PROXY_MAXMIND_LICENSE_KEY}
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
...

.env

PGID=1000
PUID=1000
TZ=Europe/Amsterdam
PROXY_CERT_URL=***
PROXY_CERT_EMAIL=***
PROXY_CERT_SUBDOMAINS=wildcard
PROXY_CERT_ONLY_SUBDOMAINS=false
PROXY_CERT_EXTRA_DOMAINS=*.local.***
PROXY_CERT_VALIDATION=dns
PROXY_CERT_DNSPLUGIN=directadmin
PROXY_CERT_PROPAGATION=120
PROXY_CERT_STAGING=false
PROXY_MAXMIND_LICENSE_KEY=***

Container logs

❯ dcl swag
Attaching to swag
swag                  | [mod-init] Attempting to run Docker Modification Logic
swag                  | [mod-init] Adding linuxserver/mods:swag-maxmind to container
swag                  | [mod-init] Downloading linuxserver/mods:swag-maxmind from lscr.io
swag                  | [mod-init] Installing linuxserver/mods:swag-maxmind
swag                  | [mod-init] linuxserver/mods:swag-maxmind applied to container
swag                  | [migrations] started
swag                  | [migrations] 01-nginx-site-confs-default: skipped
swag                  | [migrations] done
swag                  | ───────────────────────────────────────
swag                  | 
swag                  |       ██╗     ███████╗██╗ ██████╗ 
swag                  |       ██║     ██╔════╝██║██╔═══██╗
swag                  |       ██║     ███████╗██║██║   ██║
swag                  |       ██║     ╚════██║██║██║   ██║
swag                  |       ███████╗███████║██║╚██████╔╝
swag                  |       ╚══════╝╚══════╝╚═╝ ╚═════╝ 
swag                  | 
swag                  |    Brought to you by linuxserver.io
swag                  | ───────────────────────────────────────
swag                  | 
swag                  | To support the app dev(s) visit:
swag                  | Certbot: https://supporters.eff.org/donate/support-work-on-certbot
swag                  | 
swag                  | To support LSIO projects visit:
swag                  | https://www.linuxserver.io/donate/
swag                  | 
swag                  | ───────────────────────────────────────
swag                  | GID/UID
swag                  | ───────────────────────────────────────
swag                  | 
swag                  | User UID:    1000
swag                  | User GID:    1000
swag                  | ───────────────────────────────────────
swag                  | 
swag                  | using keys found in /config/keys
swag                  | Variables set:
swag                  | PUID=1000
swag                  | PGID=1000
swag                  | TZ=Europe/Amsterdam
swag                  | URL=***
swag                  | SUBDOMAINS=wildcard
swag                  | EXTRA_DOMAINS=
swag                  | ONLY_SUBDOMAINS=false
swag                  | VALIDATION=dns
swag                  | CERTPROVIDER=
swag                  | DNSPLUGIN=directadmin
swag                  | EMAIL=***
swag                  | STAGING=false
swag                  | 
swag                  | Please set the DNSPLUGIN variable to one of the following:
swag                  |

[Roxedus]

We also need the values for most of the environment variables.

[golles]

I think the important ones are in the log already, are there any others I should share?

[Roxedus]

The log does not show the whole picture, like formatting etc.

[WesSec]

Also experiencing this issue with the same console output OP posted (no more output after the DNS plugin line).

I rolled back to 230 and it started fine again. For debugging purposes I pulled latest again, but now it keeps starting up correctly.

[golles]

The log does not show the whole picture, like formatting etc.

Ok, I added my env variables to the issue.

[nemchik]

From inside the container, can you run echo $PATH and post the output here?
To get into the container you might need to run docker exec -it swag bash on the host.

[golles]

From inside the container, can you run echo $PATH and post the output here? To get into the container you might need to run docker exec -it swag bash on the host.

root@9bb7b890c4c5:/# echo $PATH
/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

[j0nnymoe]

Synology user? I suspect the issue you're experiencing is this this: https://info.linuxserver.io/issues/2023-05-22-portainer/

[golles]

Synology user? I suspect the issue you're experiencing is this this: https://info.linuxserver.io/issues/2023-05-22-portainer/

In my case, it's not running on a Synology

[j0nnymoe]

Synology user? I suspect the issue you're experiencing is this this: https://info.linuxserver.io/issues/2023-05-22-portainer/

In my case, it's not running on a Synology

Are you running portainer? Or some auto updater?

[golles]

Synology user? I suspect the issue you're experiencing is this this: https://info.linuxserver.io/issues/2023-05-22-portainer/

In my case, it's not running on a Synology

Are you running portainer? Or some auto updater?

I've portainer running for ease, but I use docker-compose to manage my containers

[j0nnymoe]

Synology user? I suspect the issue you're experiencing is this this: info.linuxserver.io/issues/2023-05-22-portainer

In my case, it's not running on a Synology

Are you running portainer? Or some auto updater?

I've portainer running for ease, but I use docker-compose to manage my containers

What are you using for updating? and when you say you're using docker-compose? do you mean stacks within portainer?

[golles]

I'm using the command line to update my containers.

[drizuid]

My method for updating is as follows:

1. A shell for loop in cli doing a docker pull for all containers
2. Stop containers in Syno UI
3. Reset containers in Syno UI
4. Start containers in Syno UI

for you, the problem (not something we can fix) was already posted above. This is a synology ui (and portainer ui) issue. You need to use docker run or docker compose to get around it. Your logs also clearly imply that a ton of your stuff is out of date and you need to fix it also. The OP has a different issue as they are using docker compose straight up.
That all said, I am going to minimize your messages to clean the thread up, since you have a different issue that will not be something we can assist with.

[golles]

Could this issue be related to the directadmin plugin?
My certs got expired (auto renewal seemed to be broken), and I' deleted all my local files and restored my config from git, this still didn't work and now I changed back to http validation (and all subdomains, instead of wildcard) and this works fine with linuxserver/swag:latest.

Snippet from my logs:

swag                  | Created .donoteditthisfile.conf
swag                  | Using Let's Encrypt as the cert provider
swag                  | SUBDOMAINS entered, processing
swag                  | Sub-domains processed are: *****
swag                  | E-mail address entered: *****
swag                  | http validation is selected
swag                  | Generating new certificate
swag                  | usage: 
swag                  |   certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
swag                  | 
swag                  | Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
swag                  | it will attempt to use a webserver both for obtaining and installing the
swag                  | certificate. 
swag                  | certbot: error: unrecognized arguments: --directadmin-credentials=/config/dns-conf/directadmin.ini --directadmin-propagation-seconds=120
swag                  | ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

If I attach to running container and execute certbot it would also return this error:

certbot: error: unrecognized arguments: --directadmin-credentials=/config/dns-conf/directadmin.ini --directadmin-propagation-seconds=120

(the file directadmin.ini does exist)

I guess there is more info needed, let me know what I should provide.

[Platzii]

Had the same issue on my setup. Did some debugging and found that there was a change in the certbot DirectAdmin plugin that causes the issue.
Created a PR (#412) that should solve it.

(Note: you might need to delete /config/etc/letsencrypt/cli.ini if it has been persisted/mounted to disk)

[golles]

Thank you @Platzii
I do have another issue now, I can't get the certs for my config.

I've logged in to my DirectAdmin panel and I could see 2 TXT records with the name _acme-challenge are present during the challenge.

swag                  | [mod-init] Attempting to run Docker Modification Logic
swag                  | [mod-init] Adding linuxserver/mods:swag-maxmind to container
swag                  | [mod-init] linuxserver/mods:swag-maxmind at sha256:bb158926d3ef7bc99993ba17f735a21b4826e1b72a89069f33a94358a2730b71 has been previously applied skipping
swag                  | [migrations] started
swag                  | [migrations] 01-nginx-site-confs-default: skipped
swag                  | [migrations] done
swag                  | usermod: no changes
swag                  | ───────────────────────────────────────
swag                  | 
swag                  |       ██╗     ███████╗██╗ ██████╗ 
swag                  |       ██║     ██╔════╝██║██╔═══██╗
swag                  |       ██║     ███████╗██║██║   ██║
swag                  |       ██║     ╚════██║██║██║   ██║
swag                  |       ███████╗███████║██║╚██████╔╝
swag                  |       ╚══════╝╚══════╝╚═╝ ╚═════╝ 
swag                  | 
swag                  |    Brought to you by linuxserver.io
swag                  | ───────────────────────────────────────
swag                  | 
swag                  | To support the app dev(s) visit:
swag                  | Certbot: https://supporters.eff.org/donate/support-work-on-certbot
swag                  | 
swag                  | To support LSIO projects visit:
swag                  | https://www.linuxserver.io/donate/
swag                  | 
swag                  | ───────────────────────────────────────
swag                  | GID/UID
swag                  | ───────────────────────────────────────
swag                  | 
swag                  | User UID:    1000
swag                  | User GID:    1000
swag                  | ───────────────────────────────────────
swag                  | 
swag                  | using keys found in /config/keys
swag                  | Variables set:
swag                  | PUID=1000
swag                  | PGID=1000
swag                  | TZ=Europe/Amsterdam
swag                  | URL=<redacted>.nl
swag                  | SUBDOMAINS=wildcard
swag                  | EXTRA_DOMAINS=
swag                  | ONLY_SUBDOMAINS=false
swag                  | VALIDATION=dns
swag                  | CERTPROVIDER=
swag                  | DNSPLUGIN=directadmin
swag                  | EMAIL=<redacted>
swag                  | STAGING=false
swag                  | 
swag                  | Using Let's Encrypt as the cert provider
swag                  | SUBDOMAINS entered, processing
swag                  | Wildcard cert for <redacted>.nl will be requested
swag                  | E-mail address entered: <redacted>
swag                  | dns validation via directadmin plugin is selected
swag                  | Generating new certificate
swag                  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
swag                  | Requesting a certificate for <redacted>.nl and *.<redacted>.nl
swag                  | Unsafe permissions on credentials configuration file: /config/dns-conf/directadmin.ini
swag                  | Waiting 240 seconds for DNS changes to propagate
swag                  | 
swag                  | Certbot failed to authenticate some domains (authenticator: dns-directadmin). The Certificate Authority reported these problems:
swag                  |   Domain: <redacted>.nl
swag                  |   Type:   unauthorized
swag                  |   Detail: No TXT record found at _acme-challenge.<redacted>.nl
swag                  | 
swag                  |   Domain: <redacted>.nl
swag                  |   Type:   unauthorized
swag                  |   Detail: No TXT record found at _acme-challenge.<redacted>.nl
swag                  | 
swag                  | Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-directadmin. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-directadmin-propagation-seconds (currently 240 seconds).
swag                  | 
swag                  | Some challenges have failed.
swag                  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
swag                  | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/directadmin.ini file.

I did change the time from 120 to 240, but that's not helping

[golles]

Hmm, it might be a local issue with the TTL on my domain.

[golles]

Yep, was TTL. Sorry for bothering