VALIDATION=http uses the URL param (root domain) as URL for the ACME validation, even though I only want to verify the subdomains.
I created a "stack" in Portainer, which is equivalent to docker-compose.
version: 2
services:
swag:
image: linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- URL=mydomain.com
- SUBDOMAINS=apps,auth
- VALIDATION=http
- STAGING=true #optional
volumes:
- /srv/swag:/config
ports:
- 443:443
- 80:80 #optional
restart: unless-stopped
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 01-envfile: executing... ,
[cont-init.d] 01-envfile: exited 0.,
[cont-init.d] 10-adduser: executing... ,
,
-------------------------------------,
_ (),
| | ___ _ __,
| | / __| | | / \ ,
| | \__ \ | | | () |,
|_| |___/ |_| \__/,
,
,
Brought to you by linuxserver.io,
-------------------------------------,
,
To support the app dev(s) visit:,
Certbot: https://supporters.eff.org/donate/support-work-on-certbot,
,
To support LSIO projects visit:,
https://www.linuxserver.io/donate/,
-------------------------------------,
GID/UID,
-------------------------------------,
,
User uid: 1000,
User gid: 1000,
-------------------------------------,
,
[cont-init.d] 10-adduser: exited 0.,
[cont-init.d] 20-config: executing... ,
[cont-init.d] 20-config: exited 0.,
[cont-init.d] 30-keygen: executing... ,
using keys found in /config/keys,
[cont-init.d] 30-keygen: exited 0.,
[cont-init.d] 50-config: executing... ,
Variables set:,�,
0,�,
0,
TZ=America/New_York,
URL=mydomain.com,
SUBDOMAINS=apps,auth,
EXTRA_DOMAINS=,
ONLY_SUBDOMAINS=false,
VALIDATION=http,
DNSPLUGIN=,
EMAIL=,�
STAGING=true,
,
NOTICE: Staging is active,
SUBDOMAINS entered, processing,
SUBDOMAINS entered, processing,
Sub-domains processed are: -d apps.mydomain.com -d auth.mydomain.com,
No e-mail address entered or address invalid,
http validation is selected,
nerating new certificate,
Saving debug log to /var/log/letsencrypt/letsencrypt.log,
Plugins selected: Authenticator standalone, Installer None,
Obtaining a new certificate,
Performing the following challenges:,
http-01 challenge for mydomain.com,
Waiting for verification...,
Challenge failed for domain mydomain.com,
http-01 challenge for mydomain.com,
Cleaning up challenges,
Some challenges have failed.,
IMPORTANT NOTES:,
- The following errors were reported by the server:,
,
Domain: mydomain.com,
Type: unauthorized,
Detail: Invalid response from,
https://mydomain.com/.well-known/acme-challenge/DusnGXNePNs7AA1c0ZZr7CksGGtE70d4Og-DXzt8zZw,
[2606:4700:3033::681c:470]: "<!DOCTYPE html>\n<!--[if lt IE 7]>,
<html class=\"no-js ie6 oldie\" lang=\"en-US\">,
<![endif]-->\n<!--[if IE 7]> <html class=\"no-js ",
,
To fix these errors, please make sure that your domain name was,
entered correctly and the DNS A/AAAA record(s) for that domain,
contain(s) the right IP address.,
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container,