Letsencrypt (Swag) error: SERVFAIL looking up A for something.duckdns.org - the domain's nameservers may be malfunctioning

I am trying to follow TechnoDadLife's updated video on setting up Letsencrypt. The error that I am getting indicates that LetsEncrypt can't call back to my environment to verify the configuration. I am fairly confident that my forwarding is correct. To test it, I spun up a web server on a different node and passed port 80 to that IP. Sure enough, it worked.

Here is my forwarding. .100 is my OMV instance.

---
version: "2.1"
services:
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=998 #optional
- PGID=100 #optional
- TZ=America/New_York
- URL=muchgooder.duckdns.org
- VALIDATION=http
- DUCKDNSTOKEN= <removed>
- EMAIL= <removed>
volumes:
- /srv/dev-disk-by-label-HOMEMEDIA/AppData/Swag/config:/config
- /srv/dev-disk-by-label-HOMEMEDIA/AppData/Swag/cert:/etc/letsencrypt
ports:
- 450:443
- 90:80 #optional
restart: unless-stopped

Here is my compose file. Note that the PUID and PGID are the values that were returned when I ran the command in the video (I forgot what the command was).

Zitat

rm: cannot remove '/etc/letsencrypt': Resource busy

Using Let's Encrypt as the cert provider

No subdomains defined

E-mail address entered: <removed>

http validation is selected

Generating new certificate

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Account registered.

Requesting a certificate for muchgooder.duckdns.org

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:

Domain: muchgooder.duckdns.org

Type: dns

Detail: DNS problem: SERVFAIL looking up A for muchgooder.duckdns.org - the domain's nameservers may be malfunctioning; no valid AAAA records found for muchgooder.duckdns.org

Alles anzeigen

If I ping muchgooder.duckdns.org the correct IP is returned.

Any help would be GREATLY appreciated!

EDIT

Could it be an issue with not manually creating a network? The video says to create one via the shell but subsequent troubleshooting posts say this isn't necessary.

Zitat von KM0201

Not if you followed instructions. Every container sets up it's own network if you don't manually assign it one.

What is the output of

Code

docker inspect swag | grep NetworkMode

Thank you for this. The result of the query is "swag_default". I am not trying to install Nextcloud so that is not a concern here. I am trying to get the ssl cert and then move on to nginx and automatic cert renewal. I tried this a year ago but was having issues with any kind of passthru at the time because I was using google wifi and had a double nat situation (since removed).

One area of docker that I am still a bit of a noob is the network aspect of it. How do you suggest I approach this in my docker compose file?

I don't think the network was the issue. I suspect the following:

1. I needed to change validation to be "duckdns"

2. I changed subdomains to be "wildcard" - not sure if this was an issue.

version: "2.1"
services:
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
#networks:
#    - nginx-net
cap_add:
- NET_ADMIN
environment:
- PUID=998 #optional
- PGID=100 #optional
- TZ=America/New_York
- URL=adamcodes.duckdns.org
- VALIDATION=duckdns
- SUBDOMAINS=wildcard
- DUCKDNSTOKEN=<removed>
- EMAIL=<removed>
volumes:
- /srv/dev-disk-by-label-HOMEMEDIA/AppData/Swag/config:/config
- /srv/dev-disk-by-label-HOMEMEDIA/AppData/Swag/cert:/etc/letsencrypt
ports:
- 451:443
- 95:80 #optional
restart: unless-stopped
networks:
default:
name: nginx-net
external: true

Zitat von raulfg3

revise <removed> and put your data, must work

and try:

Code

version: "2.1"
networks:
  default:
    external:
      name: nginx-net
services:
  swag:
    image: linuxserver/swag:latest
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1000
      - TZ=America/New_York
      - URL=adamcodes.duckdns.org
      - SUBDOMAINS=wildcard
      - VALIDATION=duckdns
      # - DNSPLUGIN=cloudflare #optional
      - DUCKDNSTOKEN=<removed> #optional
      - EMAIL=<removed> #optional
      - DHLEVEL=2048 #optional
      - ONLY_SUBDOMAINS=true #optional
      #- EXTRA_DOMAINS=<extradomains> #optional
      - STAGING=false #optional
    volumes:
      - srv/dev-disk-by-label-HOMEMEDIA/AppData/Swag/config:/config
      # /srv/dev-disk-by-label-HOMEMEDIA/AppData/Swag/cert:/etc/letsencrypt  # Not sure that works
    ports:
      - 451:443
      - 95:80 #optional
    restart: unless-stopped

Alles anzeigen

PD: You must create first User 1001 on OMV webGUI, in my case is named "dockeruser"

Thanks for the response. I am sorry that I was not more clear in my last post when I marked this as 'resolved' - it is working now.