Bot Updating Package Versions

Replace even older service location

.github/ISSUE_TEMPLATE/issue.bug.md

@@ -1,40 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-[linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
-
-<!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
-
-<!--- Provide a general summary of the bug in the Title above -->
-
-------------------------------
-
-## Expected Behavior
-<!--- Tell us what should happen -->
-
-## Current Behavior
-<!--- Tell us what happens instead of the expected behavior -->
-
-## Steps to Reproduce
-<!--- Provide a link to a live example, or an unambiguous set of steps to -->
-<!--- reproduce this bug. Include code to reproduce, if relevant -->
-1.
-2.
-3.
-4.
-
-## Environment
-**OS:**
-**CPU architecture:** x86_64/arm32/arm64
-**How docker service was installed:**
-<!--- ie. from the official docker repo, from the distro repo, nas OS provided, etc. -->
-<!--- Providing context helps us come up with a solution that is most useful in the real world -->
-
-## Command used to create docker container (run/create/compose/screenshot)
-<!--- Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container -->
-
-## Docker logs
-<!--- Provide a full docker log, output of "docker logs swag" -->

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -0,0 +1,77 @@
+# Based on the issue template
+name: Bug report
+description: Create a report to help us improve
+title: "[BUG] <title>"
+labels: [Bug]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please search to see if an issue already exists for the bug you encountered.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: Tell us what happens instead of the expected behavior.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: Tell us what should happen.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Environment
+      description: |
+        examples:
+          - **OS**: Ubuntu 20.04
+          - **How docker service was installed**: distro's packagemanager
+      value: |
+        - OS:
+        - How docker service was installed:
+      render: markdown
+    validations:
+      required: false
+  - type: dropdown
+    attributes:
+      label: CPU architecture
+      options:
+        - x86-64
+        - arm64
+        - armhf
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Docker creation
+      description: |
+        Command used to create docker container
+        Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container
+      render: bash
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      description: |
+        Provide a full docker log, output of "docker logs linuxserver.io"
+      label: Container logs
+      placeholder: |
+        Output of `docker logs linuxserver.io`
+      render: bash
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/issue.feature.md

@@ -1,25 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-
----
-[linuxserverurl]: https://linuxserver.io
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
-
-<!--- If you are new to Docker or this application our issue tracker is **ONLY** used for reporting bugs or requesting features. Please use [our discord server](https://discord.gg/YWrKVTn) for general support. --->
-
-<!--- If this acts as a feature request please ask yourself if this modification is something the whole userbase will benefit from --->
-<!--- If this is a specific change for corner case functionality or plugins please look at making a Docker Mod or local script  https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ -->
-
-<!--- Provide a general summary of the request in the Title above -->
-
-------------------------------
-
-## Desired Behavior
-<!--- Tell us what should happen -->
-
-## Current Behavior
-<!--- Tell us what happens instead of the expected behavior -->
-
-## Alternatives Considered
-<!--- Tell us what other options you have tried or considered -->

.github/ISSUE_TEMPLATE/issue.feature.yml

@@ -0,0 +1,31 @@
+# Based on the issue template
+name: Feature request
+description: Suggest an idea for this project
+title: "[FEAT] <title>"
+labels: [enhancement]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is this a new feature request?
+      description: Please search to see if a feature request already exists.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Wanted change
+      description: Tell us what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Reason for change
+      description: Justify your request, why do you want it, what is the benefit.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed code change
+      description: Do you have a potential code change in mind?
+    validations:
+      required: false

.github/workflows/call_invalid_helper.yml

@@ -0,0 +1,12 @@
+name: Comment on invalid interaction
+on:
+  issues:
+    types:
+      - labeled
+jobs:
+  add-comment-on-invalid:
+    if: github.event.label.name == 'invalid'
+    permissions:
+      issues: write
+    uses: linuxserver/github-workflows/.github/workflows/invalid-interaction-helper.yml@v1
+    secrets: inherit

.github/workflows/external_trigger.yml

@@ -7,7 +7,7 @@ jobs:
   external-trigger-master:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
 
       - name: External Trigger
         if: github.ref == 'refs/heads/master'

.github/workflows/external_trigger_scheduler.yml

@@ -9,7 +9,7 @@ jobs:
   external-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: '0'
 

.github/workflows/greetings.yml

@@ -8,6 +8,6 @@ jobs:
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.md) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.md) issue templates!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-swag/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
         pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-swag/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/package_trigger.yml

@@ -7,7 +7,7 @@ jobs:
   package-trigger-master:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
 
       - name: Package Trigger
         if: github.ref == 'refs/heads/master'

.github/workflows/package_trigger_scheduler.yml

@@ -9,7 +9,7 @@ jobs:
   package-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2.3.3
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: '0'
 

.github/workflows/stale.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v6.0.1
       with:
         stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
         stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."

Dockerfile

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -36,7 +35,6 @@ RUN \
     nginx-mod-http-geoip2 \
     nginx-mod-http-headers-more \
     nginx-mod-http-image-filter \
-    nginx-mod-http-nchan \
     nginx-mod-http-perl \
     nginx-mod-http-redis2 \
     nginx-mod-http-set-misc \
@@ -47,66 +45,60 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
+    php81-bcmath \
-    php8-bz2 \
+    php81-bz2 \
-    php8-ctype \
+    php81-ctype \
-    php8-curl \
+    php81-curl \
-    php8-dom \
+    php81-dom \
-    php8-exif \
+    php81-exif \
-    php8-ftp \
+    php81-ftp \
-    php8-gd \
+    php81-gd \
-    php8-gmp \
+    php81-gmp \
-    php8-iconv \
+    php81-iconv \
-    php8-imap \
+    php81-imap \
-    php8-intl \
+    php81-intl \
-    php8-ldap \
+    php81-ldap \
-    php8-mysqli \
+    php81-mysqli \
-    php8-mysqlnd \
+    php81-mysqlnd \
-    php8-opcache \
+    php81-opcache \
-    php8-pdo_mysql \
+    php81-pdo_mysql \
-    php8-pdo_odbc \
+    php81-pdo_odbc \
-    php8-pdo_pgsql \
+    php81-pdo_pgsql \
-    php8-pdo_sqlite \
+    php81-pdo_sqlite \
-    php8-pear \
+    php81-pear \
-    php8-pecl-apcu \
+    php81-pecl-apcu \
-    php8-pecl-mailparse \
+    php81-pecl-mailparse \
-    php8-pecl-mcrypt \
+    php81-pecl-memcached \
-    php8-pecl-memcached \
+    php81-pecl-redis \
-    php8-pecl-redis \
+    php81-pgsql \
-    php8-pgsql \
+    php81-phar \
-    php8-phar \
+    php81-posix \
-    php8-posix \
+    php81-soap \
-    php8-soap \
+    php81-sockets \
-    php8-sockets \
+    php81-sodium \
-    php8-sodium \
+    php81-sqlite3 \
-    php8-sqlite3 \
+    php81-tokenizer \
-    php8-tokenizer \
+    php81-xmlreader \
-    php8-xml \
+    php81-xsl \
-    php8-xmlreader \
+    php81-zip \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
     whois && \
-  apk add --no-cache \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
-    php8-pecl-xmlrpc && \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
   fi && \
-  pip3 install -U \
+  python3 -m ensurepip && \
-    pip wheel && \
+  pip3 install -U --no-cache-dir \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    pip \
-    ${CERTBOT} \
+    wheel && \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
     certbot-dns-cloudflare \
-    certbot-dns-cloudxns \
     certbot-dns-cpanel \
     certbot-dns-desec \
     certbot-dns-digitalocean \
@@ -133,7 +125,6 @@ RUN \
     certbot-dns-njalla \
     certbot-dns-nsone \
     certbot-dns-ovh \
-    certbot-dns-porkbun \
     certbot-dns-rfc2136 \
     certbot-dns-route53 \
     certbot-dns-sakuracloud \
@@ -142,6 +133,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -177,14 +169,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
+    $HOME/.cache \
-    /root/.cargo
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Dockerfile.aarch64

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -36,7 +35,6 @@ RUN \
     nginx-mod-http-geoip2 \
     nginx-mod-http-headers-more \
     nginx-mod-http-image-filter \
-    nginx-mod-http-nchan \
     nginx-mod-http-perl \
     nginx-mod-http-redis2 \
     nginx-mod-http-set-misc \
@@ -47,66 +45,60 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
+    php81-bcmath \
-    php8-bz2 \
+    php81-bz2 \
-    php8-ctype \
+    php81-ctype \
-    php8-curl \
+    php81-curl \
-    php8-dom \
+    php81-dom \
-    php8-exif \
+    php81-exif \
-    php8-ftp \
+    php81-ftp \
-    php8-gd \
+    php81-gd \
-    php8-gmp \
+    php81-gmp \
-    php8-iconv \
+    php81-iconv \
-    php8-imap \
+    php81-imap \
-    php8-intl \
+    php81-intl \
-    php8-ldap \
+    php81-ldap \
-    php8-mysqli \
+    php81-mysqli \
-    php8-mysqlnd \
+    php81-mysqlnd \
-    php8-opcache \
+    php81-opcache \
-    php8-pdo_mysql \
+    php81-pdo_mysql \
-    php8-pdo_odbc \
+    php81-pdo_odbc \
-    php8-pdo_pgsql \
+    php81-pdo_pgsql \
-    php8-pdo_sqlite \
+    php81-pdo_sqlite \
-    php8-pear \
+    php81-pear \
-    php8-pecl-apcu \
+    php81-pecl-apcu \
-    php8-pecl-mailparse \
+    php81-pecl-mailparse \
-    php8-pecl-mcrypt \
+    php81-pecl-memcached \
-    php8-pecl-memcached \
+    php81-pecl-redis \
-    php8-pecl-redis \
+    php81-pgsql \
-    php8-pgsql \
+    php81-phar \
-    php8-phar \
+    php81-posix \
-    php8-posix \
+    php81-soap \
-    php8-soap \
+    php81-sockets \
-    php8-sockets \
+    php81-sodium \
-    php8-sodium \
+    php81-sqlite3 \
-    php8-sqlite3 \
+    php81-tokenizer \
-    php8-tokenizer \
+    php81-xmlreader \
-    php8-xml \
+    php81-xsl \
-    php8-xmlreader \
+    php81-zip \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
     whois && \
-  apk add --no-cache \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
-    php8-pecl-xmlrpc && \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
   fi && \
-  pip3 install -U \
+  python3 -m ensurepip && \
-    pip wheel && \
+  pip3 install -U --no-cache-dir \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    pip \
-    ${CERTBOT} \
+    wheel && \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
     certbot-dns-cloudflare \
-    certbot-dns-cloudxns \
     certbot-dns-cpanel \
     certbot-dns-desec \
     certbot-dns-digitalocean \
@@ -133,7 +125,6 @@ RUN \
     certbot-dns-njalla \
     certbot-dns-nsone \
     certbot-dns-ovh \
-    certbot-dns-porkbun \
     certbot-dns-rfc2136 \
     certbot-dns-route53 \
     certbot-dns-sakuracloud \
@@ -142,6 +133,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -177,14 +169,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
+    $HOME/.cache \
-    /root/.cargo
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Dockerfile.armhf

@@ -1,4 +1,6 @@
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
+# syntax=docker/dockerfile:1
+
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
 
 # set version label
 ARG BUILD_DATE
@@ -14,9 +16,8 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 RUN \
   echo "**** install build packages ****" && \
   apk add --no-cache --virtual=build-dependencies \
+    build-base \
     cargo \
-    g++ \
-    gcc \
     libffi-dev \
     libxml2-dev \
     libxslt-dev \
@@ -24,11 +25,9 @@ RUN \
     python3-dev && \
   echo "**** install runtime packages ****" && \
   apk add --no-cache --upgrade \
-    curl \
     fail2ban \
     gnupg \
     memcached \
-    nginx \
     nginx-mod-http-brotli \
     nginx-mod-http-dav-ext \
     nginx-mod-http-echo \
@@ -36,7 +35,6 @@ RUN \
     nginx-mod-http-geoip2 \
     nginx-mod-http-headers-more \
     nginx-mod-http-image-filter \
-    nginx-mod-http-nchan \
     nginx-mod-http-perl \
     nginx-mod-http-redis2 \
     nginx-mod-http-set-misc \
@@ -47,66 +45,60 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php8-bcmath \
+    php81-bcmath \
-    php8-bz2 \
+    php81-bz2 \
-    php8-ctype \
+    php81-ctype \
-    php8-curl \
+    php81-curl \
-    php8-dom \
+    php81-dom \
-    php8-exif \
+    php81-exif \
-    php8-ftp \
+    php81-ftp \
-    php8-gd \
+    php81-gd \
-    php8-gmp \
+    php81-gmp \
-    php8-iconv \
+    php81-iconv \
-    php8-imap \
+    php81-imap \
-    php8-intl \
+    php81-intl \
-    php8-ldap \
+    php81-ldap \
-    php8-mysqli \
+    php81-mysqli \
-    php8-mysqlnd \
+    php81-mysqlnd \
-    php8-opcache \
+    php81-opcache \
-    php8-pdo_mysql \
+    php81-pdo_mysql \
-    php8-pdo_odbc \
+    php81-pdo_odbc \
-    php8-pdo_pgsql \
+    php81-pdo_pgsql \
-    php8-pdo_sqlite \
+    php81-pdo_sqlite \
-    php8-pear \
+    php81-pear \
-    php8-pecl-apcu \
+    php81-pecl-apcu \
-    php8-pecl-mailparse \
+    php81-pecl-mailparse \
-    php8-pecl-mcrypt \
+    php81-pecl-memcached \
-    php8-pecl-memcached \
+    php81-pecl-redis \
-    php8-pecl-redis \
+    php81-pgsql \
-    php8-pgsql \
+    php81-phar \
-    php8-phar \
+    php81-posix \
-    php8-posix \
+    php81-soap \
-    php8-soap \
+    php81-sockets \
-    php8-sockets \
+    php81-sodium \
-    php8-sodium \
+    php81-sqlite3 \
-    php8-sqlite3 \
+    php81-tokenizer \
-    php8-tokenizer \
+    php81-xmlreader \
-    php8-xml \
+    php81-xsl \
-    php8-xmlreader \
+    php81-zip \
-    php8-xsl \
-    php8-zip \
-    py3-cryptography \
-    py3-future \
-    py3-pip \
     whois && \
-  apk add --no-cache \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    php81-pecl-mcrypt \
-    php8-pecl-xmlrpc && \
+    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT="certbot"; \
+    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  else \
-    CERTBOT="certbot==${CERTBOT_VERSION}"; \
   fi && \
-  pip3 install -U \
+  python3 -m ensurepip && \
-    pip wheel && \
+  pip3 install -U --no-cache-dir \
-  pip install -U --find-links https://wheel-index.linuxserver.io/alpine-3.15/ \
+    pip \
-    ${CERTBOT} \
+    wheel && \
+  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+    certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
     certbot-dns-cloudflare \
-    certbot-dns-cloudxns \
     certbot-dns-cpanel \
     certbot-dns-desec \
     certbot-dns-digitalocean \
@@ -133,7 +125,6 @@ RUN \
     certbot-dns-njalla \
     certbot-dns-nsone \
     certbot-dns-ovh \
-    certbot-dns-porkbun \
     certbot-dns-rfc2136 \
     certbot-dns-route53 \
     certbot-dns-sakuracloud \
@@ -142,6 +133,7 @@ RUN \
     certbot-dns-vultr \
     certbot-plugin-gandi \
     cryptography \
+    future \
     requests && \
   echo "**** enable OCSP stapling from base ****" && \
   sed -i \
@@ -177,14 +169,10 @@ RUN \
   echo "**** cleanup ****" && \
   apk del --purge \
     build-dependencies && \
-  for cleanfiles in *.pyc *.pyo; \
-    do \
-    find /usr/lib/python3.*  -iname "${cleanfiles}" -exec rm -f '{}' + \
-    ; done && \
   rm -rf \
     /tmp/* \
-    /root/.cache \
+    $HOME/.cache \
-    /root/.cargo
+    $HOME/.cargo
 
 # copy local files
 COPY root/ /

Jenkinsfile

@@ -57,7 +57,7 @@ pipeline {
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
-          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.md ./.github/ISSUE_TEMPLATE/issue.feature.md ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
+          env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/stale.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
         }
         script{
           env.LS_RELEASE_NUMBER = sh(
@@ -277,7 +277,7 @@ pipeline {
                 echo "Jenkinsfile is up to date."
               fi
               # Stage 2 - Delete old templates
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md\n.github/ISSUE_TEMPLATE/issue.bug.md\n.github/ISSUE_TEMPLATE/issue.feature.md"
               for i in ${OLD_TEMPLATES}; do
                 if [[ -f "${i}" ]]; then
                   TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"

README.md

@@ -214,7 +214,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cloudxns`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -335,6 +335,13 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **21.01.23:** - Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x.
+* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
+* **16.01.23:** - Remove nchan module because it keeps causing crashes.
+* **08.12.22:** - Revamp certbot init.
+* **03.12.22:** - Remove defunct cloudxns plugin.
+* **22.11.22:** - Pin acme to the same version as certbot.
+* **22.11.22:** - Pin certbot to 1.32.0 until plugin compatibility improves.
 * **05.11.22:** - Update acmedns plugin handling.
 * **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
 * **05.10.22:** - Use certbot file hooks instead of command line hooks

package_versions.txt

@@ -1,229 +1,204 @@
-alpine-baselayout-3.2.0-r18
+alpine-baselayout-3.4.0-r0
+alpine-baselayout-data-3.4.0-r0
 alpine-keys-2.4-r1
-apache2-utils-2.4.54-r0
+alpine-release-3.17.1-r0
-apk-tools-2.12.7-r3
+aom-libs-3.5.0-r0
-apr-1.7.0-r1
+apache2-utils-2.4.55-r0
-apr-util-1.6.1-r11
+apk-tools-2.12.10-r1
-argon2-libs-20190702-r1
+apr-1.7.0-r2
-bash-5.1.16-r0
+apr-util-1.6.1-r14
-brotli-libs-1.0.9-r5
+argon2-libs-20190702-r2
-busybox-1.34.1-r7
+bash-5.2.15-r0
-c-client-2007f-r13
+brotli-libs-1.0.9-r9
-ca-certificates-20220614-r0
+busybox-1.35.0-r29
-ca-certificates-bundle-20220614-r0
+busybox-binsh-1.35.0-r29
-coreutils-9.0-r2
+c-client-2007f-r14
-curl-7.80.0-r4
+ca-certificates-20220614-r4
-expat-2.5.0-r0
+ca-certificates-bundle-20220614-r4
-fail2ban-0.11.2-r1
+coreutils-9.1-r0
-freetype-2.11.1-r2
+curl-7.87.0-r1
-gdbm-1.22-r0
+fail2ban-1.0.2-r0
-git-2.34.5-r0
+fontconfig-2.14.1-r0
-git-perl-2.34.5-r0
+freetype-2.12.1-r0
-gmp-6.2.1-r1
+gdbm-1.23-r0
-gnupg-2.2.31-r2
+git-2.38.3-r1
-gnupg-dirmngr-2.2.31-r2
+git-perl-2.38.3-r1
-gnupg-gpgconf-2.2.31-r2
+gmp-6.2.1-r2
-gnupg-utils-2.2.31-r2
+gnupg-2.2.40-r0
-gnupg-wks-client-2.2.31-r2
+gnupg-dirmngr-2.2.40-r0
-gnutls-3.7.1-r1
+gnupg-gpgconf-2.2.40-r0
-gpg-2.2.31-r2
+gnupg-utils-2.2.40-r0
-gpg-agent-2.2.31-r2
+gnupg-wks-client-2.2.40-r0
-gpg-wks-server-2.2.31-r2
+gnutls-3.7.8-r2
-gpgsm-2.2.31-r2
+gpg-2.2.40-r0
-gpgv-2.2.31-r2
+gpg-agent-2.2.40-r0
-icu-libs-69.1-r1
+gpg-wks-server-2.2.40-r0
-ip6tables-1.8.7-r1
+gpgsm-2.2.40-r0
-iptables-1.8.7-r1
+gpgv-2.2.40-r0
-libacl-2.2.53-r0
+icu-data-en-72.1-r1
-libassuan-2.5.5-r0
+icu-libs-72.1-r1
-libattr-2.5.1-r1
+ip6tables-1.8.8-r2
-libbsd-0.11.3-r1
+iptables-1.8.8-r2
-libbz2-1.0.8-r1
+jq-1.6-r2
+libacl-2.3.1-r1
+libassuan-2.5.5-r1
+libattr-2.5.1-r2
+libavif-0.11.1-r0
+libbsd-0.11.7-r0
+libbz2-1.0.8-r4
 libc-utils-0.7.2-r3
-libcap-2.61-r0
+libcrypto3-3.0.7-r2
-libcrypto1.1-1.1.1s-r1
+libcurl-7.87.0-r1
-libcurl-7.80.0-r4
+libdav1d-1.0.0-r2
-libedit-20210910.3.1-r0
+libedit-20221030.3.1-r0
-libevent-2.1.12-r4
+libevent-2.1.12-r5
-libffi-3.4.2-r1
+libexpat-2.5.0-r0
-libgcc-10.3.1_git20211027-r0
+libffi-3.4.4-r0
-libgcrypt-1.9.4-r0
+libgcc-12.2.1_git20220924-r4
-libgd-2.3.2-r1
+libgcrypt-1.10.1-r0
-libgpg-error-1.42-r1
+libgd-2.3.3-r3
-libice-1.0.10-r0
+libgpg-error-1.46-r1
-libidn-1.38-r0
+libice-1.0.10-r1
-libintl-0.21-r0
+libidn-1.41-r0
-libjpeg-turbo-2.1.2-r0
+libintl-0.21.1-r1
-libksba-1.6.0-r0
+libjpeg-turbo-2.1.4-r0
-libldap-2.6.2-r0
+libksba-1.6.3-r0
-libmaxminddb-1.6.0-r0
+libldap-2.6.3-r6
-libmcrypt-2.5.8-r9
+libmaxminddb-libs-1.7.1-r0
-libmd-1.0.3-r0
+libmcrypt-2.5.8-r10
-libmemcached-libs-1.0.18-r4
+libmd-1.0.4-r0
-libmnl-1.0.4-r2
+libmemcached-libs-1.0.18-r5
-libnftnl-1.2.1-r0
+libmnl-1.0.5-r0
-libpng-1.6.37-r1
+libnftnl-1.2.4-r0
-libpq-14.5-r0
+libpng-1.6.38-r0
-libproc-3.3.17-r0
+libpq-15.1-r0
-libretls-3.3.4-r3
+libproc-3.3.17-r2
-libsasl-2.1.28-r0
+libsasl-2.1.28-r3
-libseccomp-2.5.2-r0
+libseccomp-2.5.4-r0
-libsm-1.2.3-r0
+libsm-1.2.3-r1
-libsodium-1.0.18-r0
+libsodium-1.0.18-r2
-libssl1.1-1.1.1s-r1
+libssl3-3.0.7-r2
-libstdc++-10.3.1_git20211027-r0
+libstdc++-12.2.1_git20220924-r4
-libtasn1-4.18.0-r0
+libtasn1-4.19.0-r0
-libunistring-0.9.10-r1
+libunistring-1.1-r0
-libuuid-2.37.4-r0
+libuuid-2.38.1-r1
-libwebp-1.2.2-r0
+libwebp-1.2.4-r1
-libx11-1.7.3.1-r0
+libx11-1.8.3-r1
-libxau-1.0.9-r0
+libxau-1.0.10-r0
-libxcb-1.14-r2
+libxcb-1.15-r0
-libxdmcp-1.1.3-r0
+libxdmcp-1.1.4-r0
-libxext-1.3.4-r0
+libxext-1.3.5-r0
-libxml2-2.9.14-r2
+libxml2-2.10.3-r1
-libxpm-3.5.13-r0
+libxpm-3.5.15-r0
-libxslt-1.1.35-r0
+libxslt-1.1.37-r0
 libxt-1.2.1-r0
-libzip-1.8.0-r1
+libzip-1.9.2-r2
-linux-pam-1.5.2-r0
+linux-pam-1.5.2-r1
-logrotate-3.18.1-r4
+logrotate-3.20.1-r3
-lz4-libs-1.9.3-r1
+lz4-libs-1.9.4-r1
-memcached-1.6.12-r0
+memcached-1.6.17-r0
 mpdecimal-2.5.1-r1
-musl-1.2.2-r7
+musl-1.2.3-r4
-musl-utils-1.2.2-r7
+musl-utils-1.2.3-r4
-nano-5.9-r0
+nano-7.0-r0
-ncurses-libs-6.3_p20211120-r1
+ncurses-libs-6.3_p20221119-r0
-ncurses-terminfo-base-6.3_p20211120-r1
+ncurses-terminfo-base-6.3_p20221119-r0
-nettle-3.7.3-r0
+nettle-3.8.1-r0
-nghttp2-libs-1.46.0-r0
+nghttp2-libs-1.51.0-r0
-nginx-1.20.2-r1
+nginx-1.22.1-r0
-nginx-mod-devel-kit-1.20.2-r1
+nginx-mod-devel-kit-1.22.1-r0
-nginx-mod-http-brotli-1.20.2-r1
+nginx-mod-http-brotli-1.22.1-r0
-nginx-mod-http-dav-ext-1.20.2-r1
+nginx-mod-http-dav-ext-1.22.1-r0
-nginx-mod-http-echo-1.20.2-r1
+nginx-mod-http-echo-1.22.1-r0
-nginx-mod-http-fancyindex-1.20.2-r1
+nginx-mod-http-fancyindex-1.22.1-r0
-nginx-mod-http-geoip2-1.20.2-r1
+nginx-mod-http-geoip2-1.22.1-r0
-nginx-mod-http-headers-more-1.20.2-r1
+nginx-mod-http-headers-more-1.22.1-r0
-nginx-mod-http-image-filter-1.20.2-r1
+nginx-mod-http-image-filter-1.22.1-r0
-nginx-mod-http-nchan-1.20.2-r1
+nginx-mod-http-perl-1.22.1-r0
-nginx-mod-http-perl-1.20.2-r1
+nginx-mod-http-redis2-1.22.1-r0
-nginx-mod-http-redis2-1.20.2-r1
+nginx-mod-http-set-misc-1.22.1-r0
-nginx-mod-http-set-misc-1.20.2-r1
+nginx-mod-http-upload-progress-1.22.1-r0
-nginx-mod-http-upload-progress-1.20.2-r1
+nginx-mod-http-xslt-filter-1.22.1-r0
-nginx-mod-http-xslt-filter-1.20.2-r1
+nginx-mod-mail-1.22.1-r0
-nginx-mod-mail-1.20.2-r1
+nginx-mod-rtmp-1.22.1-r0
-nginx-mod-rtmp-1.20.2-r1
+nginx-mod-stream-1.22.1-r0
-nginx-mod-stream-1.20.2-r1
+nginx-mod-stream-geoip2-1.22.1-r0
-nginx-mod-stream-geoip2-1.20.2-r1
+nginx-vim-1.22.1-r0
-nginx-vim-1.20.2-r1
+npth-1.6-r2
-npth-1.6-r1
+oniguruma-6.9.8-r0
-oniguruma-6.9.7.1-r0
+openssl-3.0.7-r2
-openssl-1.1.1s-r1
+p11-kit-0.24.1-r1
-p11-kit-0.24.0-r1
+pcre-8.45-r2
-pcre-8.45-r1
+pcre2-10.42-r0
-pcre2-10.40-r0
+perl-5.36.0-r0
-perl-5.34.0-r1
 perl-error-0.17029-r1
-perl-git-2.34.5-r0
+perl-git-2.38.3-r1
-php8-8.0.25-r0
+php81-8.1.14-r0
-php8-bcmath-8.0.25-r0
+php81-bcmath-8.1.14-r0
-php8-bz2-8.0.25-r0
+php81-bz2-8.1.14-r0
-php8-common-8.0.25-r0
+php81-common-8.1.14-r0
-php8-ctype-8.0.25-r0
+php81-ctype-8.1.14-r0
-php8-curl-8.0.25-r0
+php81-curl-8.1.14-r0
-php8-dom-8.0.25-r0
+php81-dom-8.1.14-r0
-php8-exif-8.0.25-r0
+php81-exif-8.1.14-r0
-php8-fileinfo-8.0.25-r0
+php81-fileinfo-8.1.14-r0
-php8-fpm-8.0.25-r0
+php81-fpm-8.1.14-r0
-php8-ftp-8.0.25-r0
+php81-ftp-8.1.14-r0
-php8-gd-8.0.25-r0
+php81-gd-8.1.14-r0
-php8-gmp-8.0.25-r0
+php81-gmp-8.1.14-r0
-php8-iconv-8.0.25-r0
+php81-iconv-8.1.14-r0
-php8-imap-8.0.25-r0
+php81-imap-8.1.14-r0
-php8-intl-8.0.25-r0
+php81-intl-8.1.14-r0
-php8-ldap-8.0.25-r0
+php81-ldap-8.1.14-r0
-php8-mbstring-8.0.25-r0
+php81-mbstring-8.1.14-r0
-php8-mysqli-8.0.25-r0
+php81-mysqli-8.1.14-r0
-php8-mysqlnd-8.0.25-r0
+php81-mysqlnd-8.1.14-r0
-php8-opcache-8.0.25-r0
+php81-opcache-8.1.14-r0
-php8-openssl-8.0.25-r0
+php81-openssl-8.1.14-r0
-php8-pdo-8.0.25-r0
+php81-pdo-8.1.14-r0
-php8-pdo_mysql-8.0.25-r0
+php81-pdo_mysql-8.1.14-r0
-php8-pdo_odbc-8.0.25-r0
+php81-pdo_odbc-8.1.14-r0
-php8-pdo_pgsql-8.0.25-r0
+php81-pdo_pgsql-8.1.14-r0
-php8-pdo_sqlite-8.0.25-r0
+php81-pdo_sqlite-8.1.14-r0
-php8-pear-8.0.25-r0
+php81-pear-8.1.14-r0
-php8-pecl-apcu-5.1.21-r0
+php81-pecl-apcu-5.1.22-r0
-php8-pecl-igbinary-3.2.6-r0
+php81-pecl-igbinary-3.2.12-r0
-php8-pecl-mailparse-3.1.3-r0
+php81-pecl-mailparse-3.1.4-r0
-php8-pecl-mcrypt-1.0.4-r0
+php81-pecl-mcrypt-1.0.4-r0
-php8-pecl-memcached-3.1.5-r1
+php81-pecl-memcached-3.2.0-r0
-php8-pecl-redis-5.3.6-r0
+php81-pecl-redis-5.3.7-r0
-php8-pecl-xmlrpc-1.0.0_rc3-r0
+php81-pecl-xmlrpc-1.0.0_rc3-r0
-php8-pgsql-8.0.25-r0
+php81-pgsql-8.1.14-r0
-php8-phar-8.0.25-r0
+php81-phar-8.1.14-r0
-php8-posix-8.0.25-r0
+php81-posix-8.1.14-r0
-php8-session-8.0.25-r0
+php81-session-8.1.14-r0
-php8-simplexml-8.0.25-r0
+php81-simplexml-8.1.14-r0
-php8-soap-8.0.25-r0
+php81-soap-8.1.14-r0
-php8-sockets-8.0.25-r0
+php81-sockets-8.1.14-r0
-php8-sodium-8.0.25-r0
+php81-sodium-8.1.14-r0
-php8-sqlite3-8.0.25-r0
+php81-sqlite3-8.1.14-r0
-php8-tokenizer-8.0.25-r0
+php81-tokenizer-8.1.14-r0
-php8-xml-8.0.25-r0
+php81-xml-8.1.14-r0
-php8-xmlreader-8.0.25-r0
+php81-xmlreader-8.1.14-r0
-php8-xmlwriter-8.0.25-r0
+php81-xmlwriter-8.1.14-r0
-php8-xsl-8.0.25-r0
+php81-xsl-8.1.14-r0
-php8-zip-8.0.25-r0
+php81-zip-8.1.14-r0
-pinentry-1.2.0-r0
+pinentry-1.2.1-r0
-popt-1.18-r0
+popt-1.19-r0
-procps-3.3.17-r0
+procps-3.3.17-r2
-py3-appdirs-1.4.4-r2
+python3-3.10.9-r1
-py3-asn1crypto-1.4.0-r1
+readline-8.2.0-r0
-py3-cachecontrol-0.12.10-r0
+scanelf-1.3.5-r1
-py3-certifi-2020.12.5-r1
+shadow-4.13-r0
-py3-cffi-1.14.5-r4
+skalibs-2.12.0.1-r0
-py3-charset-normalizer-2.0.7-r0
+sqlite-libs-3.40.1-r0
-py3-colorama-0.4.4-r1
+ssl_client-1.35.0-r29
-py3-contextlib2-21.6.0-r1
+tiff-4.4.0-r1
-py3-cparser-2.20-r1
-py3-cryptography-3.3.2-r3
-py3-distlib-0.3.3-r0
-py3-distro-1.6.0-r0
-py3-future-0.18.2-r3
-py3-html5lib-1.1-r1
-py3-idna-3.3-r0
-py3-lockfile-0.12.2-r4
-py3-msgpack-1.0.2-r1
-py3-ordered-set-4.0.2-r2
-py3-packaging-20.9-r1
-py3-parsing-2.4.7-r2
-py3-pep517-0.12.0-r0
-py3-pip-20.3.4-r1
-py3-progress-1.6-r0
-py3-requests-2.26.0-r1
-py3-retrying-1.3.3-r2
-py3-setuptools-52.0.0-r4
-py3-six-1.16.0-r0
-py3-toml-0.10.2-r2
-py3-tomli-1.2.2-r0
-py3-urllib3-1.26.7-r0
-py3-webencodings-0.5.1-r4
-python3-3.9.15-r0
-readline-8.1.1-r0
-s6-ipcserver-2.11.0.0-r0
-scanelf-1.3.3-r0
-shadow-4.8.1-r1
-skalibs-2.11.0.0-r0
-sqlite-libs-3.36.0-r0
-ssl_client-1.34.1-r7
 tzdata-2022f-r1
-unixodbc-2.3.9-r1
+unixodbc-2.3.11-r0
-utmps-0.1.0.3-r0
+utmps-libs-0.1.2.0-r1
-whois-5.5.10-r0
+whois-5.5.14-r0
-xz-5.2.5-r1
+xz-5.2.9-r0
-xz-libs-5.2.5-r1
+xz-libs-5.2.9-r0
-zlib-1.2.12-r3
+zlib-1.2.13-r0
-zstd-libs-1.5.0-r0
+zstd-libs-1.5.2-r9

readme-vars.yml

@@ -51,7 +51,7 @@ opt_param_usage_include_env: true
 opt_param_env_vars:
   - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
   - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cloudxns`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
   - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
   - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@@ -152,11 +152,15 @@ app_setup_block: |
 
   Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
 
-app_setup_nginx_reverse_proxy_snippet: false
-app_setup_nginx_reverse_proxy_block: ""
-
 # changelog
 changelogs:
+  - { date: "21.01.23:", desc: "Unpin certbot version (allow certbot 2.x). !!BREAKING CHANGE!! We are temporarily removing the certbot porkbun plugin until a new version is released that is compatible with certbot 2.x." }
+  - { date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1." }
+  - { date: "16.01.23:", desc: "Remove nchan module because it keeps causing crashes." }
+  - { date: "08.12.22:", desc: "Revamp certbot init."}
+  - { date: "03.12.22:", desc: "Remove defunct cloudxns plugin."}
+  - { date: "22.11.22:", desc: "Pin acme to the same version as certbot."}
+  - { date: "22.11.22:", desc: "Pin certbot to 1.32.0 until plugin compatibility improves."}
   - { date: "05.11.22:", desc: "Update acmedns plugin handling."}
   - { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
   - { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }

root/app/le-renew.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 echo "<------------------------------------------------->"
 echo

root/defaults/dns-conf/cloudxns.ini

@@ -1,4 +0,0 @@
-# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py#L20
-# Replace with your values
-dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
-dns_cloudxns_secret_key = 1122334455667788

root/defaults/dns-conf/cpanel.ini

@@ -1,6 +1,15 @@
 # Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
-# Replace with your values
+# The url cPanel url
 # include the scheme and the port number (usually 2083 for https)
-dns_cpanel_url = https://cpanel.example.com:2083
+cpanel_url = https://cpanel.exemple.com:2083
-dns_cpanel_username = username
+
-dns_cpanel_password = 1234567890abcdef
+# The cPanel username
+cpanel_username = user
+
+# The cPanel password 
+cpanel_password = hunter2
+
+# The cPanel API Token
+cpanel_token = EUTQ793EY7MIRX4EMXXXXXXXXXXOX4JF
+
+# You only need to configure API Token or Password. If you supply both, the API Token will be used

root/defaults/dns-conf/directadmin.ini

@@ -12,10 +12,10 @@
 
 # The DirectAdmin Server url
 # include the scheme and the port number (Normally 2222)
-directadmin_url = https://my.directadminserver.com:2222
+dns_directadmin_url = https://my.directadminserver.com:2222
 
 # The DirectAdmin username
-directadmin_username = username
+dns_directadmin_username = username
 
 # The DirectAdmin password
-directadmin_password = aSuperStrongPassword
+dns_directadmin_password = aSuperStrongPassword

root/defaults/etc/letsencrypt/renewal-hooks/deploy/10-default

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 cd /config/keys/letsencrypt || exit 1
 openssl pkcs12 -export -out privkey.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:

root/defaults/etc/letsencrypt/renewal-hooks/post/10-nginx

@@ -1,13 +1,15 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
+# shellcheck source=/dev/null
 . /config/.donoteditthisfile.conf
 
-if [ ! "$ORIGVALIDATION" = "dns" ] && [ ! "$ORIGVALIDATION" = "duckdns" ]; then
+if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
-	if ps aux | grep 's6-supervise nginx' | grep -v grep >/dev/null; then
+    if pgrep -f "s6-supervise nginx" >/dev/null; then
-		s6-svc -u /run/service/nginx
+        s6-svc -u /run/service/svc-nginx
-	fi
+    fi
 else
-	if ps aux | grep [n]ginx: >/dev/null; then
+    if pgrep -f "nginx:" >/dev/null; then
-		s6-svc -h /run/service/nginx
+        s6-svc -h /run/service/svc-nginx
-	fi
+    fi
 fi

root/defaults/etc/letsencrypt/renewal-hooks/pre/10-nginx

@@ -1,9 +1,11 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
+# shellcheck source=/dev/null
 . /config/.donoteditthisfile.conf
 
-if [ ! "$ORIGVALIDATION" = "dns" ] && [ ! "$ORIGVALIDATION" = "duckdns" ]; then
+if [[ ! "${ORIGVALIDATION}" = "dns" ]] && [[ ! "${ORIGVALIDATION}" = "duckdns" ]]; then
-	if ps aux | grep [n]ginx: >/dev/null; then
+    if pgrep -f "nginx:" >/dev/null; then
-		s6-svc -d /run/service/nginx
+        s6-svc -d /run/service/svc-nginx
-	fi
+    fi
 fi

root/etc/cont-init.d/43-crontabs

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# copy crontabs if needed
-if [[ ! -f /config/crontabs/root ]]; then
-    cp /etc/crontabs/root /config/crontabs/
-fi
-
-# import user crontabs
-rm /etc/crontabs/*
-cp /config/crontabs/* /etc/crontabs/

root/etc/cont-init.d/50-certbot

@@ -1,278 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Display variables for troubleshooting
-echo -e "Variables set:\\n\
-PUID=${PUID}\\n\
-PGID=${PGID}\\n\
-TZ=${TZ}\\n\
-URL=${URL}\\n\
-SUBDOMAINS=${SUBDOMAINS}\\n\
-EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
-ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
-VALIDATION=${VALIDATION}\\n\
-CERTPROVIDER=${CERTPROVIDER}\\n\
-DNSPLUGIN=${DNSPLUGIN}\\n\
-EMAIL=${EMAIL}\\n\
-STAGING=${STAGING}\\n"
-
-# Sanitize variables
-SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER)
-for i in "${SANED_VARS[@]}"; do
-    export echo "$i"="${!i//\"/}"
-    export echo "$i"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
-done
-
-# check to make sure DNSPLUGIN is selected if dns validation is used
-if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
-    echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
-    sleep infinity
-fi
-
-# copy dns default configs
-cp -n /defaults/dns-conf/* /config/dns-conf/
-chown -R abc:abc /config/dns-conf
-
-# update plugin names in dns conf inis
-sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
-sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
-sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
-sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
-sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
-sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
-
-# copy default renewal hooks
-chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
-cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
-chown -R abc:abc /config/etc/letsencrypt/renewal-hooks
-
-# create original config file if it doesn't exist, move non-hidden legacy file to hidden
-if [ -f "/config/donoteditthisfile.conf" ]; then
-    mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
-fi
-if [ ! -f "/config/.donoteditthisfile.conf" ]; then
-    echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
-    echo "Created .donoteditthisfile.conf"
-fi
-
-# load original config settings
-# shellcheck disable=SC1091
-. /config/.donoteditthisfile.conf
-
-# set default validation to http
-if [ -z "$VALIDATION" ]; then
-    VALIDATION="http"
-    echo "VALIDATION parameter not set; setting it to http"
-fi
-
-# set duckdns validation to dns
-if [ "$VALIDATION" = "duckdns" ]; then
-    VALIDATION="dns"
-    DNSPLUGIN="duckdns"
-    if [ -n "$DUCKDNSTOKEN" ] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini;then
-        sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
-    fi
-fi
-if [ "$VALIDATION" = "dns" ] && [ "$DNSPLUGIN" = "duckdns" ]; then
-    if [ "$SUBDOMAINS" = "wildcard" ]; then
-        echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
-        export ONLY_SUBDOMAINS=true
-    else
-        echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
-        export SUBDOMAINS=""
-    fi
-    export EXTRA_DOMAINS=""
-fi
-
-# if zerossl is selected or staging is set to true, use the relevant server
-if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then
-    echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
-fi
-if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
-    echo "ZeroSSL is selected as the cert provider, registering cert with $EMAIL"
-    ACMESERVER="https://acme.zerossl.com/v2/DV90"
-elif [ "$CERTPROVIDER" = "zerossl" ] && [ -z "$EMAIL" ]; then
-    echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable"
-    sleep infinity
-elif [ "$STAGING" = "true" ]; then
-    echo "NOTICE: Staging is active"
-    echo "Using Let's Encrypt as the cert provider"
-    ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
-else
-    echo "Using Let's Encrypt as the cert provider"
-    ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
-fi
-
-# figuring out url only vs url & subdomains vs subdomains only
-if [ -n "$SUBDOMAINS" ]; then
-    echo "SUBDOMAINS entered, processing"
-    if [ "$SUBDOMAINS" = "wildcard" ]; then
-        if [ "$ONLY_SUBDOMAINS" = true ]; then
-            export URL_REAL="-d *.${URL}"
-            echo "Wildcard cert for only the subdomains of $URL will be requested"
-        else
-            export URL_REAL="-d *.${URL} -d ${URL}"
-            echo "Wildcard cert for $URL will be requested"
-        fi
-    else
-        echo "SUBDOMAINS entered, processing"
-        for job in $(echo "$SUBDOMAINS" | tr "," " "); do
-            export SUBDOMAINS_REAL="$SUBDOMAINS_REAL -d ${job}.${URL}"
-        done
-        if [ "$ONLY_SUBDOMAINS" = true ]; then
-            URL_REAL="$SUBDOMAINS_REAL"
-            echo "Only subdomains, no URL in cert"
-        else
-            URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
-        fi
-        echo "Sub-domains processed are: $SUBDOMAINS_REAL"
-    fi
-else
-    echo "No subdomains defined"
-    URL_REAL="-d $URL"
-fi
-
-# add extra domains
-if [ -n "$EXTRA_DOMAINS" ]; then
-    echo "EXTRA_DOMAINS entered, processing"
-    for job in $(echo "$EXTRA_DOMAINS" | tr "," " "); do
-        export EXTRA_DOMAINS_REAL="$EXTRA_DOMAINS_REAL -d ${job}"
-    done
-    echo "Extra domains processed are: $EXTRA_DOMAINS_REAL"
-    URL_REAL="$URL_REAL $EXTRA_DOMAINS_REAL"
-fi
-
-# figuring out whether to use e-mail and which
-if [[ $EMAIL == *@* ]]; then
-    echo "E-mail address entered: ${EMAIL}"
-    EMAILPARAM="-m ${EMAIL} --no-eff-email"
-else
-    echo "No e-mail address entered or address invalid"
-    EMAILPARAM="--register-unsafely-without-email"
-fi
-
-# setting the validation method to use
-if [ "$VALIDATION" = "dns" ]; then
-    if [ "$DNSPLUGIN" = "route53" ]; then
-        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
-    elif [[ "$DNSPLUGIN" =~ ^(azure|gandi)$ ]]; then
-        if [ -n "$PROPAGATION" ]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
-    elif [[ "$DNSPLUGIN" =~ ^(duckdns)$ ]]; then
-        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --dns-duckdns-no-txt-restore ${PROPAGATIONPARAM}"
-    elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
-        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
-    elif [[ "$DNSPLUGIN" =~ ^(acmedns|aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
-        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
-    elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
-        if [ -n "$PROPAGATION" ]; then echo "standalone dns plugin does not support setting propagation time"; fi
-        PREFCHAL="-a dns-${DNSPLUGIN}"
-    elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then
-        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
-    else
-        if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
-        PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
-    fi
-    echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
-elif [ "$VALIDATION" = "tls-sni" ]; then
-    PREFCHAL="--standalone --preferred-challenges http"
-    echo "*****tls-sni validation has been deprecated, attempting http validation instead"
-else
-    PREFCHAL="--standalone --preferred-challenges http"
-    echo "http validation is selected"
-fi
-
-# setting the symlink for key location
-rm -rf /config/keys/letsencrypt
-if [ "$ONLY_SUBDOMAINS" = "true" ] && [ ! "$SUBDOMAINS" = "wildcard" ]; then
-    DOMAIN="$(echo "$SUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${URL}"
-    ln -s ../etc/letsencrypt/live/"$DOMAIN" /config/keys/letsencrypt
-else
-    ln -s ../etc/letsencrypt/live/"$URL" /config/keys/letsencrypt
-fi
-rm -rf /config/keys/cert.crt
-ln -s ./letsencrypt/fullchain.pem /config/keys/cert.crt
-rm -rf /config/keys/cert.key
-ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
-
-# checking for changes in cert variables, revoking certs if necessary
-if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
-    echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
-    if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then
-        ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
-    else
-        ORIGDOMAIN="$ORIGURL"
-    fi
-    if [ "$ORIGCERTPROVIDER" = "zerossl" ] && [ -n "$ORIGEMAIL" ]; then
-        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$ORIGEMAIL")
-        REV_ZEROSSL_EAB_KID=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
-        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "$REV_EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
-        if [ -z "$REV_ZEROSSL_EAB_KID" ] || [ -z "$REV_ZEROSSL_EAB_HMAC_KEY" ]; then
-            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
-            sleep infinity
-        fi
-        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
-    elif [ "$ORIGSTAGING" = "true" ]; then
-        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
-    else
-        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
-    fi
-    if [[ -f /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
-    fi
-    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
-fi
-
-# saving new variables
-echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
-
-# alter extension for error message
-if [ "$DNSPLUGIN" = "google" ]; then
-    FILENAME="$DNSPLUGIN.json"
-else
-    FILENAME="$DNSPLUGIN.ini"
-fi
-
-# Check if the cert is using the old LE root cert, revoke and regen if necessary
-if [ -f "/config/keys/letsencrypt/chain.pem" ] && { [ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]; } && [ "${STAGING}" != "true" ] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
-    echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
-    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
-    if [[ -f /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
-    fi
-    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
-fi
-
-# generating certs if necessary
-if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
-    if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
-        echo "Retrieving EAB from ZeroSSL"
-        EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL")
-        ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
-        ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
-        if [ -z "$ZEROSSL_EAB_KID" ] || [ -z "$ZEROSSL_EAB_HMAC_KEY" ]; then
-            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
-            sleep infinity
-        fi
-        ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
-    fi
-    echo "Generating new certificate"
-    # shellcheck disable=SC2086
-    certbot certonly --non-interactive --renew-by-default --server $ACMESERVER $ZEROSSL_EAB $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URL_REAL
-    if [ ! -d /config/keys/letsencrypt ]; then
-        if [ "$VALIDATION" = "dns" ]; then
-            echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
-        else
-            echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
-        fi
-        sleep infinity
-    fi
-    run-parts /config/etc/letsencrypt/renewal-hooks/deploy/
-    echo "New certificate generated; starting nginx"
-else
-    echo "Certificate exists; parameters unchanged; starting nginx"
-fi

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -0,0 +1,333 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# Display variables for troubleshooting
+echo -e "Variables set:\\n\
+PUID=${PUID}\\n\
+PGID=${PGID}\\n\
+TZ=${TZ}\\n\
+URL=${URL}\\n\
+SUBDOMAINS=${SUBDOMAINS}\\n\
+EXTRA_DOMAINS=${EXTRA_DOMAINS}\\n\
+ONLY_SUBDOMAINS=${ONLY_SUBDOMAINS}\\n\
+VALIDATION=${VALIDATION}\\n\
+CERTPROVIDER=${CERTPROVIDER}\\n\
+DNSPLUGIN=${DNSPLUGIN}\\n\
+EMAIL=${EMAIL}\\n\
+STAGING=${STAGING}\\n"
+
+# Sanitize variables
+SANED_VARS=(DNSPLUGIN EMAIL EXTRA_DOMAINS ONLY_SUBDOMAINS STAGING SUBDOMAINS URL VALIDATION CERTPROVIDER)
+for i in "${SANED_VARS[@]}"; do
+    export echo "${i}"="${!i//\"/}"
+    export echo "${i}"="$(echo "${!i}" | tr '[:upper:]' '[:lower:]')"
+done
+
+# check to make sure DNSPLUGIN is selected if dns validation is used
+if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
+    echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
+    sleep infinity
+fi
+
+# copy dns default configs
+cp -n /defaults/dns-conf/* /config/dns-conf/
+lsiown -R abc:abc /config/dns-conf
+
+# copy default renewal hooks
+chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
+cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
+lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
+
+# replace nginx service location in renewal hooks
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/run/service/nginx|/run/service/svc-nginx|g' {} \;
+find /config/etc/letsencrypt/renewal-hooks/ -type f -exec sed -i 's|/var/run/s6/services/nginx|/run/service/svc-nginx|g' {} \;
+
+# create original config file if it doesn't exist, move non-hidden legacy file to hidden
+if [[ -f "/config/donoteditthisfile.conf" ]]; then
+    mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
+fi
+if [[ ! -f "/config/.donoteditthisfile.conf" ]]; then
+    echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
+    echo "Created .donoteditthisfile.conf"
+fi
+
+# load original config settings
+# shellcheck source=/dev/null
+. /config/.donoteditthisfile.conf
+
+# setting ORIGDOMAIN for use in revoke sections
+if [[ "${ORIGONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${ORIGSUBDOMAINS}" = "wildcard" ]]; then
+    ORIGDOMAIN="$(echo "${ORIGSUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
+else
+    ORIGDOMAIN="${ORIGURL}"
+fi
+
+# update plugin names in dns conf inis
+sed -i 's|^certbot[-_]dns[-_]aliyun:||g' /config/dns-conf/aliyun.ini
+sed -i 's|^certbot[-_]dns[-_]cpanel:||g' /config/dns-conf/cpanel.ini
+sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' /config/dns-conf/cpanel.ini
+sed -i 's|^directadmin[-_]|dns_directadmin_|g' /config/dns-conf/directadmin.ini
+sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' /config/dns-conf/domeneshop.ini
+sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' /config/dns-conf/gandi.ini
+sed -i 's|^certbot[-_]dns[-_]inwx:||g' /config/dns-conf/inwx.ini
+sed -i 's|^certbot[-_]dns[-_]transip:||g' /config/dns-conf/transip.ini
+
+# update plugin names in renewal conf
+if [[ -f "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" ]] && [[ "${ORIGVALIDATION}" = "dns" ]]; then
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(aliyun)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]aliyun:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(cpanel)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]cpanel:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^authenticator = dns[-_]cpanel|authenticator = cpanel|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^dns[-_]cpanel[-_]|cpanel_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(directadmin)$ ]]; then
+        sed -i 's|^authenticator = directadmin|authenticator = dns-directadmin|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^directadmin[-_]|dns_directadmin_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(domeneshop)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]domeneshop:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(gandi)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]plugin[-_]gandi:dns|authenticator = dns-gandi|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]plugin[-_]gandi:dns[-_]|dns_gandi_|g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(inwx)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]inwx:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+    if [[ "${ORIGDNSPLUGIN}" =~ ^(transip)$ ]]; then
+        sed -i 's|^authenticator = certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+        sed -i 's|^certbot[-_]dns[-_]transip:||g' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf"
+    fi
+fi
+
+# set default validation to http
+if [[ -z "${VALIDATION}" ]]; then
+    VALIDATION="http"
+    echo "VALIDATION parameter not set; setting it to http"
+fi
+
+# set duckdns validation to dns
+if [[ "${VALIDATION}" = "duckdns" ]]; then
+    VALIDATION="dns"
+    DNSPLUGIN="duckdns"
+    if [[ -n "${DUCKDNSTOKEN}" ]] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini; then
+        sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
+    fi
+fi
+if [[ "${VALIDATION}" = "dns" ]] && [[ "${DNSPLUGIN}" = "duckdns" ]]; then
+    if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
+        echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
+        export ONLY_SUBDOMAINS=true
+    else
+        echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
+        export SUBDOMAINS=""
+    fi
+    export EXTRA_DOMAINS=""
+fi
+
+# setting the symlink for key location
+rm -rf /config/keys/letsencrypt
+if [[ "${ONLY_SUBDOMAINS}" = "true" ]] && [[ ! "${SUBDOMAINS}" = "wildcard" ]]; then
+    DOMAIN="$(echo "${SUBDOMAINS}" | tr ',' ' ' | awk '{print $1}').${URL}"
+    ln -s ../etc/letsencrypt/live/"${DOMAIN}" /config/keys/letsencrypt
+else
+    ln -s ../etc/letsencrypt/live/"${URL}" /config/keys/letsencrypt
+fi
+
+# checking for changes in cert variables, revoking certs if necessary
+if [[ ! "${URL}" = "${ORIGURL}" ]] ||
+    [[ ! "${SUBDOMAINS}" = "${ORIGSUBDOMAINS}" ]] ||
+    [[ ! "${ONLY_SUBDOMAINS}" = "${ORIGONLY_SUBDOMAINS}" ]] ||
+    [[ ! "${EXTRA_DOMAINS}" = "${ORIGEXTRA_DOMAINS}" ]] ||
+    [[ ! "${VALIDATION}" = "${ORIGVALIDATION}" ]] ||
+    [[ ! "${DNSPLUGIN}" = "${ORIGDNSPLUGIN}" ]] ||
+    [[ ! "${PROPAGATION}" = "${ORIGPROPAGATION}" ]] ||
+    [[ ! "${STAGING}" = "${ORIGSTAGING}" ]] ||
+    [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
+    echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
+    if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
+        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
+        REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
+            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+            sleep infinity
+        fi
+        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
+    elif [[ "${ORIGSTAGING}" = "true" ]]; then
+        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
+    else
+        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    fi
+    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+    fi
+    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
+fi
+
+# saving new variables
+echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS=\"${ONLY_SUBDOMAINS}\" ORIGEXTRA_DOMAINS=\"${EXTRA_DOMAINS}\" ORIGVALIDATION=\"${VALIDATION}\" ORIGDNSPLUGIN=\"${DNSPLUGIN}\" ORIGPROPAGATION=\"${PROPAGATION}\" ORIGSTAGING=\"${STAGING}\" ORIGCERTPROVIDER=\"${CERTPROVIDER}\" ORIGEMAIL=\"${EMAIL}\"" >/config/.donoteditthisfile.conf
+
+# Check if the cert is using the old LE root cert, revoke and regen if necessary
+if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
+    echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
+    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+    fi
+    rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
+fi
+
+# if zerossl is selected or staging is set to true, use the relevant server
+if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ "${STAGING}" = "true" ]]; then
+    echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
+fi
+if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
+    echo "ZeroSSL is selected as the cert provider, registering cert with ${EMAIL}"
+    ACMESERVER="https://acme.zerossl.com/v2/DV90"
+elif [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -z "${EMAIL}" ]]; then
+    echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable"
+    sleep infinity
+elif [[ "${STAGING}" = "true" ]]; then
+    echo "NOTICE: Staging is active"
+    echo "Using Let's Encrypt as the cert provider"
+    ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
+else
+    echo "Using Let's Encrypt as the cert provider"
+    ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+fi
+
+# figuring out url only vs url & subdomains vs subdomains only
+if [[ -n "${SUBDOMAINS}" ]]; then
+    echo "SUBDOMAINS entered, processing"
+    if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
+        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
+            export URL_REAL="-d *.${URL}"
+            echo "Wildcard cert for only the subdomains of ${URL} will be requested"
+        else
+            export URL_REAL="-d *.${URL} -d ${URL}"
+            echo "Wildcard cert for ${URL} will be requested"
+        fi
+    else
+        echo "SUBDOMAINS entered, processing"
+        for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
+            export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
+        done
+        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
+            URL_REAL="${SUBDOMAINS_REAL}"
+            echo "Only subdomains, no URL in cert"
+        else
+            URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
+        fi
+        echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
+    fi
+else
+    echo "No subdomains defined"
+    URL_REAL="-d ${URL}"
+fi
+
+# add extra domains
+if [[ -n "${EXTRA_DOMAINS}" ]]; then
+    echo "EXTRA_DOMAINS entered, processing"
+    for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
+        export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
+    done
+    echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
+    URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
+fi
+
+# figuring out whether to use e-mail and which
+if [[ ${EMAIL} == *@* ]]; then
+    echo "E-mail address entered: ${EMAIL}"
+    EMAILPARAM="-m ${EMAIL} --no-eff-email"
+else
+    echo "No e-mail address entered or address invalid"
+    EMAILPARAM="--register-unsafely-without-email"
+fi
+
+# alter extension for error message
+if [[ "${DNSPLUGIN}" = "google" ]]; then
+    DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.json"
+else
+    DNSCREDENTIALFILE="/config/dns-conf/${DNSPLUGIN}.ini"
+fi
+
+# setting the validation method to use
+if [[ "${VALIDATION}" = "dns" ]]; then
+    AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
+    DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+    if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+
+    # plugins that don't support setting credentials file
+    if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
+        DNSCREDENTIALSPARAM=""
+    fi
+    # plugins that don't support setting propagation
+    if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|standalone)$ ]]; then
+        if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
+        PROPAGATIONPARAM=""
+    fi
+    # plugins that use old parameter naming convention
+    if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
+        AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
+        DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+    fi
+    # don't restore txt records when using DuckDNS plugin
+    if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
+        AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
+    fi
+
+    PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
+    echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
+elif [[ "${VALIDATION}" = "tls-sni" ]]; then
+    PREFCHAL="--standalone --preferred-challenges http"
+    echo "*****tls-sni validation has been deprecated, attempting http validation instead"
+else
+    PREFCHAL="--standalone --preferred-challenges http"
+    echo "http validation is selected"
+fi
+
+# generating certs if necessary
+if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
+    if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
+        echo "Retrieving EAB from ZeroSSL"
+        EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
+        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
+            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+            sleep infinity
+        fi
+        ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
+    fi
+    echo "Generating new certificate"
+    # shellcheck disable=SC2086
+    certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
+    if [[ ! -d /config/keys/letsencrypt ]]; then
+        if [[ "${VALIDATION}" = "dns" ]]; then
+            echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."
+        else
+            echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
+        fi
+        sleep infinity
+    fi
+    run-parts /config/etc/letsencrypt/renewal-hooks/deploy/
+    echo "New certificate generated; starting nginx"
+else
+    echo "Certificate exists; parameters unchanged; starting nginx"
+fi
+
+# if certbot generated key exists, remove self-signed cert and replace it with symlink to live cert
+if [[ -d /config/keys/letsencrypt ]]; then
+    rm -rf /config/keys/cert.crt
+    ln -s ./letsencrypt/fullchain.pem /config/keys/cert.crt
+    rm -rf /config/keys/cert.key
+    ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
+fi

root/etc/s6-overlay/s6-rc.d/init-certbot-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-certbot-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-certbot-config/run

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

@@ -0,0 +1,17 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# if root crontabs do not exist in config
+# copy root crontab from system
+if [[ ! -f /config/crontabs/root ]] && crontab -l -u root; then
+    crontab -l -u root >/config/crontabs/root
+fi
+
+# if root crontabs still do not exist in config (were not copied from system)
+# copy root crontab from included defaults
+if [[ ! -f /config/crontabs/root ]]; then
+    cp /etc/crontabs/root /config/crontabs/
+fi
+
+# import user crontabs
+crontab -u root /config/crontabs/root

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # copy/update the fail2ban config defaults to/in /config
 cp -R /defaults/fail2ban/filter.d /config/fail2ban/

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run

root/etc/s6-overlay/s6-rc.d/init-folders-config/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # make our folders and links
 mkdir -p \

root/etc/s6-overlay/s6-rc.d/init-folders-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-folders-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-folders-config/run

root/etc/s6-overlay/s6-rc.d/init-nginx-config/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # copy default config files if they don't exist
 if [[ ! -f /config/nginx/proxy.conf ]]; then

root/etc/s6-overlay/s6-rc.d/init-nginx-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-nginx-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx-config/run

root/etc/s6-overlay/s6-rc.d/init-outdated-config/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 if [[ -f /config/nginx/geoip2.conf ]]; then
     echo "/config/nginx/geoip2.conf exists.

root/etc/s6-overlay/s6-rc.d/init-outdated-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-outdated-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-outdated-config/run

root/etc/s6-overlay/s6-rc.d/init-permissions-config/run

@@ -1,7 +1,8 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # permissions
-chown -R abc:abc \
+lsiown -R abc:abc \
     /config
 chmod -R 0644 /etc/logrotate.d
 chmod -R +r /config/log

root/etc/s6-overlay/s6-rc.d/init-permissions-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-permissions-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-permissions-config/run

root/etc/s6-overlay/s6-rc.d/init-renew/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # Check if the cert is expired or expires within a day, if so, renew
 if openssl x509 -in /config/keys/letsencrypt/fullchain.pem -noout -checkend 86400 >/dev/null; then

root/etc/s6-overlay/s6-rc.d/init-renew/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-renew/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-renew/run

root/etc/s6-overlay/s6-rc.d/init-require-url/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # check to make sure that the required variables are set
 if [[ -z "${URL}" ]]; then

root/etc/s6-overlay/s6-rc.d/init-require-url/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-require-url/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-require-url/run

root/etc/s6-overlay/s6-rc.d/init-samples-config/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # samples are removed on init by the nginx base
 

root/etc/s6-overlay/s6-rc.d/init-samples-config/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-samples-config/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-samples-config/run

root/etc/s6-overlay/s6-rc.d/init-test-run/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 # Echo init finish for test runs
 if [[ -n "${TEST_RUN}" ]]; then

root/etc/s6-overlay/s6-rc.d/init-test-run/type

@@ -0,0 +1 @@
+oneshot

root/etc/s6-overlay/s6-rc.d/init-test-run/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-test-run/run

root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run

@@ -1,4 +1,5 @@
 #!/usr/bin/with-contenv bash
+# shellcheck shell=bash
 
 exec \
     fail2ban-client -x -f start

root/etc/s6-overlay/s6-rc.d/svc-fail2ban/type

@@ -0,0 +1 @@
+longrun