Bot Updating Package Versions

Deprecate certbot-dns-dynu

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -53,7 +53,6 @@ body:
       options:
         - x86-64
         - arm64
-        - armhf
     validations:
       required: true
   - type: textarea

.github/workflows/call_issue_pr_tracker.yml

@@ -2,9 +2,11 @@ name: Issue & PR Tracker
 
 on:
   issues:
-    types: [opened,reopened,labeled,unlabeled]
+    types: [opened,reopened,labeled,unlabeled,closed]
   pull_request_target:
-    types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
+    types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
+  pull_request_review:
+    types: [submitted,edited,dismissed]
 
 jobs:
   manage-project:

.github/workflows/external_trigger.yml

@@ -14,9 +14,11 @@ jobs:
         run: |
           if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
             echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
+            echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
           echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
+          echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
           echo "**** Retrieving external version ****"
           EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
@@ -30,6 +32,7 @@ jobs:
           fi
           EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
           echo "**** External version: ${EXT_RELEASE} ****"
+          echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
           echo "**** Retrieving last pushed version ****"
           image="linuxserver/swag"
           tag="latest"
@@ -65,14 +68,18 @@ jobs:
             exit 1
           fi
           echo "**** Last pushed version: ${IMAGE_VERSION} ****"
+          echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
           if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
             echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
+            echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
             exit 0
           elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
             echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
+            echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
             exit 0
           else
             echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
+            echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
             response=$(curl -iX POST \
               https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
               --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@@ -82,6 +89,7 @@ jobs:
             buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
             buildurl="${buildurl%$'\r'}"
             echo "**** Jenkins job build url: ${buildurl} ****"
+            echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
             echo "**** Attempting to change the Jenkins job description ****"
             curl -iX POST \
               "${buildurl}submitDescription" \

.github/workflows/external_trigger_scheduler.yml

@@ -2,7 +2,7 @@ name: External Trigger Scheduler
 
 on:
   schedule:
-    - cron:  '50 * * * *'
+    - cron:  '2 * * * *'
   workflow_dispatch:
 
 jobs:
@@ -17,18 +17,18 @@ jobs:
         run: |
           echo "**** Branches found: ****"
           git for-each-ref --format='%(refname:short)' refs/remotes
-          echo "**** Pulling the yq docker image ****"
-          docker pull ghcr.io/linuxserver/yq
           for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
           do
             br=$(echo "$br" | sed 's|origin/||g')
             echo "**** Evaluating branch ${br} ****"
-            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
-              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
-            if [ "$br" == "$ls_branch" ]; then
-              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+            ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
+            ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
+            ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
+            if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
+              echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
                 echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
+                echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
                 curl -iX POST \
                   -H "Authorization: token ${{ secrets.CR_PAT }}" \
                   -H "Accept: application/vnd.github.v3+json" \
@@ -36,8 +36,10 @@ jobs:
                   https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
               else
                 echo "**** Workflow doesn't exist; skipping trigger. ****"
+                echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
               fi
             else
-              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
+              echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
+              echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
             fi
           done

.github/workflows/package_trigger.yml

@@ -14,13 +14,16 @@ jobs:
         run: |
           if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
             echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
+            echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
           if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
             echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
+            echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
             exit 0
           fi
           echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
+          echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
           response=$(curl -iX POST \
             https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
             --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@@ -30,6 +33,7 @@ jobs:
           buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
           buildurl="${buildurl%$'\r'}"
           echo "**** Jenkins job build url: ${buildurl} ****"
+          echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
           echo "**** Attempting to change the Jenkins job description ****"
           curl -iX POST \
             "${buildurl}submitDescription" \

.github/workflows/package_trigger_scheduler.yml

@@ -17,18 +17,16 @@ jobs:
         run: |
           echo "**** Branches found: ****"
           git for-each-ref --format='%(refname:short)' refs/remotes
-          echo "**** Pulling the yq docker image ****"
-          docker pull ghcr.io/linuxserver/yq
           for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
           do
             br=$(echo "$br" | sed 's|origin/||g')
             echo "**** Evaluating branch ${br} ****"
-            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
-              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
+            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch')
             if [ "${br}" == "${ls_branch}" ]; then
               echo "**** Branch ${br} appears to be live; checking workflow. ****"
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
                 echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
+                echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
                 triggered_branches="${triggered_branches}${br} "
                 curl -iX POST \
                   -H "Authorization: token ${{ secrets.CR_PAT }}" \
@@ -38,9 +36,11 @@ jobs:
                 sleep 30
               else
                 echo "**** Workflow doesn't exist; skipping trigger. ****"
+                echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
               fi
             else
               echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
+              echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
             fi
           done
           echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18
 
 # set version label
 ARG BUILD_DATE
@@ -24,7 +24,7 @@ RUN \
     openssl-dev \
     python3-dev && \
   echo "**** install runtime packages ****" && \
-  apk add --no-cache --upgrade \
+  apk add --no-cache \
     fail2ban \
     gnupg \
     memcached \
@@ -45,59 +45,53 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php81-bcmath \
-    php81-bz2 \
-    php81-ctype \
-    php81-curl \
-    php81-dom \
-    php81-exif \
-    php81-ftp \
-    php81-gd \
-    php81-gmp \
-    php81-iconv \
-    php81-imap \
-    php81-intl \
-    php81-ldap \
-    php81-mysqli \
-    php81-mysqlnd \
-    php81-opcache \
-    php81-pdo_mysql \
-    php81-pdo_odbc \
-    php81-pdo_pgsql \
-    php81-pdo_sqlite \
-    php81-pear \
-    php81-pecl-apcu \
-    php81-pecl-mailparse \
-    php81-pecl-memcached \
-    php81-pecl-redis \
-    php81-pgsql \
-    php81-phar \
-    php81-posix \
-    php81-soap \
-    php81-sockets \
-    php81-sodium \
-    php81-sqlite3 \
-    php81-tokenizer \
-    php81-xmlreader \
-    php81-xsl \
-    php81-zip \
+    php82-bcmath \
+    php82-bz2 \
+    php82-dom \
+    php82-exif \
+    php82-ftp \
+    php82-gd \
+    php82-gmp \
+    php82-imap \
+    php82-intl \
+    php82-ldap \
+    php82-mysqli \
+    php82-mysqlnd \
+    php82-opcache \
+    php82-pdo_mysql \
+    php82-pdo_odbc \
+    php82-pdo_pgsql \
+    php82-pdo_sqlite \
+    php82-pear \
+    php82-pecl-apcu \
+    php82-pecl-memcached \
+    php82-pecl-redis \
+    php82-pgsql \
+    php82-posix \
+    php82-soap \
+    php82-sockets \
+    php82-sodium \
+    php82-sqlite3 \
+    php82-tokenizer \
+    php82-xmlreader \
+    php82-xsl \
     whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php81-pecl-mcrypt \
-    php81-pecl-xmlrpc && \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
+    php82-pecl-mcrypt && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
     CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  python3 -m ensurepip && \
-  pip3 install -U --no-cache-dir \
+  python3 -m venv /lsiopy && \
+  pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \
     certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
+    certbot-dns-bunny \
     certbot-dns-cloudflare \
     certbot-dns-cpanel \
     certbot-dns-desec \
@@ -108,8 +102,9 @@ RUN \
     certbot-dns-dnspod \
     certbot-dns-do \
     certbot-dns-domeneshop \
+    certbot-dns-dreamhost \
     certbot-dns-duckdns \
-    certbot-dns-dynu \
+    certbot-dns-freedns \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
@@ -122,6 +117,7 @@ RUN \
     certbot-dns-linode \
     certbot-dns-loopia \
     certbot-dns-luadns \
+    certbot-dns-namecheap \
     certbot-dns-netcup \
     certbot-dns-njalla \
     certbot-dns-nsone \

Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.18
 
 # set version label
 ARG BUILD_DATE
@@ -24,7 +24,7 @@ RUN \
     openssl-dev \
     python3-dev && \
   echo "**** install runtime packages ****" && \
-  apk add --no-cache --upgrade \
+  apk add --no-cache \
     fail2ban \
     gnupg \
     memcached \
@@ -45,59 +45,53 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php81-bcmath \
-    php81-bz2 \
-    php81-ctype \
-    php81-curl \
-    php81-dom \
-    php81-exif \
-    php81-ftp \
-    php81-gd \
-    php81-gmp \
-    php81-iconv \
-    php81-imap \
-    php81-intl \
-    php81-ldap \
-    php81-mysqli \
-    php81-mysqlnd \
-    php81-opcache \
-    php81-pdo_mysql \
-    php81-pdo_odbc \
-    php81-pdo_pgsql \
-    php81-pdo_sqlite \
-    php81-pear \
-    php81-pecl-apcu \
-    php81-pecl-mailparse \
-    php81-pecl-memcached \
-    php81-pecl-redis \
-    php81-pgsql \
-    php81-phar \
-    php81-posix \
-    php81-soap \
-    php81-sockets \
-    php81-sodium \
-    php81-sqlite3 \
-    php81-tokenizer \
-    php81-xmlreader \
-    php81-xsl \
-    php81-zip \
+    php82-bcmath \
+    php82-bz2 \
+    php82-dom \
+    php82-exif \
+    php82-ftp \
+    php82-gd \
+    php82-gmp \
+    php82-imap \
+    php82-intl \
+    php82-ldap \
+    php82-mysqli \
+    php82-mysqlnd \
+    php82-opcache \
+    php82-pdo_mysql \
+    php82-pdo_odbc \
+    php82-pdo_pgsql \
+    php82-pdo_sqlite \
+    php82-pear \
+    php82-pecl-apcu \
+    php82-pecl-memcached \
+    php82-pecl-redis \
+    php82-pgsql \
+    php82-posix \
+    php82-soap \
+    php82-sockets \
+    php82-sodium \
+    php82-sqlite3 \
+    php82-tokenizer \
+    php82-xmlreader \
+    php82-xsl \
     whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php81-pecl-mcrypt \
-    php81-pecl-xmlrpc && \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
+    php82-pecl-mcrypt && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
     CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  python3 -m ensurepip && \
-  pip3 install -U --no-cache-dir \
+  python3 -m venv /lsiopy && \
+  pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \
     certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
+    certbot-dns-bunny \
     certbot-dns-cloudflare \
     certbot-dns-cpanel \
     certbot-dns-desec \
@@ -108,8 +102,9 @@ RUN \
     certbot-dns-dnspod \
     certbot-dns-do \
     certbot-dns-domeneshop \
+    certbot-dns-dreamhost \
     certbot-dns-duckdns \
-    certbot-dns-dynu \
+    certbot-dns-freedns \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
@@ -122,6 +117,7 @@ RUN \
     certbot-dns-linode \
     certbot-dns-loopia \
     certbot-dns-luadns \
+    certbot-dns-namecheap \
     certbot-dns-netcup \
     certbot-dns-njalla \
     certbot-dns-nsone \

Dockerfile.armhf

@@ -1,186 +0,0 @@
-# syntax=docker/dockerfile:1
-
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
-
-# set version label
-ARG BUILD_DATE
-ARG VERSION
-ARG CERTBOT_VERSION
-LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
-LABEL maintainer="nemchik"
-
-# environment settings
-ENV DHLEVEL=2048 ONLY_SUBDOMAINS=false AWS_CONFIG_FILE=/config/dns-conf/route53.ini
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
-
-RUN \
-  echo "**** install build packages ****" && \
-  apk add --no-cache --virtual=build-dependencies \
-    build-base \
-    cargo \
-    libffi-dev \
-    libxml2-dev \
-    libxslt-dev \
-    openssl-dev \
-    python3-dev && \
-  echo "**** install runtime packages ****" && \
-  apk add --no-cache --upgrade \
-    fail2ban \
-    gnupg \
-    memcached \
-    nginx-mod-http-brotli \
-    nginx-mod-http-dav-ext \
-    nginx-mod-http-echo \
-    nginx-mod-http-fancyindex \
-    nginx-mod-http-geoip2 \
-    nginx-mod-http-headers-more \
-    nginx-mod-http-image-filter \
-    nginx-mod-http-perl \
-    nginx-mod-http-redis2 \
-    nginx-mod-http-set-misc \
-    nginx-mod-http-upload-progress \
-    nginx-mod-http-xslt-filter \
-    nginx-mod-mail \
-    nginx-mod-rtmp \
-    nginx-mod-stream \
-    nginx-mod-stream-geoip2 \
-    nginx-vim \
-    php81-bcmath \
-    php81-bz2 \
-    php81-ctype \
-    php81-curl \
-    php81-dom \
-    php81-exif \
-    php81-ftp \
-    php81-gd \
-    php81-gmp \
-    php81-iconv \
-    php81-imap \
-    php81-intl \
-    php81-ldap \
-    php81-mysqli \
-    php81-mysqlnd \
-    php81-opcache \
-    php81-pdo_mysql \
-    php81-pdo_odbc \
-    php81-pdo_pgsql \
-    php81-pdo_sqlite \
-    php81-pear \
-    php81-pecl-apcu \
-    php81-pecl-mailparse \
-    php81-pecl-memcached \
-    php81-pecl-redis \
-    php81-pgsql \
-    php81-phar \
-    php81-posix \
-    php81-soap \
-    php81-sockets \
-    php81-sodium \
-    php81-sqlite3 \
-    php81-tokenizer \
-    php81-xmlreader \
-    php81-xsl \
-    php81-zip \
-    whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php81-pecl-mcrypt \
-    php81-pecl-xmlrpc && \
-  echo "**** install certbot plugins ****" && \
-  if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  fi && \
-  python3 -m ensurepip && \
-  pip3 install -U --no-cache-dir \
-    pip \
-    wheel && \
-  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
-    certbot==${CERTBOT_VERSION} \
-    certbot-dns-acmedns \
-    certbot-dns-aliyun \
-    certbot-dns-azure \
-    certbot-dns-cloudflare \
-    certbot-dns-cpanel \
-    certbot-dns-desec \
-    certbot-dns-digitalocean \
-    certbot-dns-directadmin \
-    certbot-dns-dnsimple \
-    certbot-dns-dnsmadeeasy \
-    certbot-dns-dnspod \
-    certbot-dns-do \
-    certbot-dns-domeneshop \
-    certbot-dns-duckdns \
-    certbot-dns-dynu \
-    certbot-dns-gehirn \
-    certbot-dns-godaddy \
-    certbot-dns-google \
-    certbot-dns-google-domains \
-    certbot-dns-he \
-    certbot-dns-hetzner \
-    certbot-dns-infomaniak \
-    certbot-dns-inwx \
-    certbot-dns-ionos \
-    certbot-dns-linode \
-    certbot-dns-loopia \
-    certbot-dns-luadns \
-    certbot-dns-netcup \
-    certbot-dns-njalla \
-    certbot-dns-nsone \
-    certbot-dns-ovh \
-    certbot-dns-porkbun \
-    certbot-dns-rfc2136 \
-    certbot-dns-route53 \
-    certbot-dns-sakuracloud \
-    certbot-dns-standalone \
-    certbot-dns-transip \
-    certbot-dns-vultr \
-    certbot-plugin-gandi \
-    cryptography \
-    future \
-    requests && \
-  echo "**** enable OCSP stapling from base ****" && \
-  sed -i \
-    's|#ssl_stapling on;|ssl_stapling on;|' \
-    /defaults/nginx/ssl.conf.sample && \
-  sed -i \
-    's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \
-    /defaults/nginx/ssl.conf.sample && \
-  sed -i \
-    's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
-    /defaults/nginx/ssl.conf.sample && \
-  echo "**** correct ip6tables legacy issue ****" && \
-  rm \
-    /sbin/ip6tables && \
-  ln -s \
-    /sbin/ip6tables-nft /sbin/ip6tables && \
-  echo "**** remove unnecessary fail2ban filters ****" && \
-  rm \
-    /etc/fail2ban/jail.d/alpine-ssh.conf && \
-  echo "**** copy fail2ban default action and filter to /defaults ****" && \
-  mkdir -p /defaults/fail2ban && \
-  mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
-  mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
-  echo "**** define allowipv6 to silence warning ****" && \
-  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
-  echo "**** copy proxy confs to /defaults ****" && \
-  mkdir -p \
-    /defaults/nginx/proxy-confs && \
-  curl -o \
-    /tmp/proxy-confs.tar.gz -L \
-    "https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \
-  tar xf \
-    /tmp/proxy-confs.tar.gz -C \
-    /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
-  echo "**** cleanup ****" && \
-  apk del --purge \
-    build-dependencies && \
-  rm -rf \
-    /tmp/* \
-    $HOME/.cache \
-    $HOME/.cargo
-
-# copy local files
-COPY root/ /
-
-# ports and volumes
-EXPOSE 80 443
-VOLUME /config

Jenkinsfile

@@ -16,7 +16,6 @@ pipeline {
     GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab')
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
-    SCARF_TOKEN=credentials('scarf_api_key')
     EXT_PIP = 'certbot'
     BUILD_VERSION_ARG = 'CERTBOT_VERSION'
     LS_USER = 'linuxserver'
@@ -40,10 +39,16 @@ pipeline {
     // Setup all the basic environment variables needed for the build
     stage("Set ENV Variables base"){
       steps{
+        sh '''#! /bin/bash
+              containers=$(docker ps -aq)
+              if [[ -n "${containers}" ]]; then
+                docker stop ${containers}
+              fi
+              docker system prune -af --volumes || : '''
         script{
           env.EXIT_STATUS = ''
           env.LS_RELEASE = sh(
-            script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
+            script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
             returnStdout: true).trim()
           env.LS_RELEASE_NOTES = sh(
             script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''',
@@ -157,7 +162,7 @@ pipeline {
           env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME
           env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME
           if (env.MULTIARCH == 'true') {
-            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
+            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           } else {
             env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           }
@@ -180,7 +185,7 @@ pipeline {
           env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME
           env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME
           if (env.MULTIARCH == 'true') {
-            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
+            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
           } else {
             env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
           }
@@ -203,12 +208,12 @@ pipeline {
           env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME
           env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME
           if (env.MULTIARCH == 'true') {
-            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
           } else {
-            env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+            env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
           }
-          env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
-          env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+          env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
+          env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
           env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/'
@@ -228,7 +233,7 @@ pipeline {
           script{
             env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml'
           }
-          sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
+          sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-jenkins-builder/master/checkrun.sh | /bin/bash'''
           sh '''#! /bin/bash
                 docker run --rm \
                   -v ${WORKSPACE}:/mnt \
@@ -274,7 +279,7 @@ pipeline {
                 echo "Jenkinsfile is up to date."
               fi
               # Stage 2 - Delete old templates
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
+              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf"
               for i in ${OLD_TEMPLATES}; do
                 if [[ -f "${i}" ]]; then
                   TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
@@ -310,24 +315,25 @@ pipeline {
                 mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows
                 mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE
                 cp --parents ${TEMPLATED_FILES} ${TEMPDIR}/repo/${LS_REPO}/ || :
+                cp --parents readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/ || :
                 cd ${TEMPDIR}/repo/${LS_REPO}/
                 if ! grep -q '.jenkins-external' .gitignore 2>/dev/null; then
                   echo ".jenkins-external" >> .gitignore
                   git add .gitignore
                 fi
-                git add ${TEMPLATED_FILES}
+                git add readme-vars.yml ${TEMPLATED_FILES}
                 git commit -m 'Bot Updating Templated Files'
                 git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
                 echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
               else
                 echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
               fi
-              mkdir -p ${TEMPDIR}/gitbook
-              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
-                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
-                cd ${TEMPDIR}/gitbook/docker-documentation/
-                git add images/docker-${CONTAINER_NAME}.md
+              mkdir -p ${TEMPDIR}/docs
+              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
+              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
+                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
+                cd ${TEMPDIR}/docs/docker-documentation
+                git add docs/images/docker-${CONTAINER_NAME}.md
                 git commit -m 'Bot Updating Documentation'
                 git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all
               fi
@@ -336,6 +342,8 @@ pipeline {
               git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
               if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
                 sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
+              elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
+                sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
               fi
               if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
                 cd ${TEMPDIR}/unraid/templates/
@@ -376,6 +384,26 @@ pipeline {
         }
       }
     }
+    // If this is a master build check the S6 service file perms
+    stage("Check S6 Service file Permissions"){
+      when {
+        branch "master"
+        environment name: 'CHANGE_ID', value: ''
+        environment name: 'EXIT_STATUS', value: ''
+      }
+      steps {
+        script{
+          sh '''#! /bin/bash
+            WRONG_PERM=$(find ./  -path "./.git" -prune -o \\( -name "run" -o -name "finish" -o -name "check" \\) -not -perm -u=x,g=x,o=x -print)
+            if [[ -n "${WRONG_PERM}" ]]; then
+              echo "The following S6 service files are missing the executable bit; canceling the faulty build: ${WRONG_PERM}"
+              exit 1
+            else
+              echo "S6 service file perms look good."
+            fi '''
+        }
+      }
+    }
     /* #######################
            GitLab Mirroring
        ####################### */
@@ -396,36 +424,6 @@ pipeline {
              "visibility":"public"}' '''
       } 
     }
-    /* #######################
-           Scarf.sh package registry
-       ####################### */
-    // Add package to Scarf.sh and set permissions
-    stage("Scarf.sh package registry"){
-      when {
-        branch "master"
-        environment name: 'EXIT_STATUS', value: ''
-      }
-      steps{
-        sh '''#! /bin/bash
-              set -e
-              PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid')
-              if [ -z "${PACKAGE_UUID}" ]; then
-                echo "Adding package to Scarf.sh"
-                curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \
-                  -H "Authorization: Bearer ${SCARF_TOKEN}" \
-                  -H "Content-Type: application/json" \
-                  -d '{"name":"linuxserver/swag",\
-                       "shortDescription":"example description",\
-                       "libraryType":"docker",\
-                       "website":"https://github.com/linuxserver/docker-swag",\
-                       "backendUrl":"https://ghcr.io/linuxserver/swag",\
-                       "publicUrl":"https://lscr.io/linuxserver/swag"}' || :
-              else
-                echo "Package already exists on Scarf.sh"
-              fi
-           '''
-      } 
-    }
     /* ###############
        Build Container
        ############### */
@@ -488,41 +486,6 @@ pipeline {
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
           }
         }
-        stage('Build ARMHF') {
-          agent {
-            label 'ARMHF'
-          }
-          steps {
-            echo "Running on node: ${NODE_NAME}"
-            echo 'Logging into Github'
-            sh '''#! /bin/bash
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-               '''
-            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
-            sh "docker buildx build \
-              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
-              --label \"org.opencontainers.image.authors=linuxserver.io\" \
-              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
-              --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \
-              --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \
-              --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \
-              --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \
-              --label \"org.opencontainers.image.vendor=linuxserver.io\" \
-              --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
-              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
-              --label \"org.opencontainers.image.title=Swag\" \
-              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
-              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
-            sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
-            retry(5) {
-              sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
-            }
-            sh '''docker rmi \
-                  ${IMAGE}:arm32v7-${META_TAG} \
-                  ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
-          }
-        }
         stage('Build ARM64') {
           agent {
             label 'ARM64'
@@ -553,9 +516,12 @@ pipeline {
             retry(5) {
               sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
             }
-            sh '''docker rmi \
-                  ${IMAGE}:arm64v8-${META_TAG} \
-                  ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
+            sh '''#! /bin/bash
+                  containers=$(docker ps -aq)
+                  if [[ -n "${containers}" ]]; then
+                    docker stop ${containers}
+                  fi
+                  docker system prune -af --volumes || : '''
           }
         }
       }
@@ -616,13 +582,6 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        sh '''#! /bin/bash
-              echo "Packages were updated. Cleaning up the image and exiting."
-              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then
-                docker rmi ${IMAGE}:amd64-${META_TAG}
-              else
-                docker rmi ${IMAGE}:${META_TAG}
-              fi'''
         script{
           env.EXIT_STATUS = 'ABORTED'
         }
@@ -640,13 +599,6 @@ pipeline {
         }
       }
       steps {
-        sh '''#! /bin/bash
-              echo "There are no package updates. Cleaning up the image and exiting."
-              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then
-                docker rmi ${IMAGE}:amd64-${META_TAG}
-              else
-                docker rmi ${IMAGE}:${META_TAG}
-              fi'''
         script{
           env.EXIT_STATUS = 'ABORTED'
         }
@@ -668,14 +620,13 @@ pipeline {
         ]) {
           script{
             env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
+            env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
           }
           sh '''#! /bin/bash
                 set -e
                 docker pull ghcr.io/linuxserver/ci:latest
                 if [ "${MULTIARCH}" == "true" ]; then
-                  docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
                   docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
-                  docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
                   docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                 fi
                 docker run --rm \
@@ -694,8 +645,6 @@ pipeline {
                 -e WEB_SCREENSHOT=\"${CI_WEB}\" \
                 -e WEB_AUTH=\"${CI_AUTH}\" \
                 -e WEB_PATH=\"${CI_WEBPATH}\" \
-                -e DO_REGION="ams3" \
-                -e DO_BUCKET="lsio-ci" \
                 -t ghcr.io/linuxserver/ci:latest \
                 python3 test_build.py'''
         }
@@ -748,17 +697,6 @@ pipeline {
                   done
                '''
           }
-          sh '''#! /bin/bash
-                for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
-                  docker rmi \
-                  ${DELETEIMAGE}:${META_TAG} \
-                  ${DELETEIMAGE}:${EXT_RELEASE_TAG} \
-                  ${DELETEIMAGE}:latest || :
-                  if [ -n "${SEMVER}" ]; then
-                    docker rmi ${DELETEIMAGE}:${SEMVER} || :
-                  fi
-                done
-             '''
         }
       }
     }
@@ -791,8 +729,6 @@ pipeline {
                   echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
                   echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
                   if [ "${CI}" == "false" ]; then
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
                     docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                   fi
@@ -800,49 +736,47 @@ pipeline {
                     docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
-                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
                     docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER}
                       docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
                     docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
                     docker push ${MANIFESTIMAGE}:amd64-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm32v7-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
                     docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER}
                       docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker manifest push --purge ${MANIFESTIMAGE}:latest || :
-                    docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest
-                    docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm
+                    docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
                     docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8
                     docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || :
-                    docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm
+                    docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8
                     docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || :
-                    docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
-                    docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm
+                    docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
                     if [ -n "${SEMVER}" ]; then
                       docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
-                      docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
-                      docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm
+                      docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                       docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
                     fi
+                    token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token')
+                    digest=$(curl -s \
+                      --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+                      --header "Authorization: Bearer ${token}" \
+                      "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest")
+                    if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then
+                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || :
+                      docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest
+                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest
+                    fi
                     docker manifest push --purge ${MANIFESTIMAGE}:latest
                     docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} 
                     docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} 
@@ -852,29 +786,6 @@ pipeline {
                   done
                '''
           }
-          sh '''#! /bin/bash
-                for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
-                  docker rmi \
-                  ${DELETEIMAGE}:amd64-${META_TAG} \
-                  ${DELETEIMAGE}:amd64-latest \
-                  ${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \
-                  ${DELETEIMAGE}:arm32v7-${META_TAG} \
-                  ${DELETEIMAGE}:arm32v7-latest \
-                  ${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \
-                  ${DELETEIMAGE}:arm64v8-${META_TAG} \
-                  ${DELETEIMAGE}:arm64v8-latest \
-                  ${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || :
-                  if [ -n "${SEMVER}" ]; then
-                    docker rmi \
-                    ${DELETEIMAGE}:amd64-${SEMVER} \
-                    ${DELETEIMAGE}:arm32v7-${SEMVER} \
-                    ${DELETEIMAGE}:arm64v8-${SEMVER} || :
-                  fi
-                done
-                docker rmi \
-                ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
-                ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :
-             '''
         }
       }
     }
@@ -908,6 +819,41 @@ pipeline {
               curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
       }
     }
+    // Add protection to the release branch
+    stage('Github-Release-Branch-Protection') {
+      when {
+        branch "master"
+        environment name: 'CHANGE_ID', value: ''
+        environment name: 'EXIT_STATUS', value: ''
+      }
+      steps {
+        echo "Setting up protection for release branch master"
+        sh '''#! /bin/bash
+          curl -H "Authorization: token ${GITHUB_TOKEN}" -X PUT https://api.github.com/repos/${LS_USER}/${LS_REPO}/branches/master/protection \
+          -d $(jq -c .  << EOF
+            {
+              "required_status_checks": null,
+              "enforce_admins": false,
+              "required_pull_request_reviews": {
+                "dismiss_stale_reviews": false,
+                "require_code_owner_reviews": false,
+                "require_last_push_approval": false,
+                "required_approving_review_count": 1
+              },
+              "restrictions": null,
+              "required_linear_history": false,
+              "allow_force_pushes": false,
+              "allow_deletions": false,
+              "block_creations": false,
+              "required_conversation_resolution": true,
+              "lock_branch": false,
+              "allow_fork_syncing": false,
+              "required_signatures": false
+            }
+EOF
+          ) '''
+      }
+    }
     // Use helper container to sync the current README on master to the dockerhub endpoint
     stage('Sync-README') {
       when {
@@ -945,12 +891,78 @@ pipeline {
     stage('Pull Request Comment') {
       when {
         not {environment name: 'CHANGE_ID', value: ''}
-        environment name: 'CI', value: 'true'
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \
-        -d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' '''
+        sh '''#! /bin/bash
+            # Function to retrieve JSON data from URL
+            get_json() {
+              local url="$1"
+              local response=$(curl -s "$url")
+              if [ $? -ne 0 ]; then
+                echo "Failed to retrieve JSON data from $url"
+                return 1
+              fi
+              local json=$(echo "$response" | jq .)
+              if [ $? -ne 0 ]; then
+                echo "Failed to parse JSON data from $url"
+                return 1
+              fi
+              echo "$json"
+            }
+
+            build_table() {
+              local data="$1"
+
+              # Get the keys in the JSON data
+              local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
+
+              # Check if keys are empty
+              if [ -z "$keys" ]; then
+                echo "JSON report data does not contain any keys or the report does not exist."
+                return 1
+              fi
+
+              # Build table header
+              local header="| Tag | Passed |\\n| --- | --- |\\n"
+
+              # Loop through the JSON data to build the table rows
+              local rows=""
+              for build in $keys; do
+                local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
+                if [ "$status" = "true" ]; then
+                  status="✅"
+                else
+                  status="❌"
+                fi
+                local row="| "$build" | "$status" |\\n"
+                rows="${rows}${row}"
+              done
+
+              local table="${header}${rows}"
+              local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
+              echo "$escaped_table"
+            }
+
+            if [[ "${CI}" = "true" ]]; then
+              # Retrieve JSON data from URL
+              data=$(get_json "$CI_JSON_URL")
+              # Create table from JSON data
+              table=$(build_table "$data")
+              echo -e "$table"
+
+              curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
+                -H "Accept: application/vnd.github.v3+json" \
+                "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
+                -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
+            else
+              curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
+                -H "Accept: application/vnd.github.v3+json" \
+                "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
+                -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
+            fi
+            '''
+
       }
     }
   }
@@ -976,6 +988,14 @@ pipeline {
       }
     }
     cleanup {
+      sh '''#! /bin/bash
+            echo "Performing docker system prune!!"
+            containers=$(docker ps -aq)
+            if [[ -n "${containers}" ]]; then
+              docker stop ${containers}
+            fi
+            docker system prune -af --volumes || :
+         '''
       cleanWs()
     }
   }

README.md

@@ -1,6 +1,5 @@
-<!-- DO NOT EDIT THIS FILE MANUALLY  -->
-<!-- Please read the https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
-
+<!-- DO NOT EDIT THIS FILE MANUALLY -->
+<!-- Please read https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
 
 [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
@@ -46,7 +45,7 @@ SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relatio
 
 ## Supported Architectures
 
-We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
 
 Simply pulling `lscr.io/linuxserver/swag:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
 
@@ -56,7 +55,7 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf | ✅ | arm32v7-\<version tag\> |
+| armhf | ❌ | |
 
 ## Application Setup
 
@@ -68,13 +67,28 @@ The architectures supported by this image are:
 * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
   * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
   * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
-  * DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
+  * DuckDNS only supports two types of DNS validated certificates (not both at the same time):
     1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
     2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
 * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
 * After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
 * Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
 
+### Certbot Plugins
+
+SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
+If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
+
+Set the following environment variables on your container:
+
+```yaml
+DOCKER_MODS=linuxserver/mods:universal-package-install
+INSTALL_PIP_PACKAGES=certbot-dns-<plugin>
+```
+
+Set the required credentials (usually found in the plugin documentation) in `/config/dns-conf/<plugin>.ini`.
+It is recommended to attempt obtaining a certificate with `STAGING=true` first to make sure the plugin is working as expected.
+
 ### Security and password protection
 
 * The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
@@ -138,7 +152,7 @@ Please follow the instructions [on this blog post](https://www.linuxserver.io/bl
 
 ## Usage
 
-Here are some example snippets to help you get started creating a container.
+To help you get started creating a container from this image you can either use docker-compose or the docker cli.
 
 ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
 
@@ -197,12 +211,11 @@ docker run -d \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
-
 ```
 
 ## Parameters
 
-Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
+Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 
 | Parameter | Function |
 | :----: | --- |
@@ -215,7 +228,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -234,10 +247,10 @@ You can set any environment variable from a file by using a special prepend `FIL
 As an example:
 
 ```bash
--e FILE__PASSWORD=/run/secrets/mysecretpassword
+-e FILE__MYVAR=/run/secrets/mysecretvariable
 ```
 
-Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
+Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file.
 
 ## Umask for running applications
 
@@ -246,15 +259,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu
 
 ## User / Group Identifiers
 
-When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
+When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 
-In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
+In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below:
 
 ```bash
-  $ id username
-    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
+id your_user
+```
+
+Example output:
+
+```text
+uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)
 ```
 
 ## Docker Mods
@@ -265,12 +283,29 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 
 ## Support Info
 
-* Shell access whilst the container is running: `docker exec -it swag /bin/bash`
-* To monitor the logs of the container in realtime: `docker logs -f swag`
-* container version number
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' swag`
-* image version number
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest`
+* Shell access whilst the container is running:
+
+    ```bash
+    docker exec -it swag /bin/bash
+    ```
+
+* To monitor the logs of the container in realtime:
+
+    ```bash
+    docker logs -f swag
+    ```
+
+* Container version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' swag
+    ```
+
+* Image version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest
+    ```
 
 ## Updating Info
 
@@ -280,38 +315,83 @@ Below are the instructions for updating containers:
 
 ### Via Docker Compose
 
-* Update all images: `docker-compose pull`
-  * or update a single image: `docker-compose pull swag`
-* Let compose update all containers as necessary: `docker-compose up -d`
-  * or update a single container: `docker-compose up -d swag`
-* You can also remove the old dangling images: `docker image prune`
+* Update images:
+    * All images:
+
+        ```bash
+        docker-compose pull
+        ```
+
+    * Single image:
+
+        ```bash
+        docker-compose pull swag
+        ```
+
+* Update containers:
+    * All containers:
+
+        ```bash
+        docker-compose up -d
+        ```
+
+    * Single container:
+
+        ```bash
+        docker-compose up -d swag
+        ```
+
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Via Docker Run
 
-* Update the image: `docker pull lscr.io/linuxserver/swag:latest`
-* Stop the running container: `docker stop swag`
-* Delete the container: `docker rm swag`
+* Update the image:
+
+    ```bash
+    docker pull lscr.io/linuxserver/swag:latest
+    ```
+
+* Stop the running container:
+
+    ```bash
+    docker stop swag
+    ```
+
+* Delete the container:
+
+    ```bash
+    docker rm swag
+    ```
+
 * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
-* You can also remove the old dangling images: `docker image prune`
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Via Watchtower auto-updater (only use if you don't remember the original parameters)
 
 * Pull the latest image at its tag and replace it with the same env variables in one run:
 
-  ```bash
-  docker run --rm \
-  -v /var/run/docker.sock:/var/run/docker.sock \
-  containrrr/watchtower \
-  --run-once swag
-  ```
+    ```bash
+    docker run --rm \
+      -v /var/run/docker.sock:/var/run/docker.sock \
+      containrrr/watchtower \
+      --run-once swag
+    ```
 
 * You can also remove the old dangling images: `docker image prune`
 
-**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
+**warning**: We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
 
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 
-* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
+**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 
 ## Building locally
 
@@ -336,6 +416,16 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **11.12.23:** - Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins.
+* **30.11.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404.
+* **23.11.23:** - Run certbot as root to allow fix http validation.
+* **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin.
+* **28.08.23:** - Add Namecheap DNS plugin.
+* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
+* **07.08.23:** - Add Bunny DNS Configuration.
+* **27.07.23:** - Added support for dreamhost validation.
+* **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf.
+* **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
 * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.
 * **25.03.23:** - Fix renewal post hook.
 * **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).

jenkins-vars.yml

@@ -6,6 +6,7 @@ external_type: pip_version
 release_type: stable
 release_tag: latest
 ls_branch: master
+build_armhf: false
 repo_vars:
   - EXT_PIP = 'certbot'
   - BUILD_VERSION_ARG = 'CERTBOT_VERSION'

package_versions.txt

@@ -1,340 +1,341 @@
-NAME                            VERSION                TYPE   
-ConfigArgParse                  1.5.3                  python  
-PyJWT                           2.6.0                  python  
-PyYAML                          6.0                    python  
-acme                            2.5.0                  python  
-alpine-baselayout               3.4.0-r0               apk     
-alpine-baselayout-data          3.4.0-r0               apk     
-alpine-keys                     2.4-r1                 apk     
-alpine-release                  3.17.3-r0              apk     
-aom-libs                        3.5.0-r0               apk     
-apache2-utils                   2.4.57-r0              apk     
-apk-tools                       2.12.10-r1             apk     
-apr                             1.7.2-r0               apk     
-apr-util                        1.6.3-r0               apk     
-argon2-libs                     20190702-r2            apk     
-attrs                           23.1.0                 python  
-azure-common                    1.1.28                 python  
-azure-core                      1.26.4                 python  
-azure-identity                  1.12.0                 python  
-azure-mgmt-core                 1.4.0                  python  
-azure-mgmt-dns                  8.0.0                  python  
-bash                            5.2.15-r0              apk     
-beautifulsoup4                  4.12.2                 python  
-boto3                           1.26.117               python  
-botocore                        1.29.117               python  
-brotli-libs                     1.0.9-r9               apk     
-bs4                             0.0.1                  python  
-busybox                         1.35.0                 binary  
-busybox                         1.35.0-r29             apk     
-busybox-binsh                   1.35.0-r29             apk     
-c-client                        2007f-r14              apk     
-ca-certificates                 20220614-r4            apk     
-ca-certificates-bundle          20220614-r4            apk     
-cachetools                      5.3.0                  python  
-certbot                         2.5.0                  python  
-certbot-dns-acmedns             0.1.0                  python  
-certbot-dns-aliyun              2.0.0                  python  
-certbot-dns-azure               2.1.0                  python  
-certbot-dns-cloudflare          2.5.0                  python  
-certbot-dns-cpanel              0.4.0                  python  
-certbot-dns-desec               1.2.1                  python  
-certbot-dns-digitalocean        2.5.0                  python  
-certbot-dns-directadmin         1.0.3                  python  
-certbot-dns-dnsimple            2.5.0                  python  
-certbot-dns-dnsmadeeasy         2.5.0                  python  
-certbot-dns-dnspod              0.1.0                  python  
-certbot-dns-do                  0.31.0                 python  
-certbot-dns-domeneshop          0.2.9                  python  
-certbot-dns-duckdns             1.3                    python  
-certbot-dns-dynu                0.0.4                  python  
-certbot-dns-gehirn              2.5.0                  python  
-certbot-dns-godaddy             0.2.2                  python  
-certbot-dns-google              2.5.0                  python  
-certbot-dns-google-domains      0.1.11                 python  
-certbot-dns-he                  1.0.0                  python  
-certbot-dns-hetzner             2.0.0                  python  
-certbot-dns-infomaniak          0.2.1                  python  
-certbot-dns-inwx                2.2.0                  python  
-certbot-dns-ionos               2022.11.24             python  
-certbot-dns-linode              2.5.0                  python  
-certbot-dns-loopia              1.0.1                  python  
-certbot-dns-luadns              2.5.0                  python  
-certbot-dns-netcup              1.2.0                  python  
-certbot-dns-njalla              1.0.0                  python  
-certbot-dns-nsone               2.5.0                  python  
-certbot-dns-ovh                 2.5.0                  python  
-certbot-dns-porkbun             0.8                    python  
-certbot-dns-rfc2136             2.5.0                  python  
-certbot-dns-route53             2.5.0                  python  
-certbot-dns-sakuracloud         2.5.0                  python  
-certbot-dns-standalone          1.1                    python  
-certbot-dns-transip             0.5.2                  python  
-certbot-dns-vultr               1.0.3                  python  
-certbot-plugin-gandi            1.4.3                  python  
-certifi                         2022.12.7              python  
-cffi                            1.15.1                 python  
-charset-normalizer              3.1.0                  python  
-cloudflare                      2.11.1                 python  
-configobj                       5.0.8                  python  
-coreutils                       9.1-r0                 apk     
-cryptography                    40.0.2                 python  
-curl                            8.0.1-r0               apk     
-dataclasses-json                0.5.7                  python  
-distro                          1.8.0                  python  
-dns-lexicon                     3.11.7                 python  
-dnslib                          0.9.23                 python  
-dnspython                       2.3.0                  python  
-domeneshop                      0.4.3                  python  
-fail2ban                        1.0.2                  python  
-fail2ban                        1.0.2-r0               apk     
-filelock                        3.12.0                 python  
-fontconfig                      2.14.1-r0              apk     
-freetype                        2.12.1-r0              apk     
-future                          0.18.3                 python  
-gdbm                            1.23-r0                apk     
-git                             2.38.4-r1              apk     
-git-perl                        2.38.4-r1              apk     
-gmp                             6.2.1-r2               apk     
-gnupg                           2.2.40-r0              apk     
-gnupg-dirmngr                   2.2.40-r0              apk     
-gnupg-gpgconf                   2.2.40-r0              apk     
-gnupg-utils                     2.2.40-r0              apk     
-gnupg-wks-client                2.2.40-r0              apk     
-gnutls                          3.7.8-r3               apk     
-google-api-core                 2.11.0                 python  
-google-api-python-client        2.86.0                 python  
-google-auth                     2.17.3                 python  
-google-auth-httplib2            0.1.0                  python  
-googleapis-common-protos        1.59.0                 python  
-gpg                             2.2.40-r0              apk     
-gpg-agent                       2.2.40-r0              apk     
-gpg-wks-server                  2.2.40-r0              apk     
-gpgsm                           2.2.40-r0              apk     
-gpgv                            2.2.40-r0              apk     
-httplib2                        0.22.0                 python  
-icu-data-en                     72.1-r1                apk     
-icu-libs                        72.1-r1                apk     
-idna                            3.4                    python  
-importlib-metadata              6.5.0                  python  
-ip6tables                       1.8.8-r2               apk     
-iptables                        1.8.8-r2               apk     
-isodate                         0.6.1                  python  
-jmespath                        1.0.1                  python  
-josepy                          1.13.0                 python  
-jq                              1.6-r2                 apk     
-jsonlines                       3.1.0                  python  
-jsonpickle                      3.0.1                  python  
-libacl                          2.3.1-r1               apk     
-libassuan                       2.5.5-r1               apk     
-libattr                         2.5.1-r2               apk     
-libavif                         0.11.1-r0              apk     
-libbsd                          0.11.7-r0              apk     
-libbz2                          1.0.8-r4               apk     
-libc-utils                      0.7.2-r3               apk     
-libcrypto3                      3.0.8-r4               apk     
-libcurl                         8.0.1-r0               apk     
-libdav1d                        1.0.0-r2               apk     
-libedit                         20221030.3.1-r0        apk     
-libevent                        2.1.12-r5              apk     
-libexpat                        2.5.0-r0               apk     
-libffi                          3.4.4-r0               apk     
-libgcc                          12.2.1_git20220924-r4  apk     
-libgcrypt                       1.10.1-r0              apk     
-libgd                           2.3.3-r3               apk     
-libgpg-error                    1.46-r1                apk     
-libice                          1.0.10-r1              apk     
-libidn                          1.41-r0                apk     
-libintl                         0.21.1-r1              apk     
-libjpeg-turbo                   2.1.4-r0               apk     
-libksba                         1.6.3-r0               apk     
-libldap                         2.6.3-r6               apk     
-libmaxminddb-libs               1.7.1-r0               apk     
-libmcrypt                       2.5.8-r10              apk     
-libmd                           1.0.4-r0               apk     
-libmemcached-libs               1.0.18-r5              apk     
-libmnl                          1.0.5-r0               apk     
-libnftnl                        1.2.4-r0               apk     
-libpng                          1.6.38-r0              apk     
-libpq                           15.2-r0                apk     
-libproc                         3.3.17-r2              apk     
-libsasl                         2.1.28-r3              apk     
-libseccomp                      2.5.4-r0               apk     
-libsm                           1.2.3-r1               apk     
-libsodium                       1.0.18-r2              apk     
-libssl3                         3.0.8-r4               apk     
-libstdc++                       12.2.1_git20220924-r4  apk     
-libtasn1                        4.19.0-r0              apk     
-libunistring                    1.1-r0                 apk     
-libuuid                         2.38.1-r1              apk     
-libwebp                         1.2.4-r1               apk     
-libx11                          1.8.4-r0               apk     
-libxau                          1.0.10-r0              apk     
-libxcb                          1.15-r0                apk     
-libxdmcp                        1.1.4-r0               apk     
-libxext                         1.3.5-r0               apk     
-libxml2                         2.10.4-r0              apk     
-libxpm                          3.5.15-r0              apk     
-libxslt                         1.1.37-r1              apk     
-libxt                           1.2.1-r0               apk     
-libzip                          1.9.2-r2               apk     
-linux-pam                       1.5.2-r1               apk     
-logrotate                       3.20.1-r3              apk     
-loopialib                       0.2.0                  python  
-lxml                            4.9.2                  python  
-lz4-libs                        1.9.4-r1               apk     
-marshmallow                     3.19.0                 python  
-marshmallow-enum                1.5.1                  python  
-memcached                       1.6.17                 binary  
-memcached                       1.6.17-r0              apk     
-mock                            5.0.2                  python  
-mpdecimal                       2.5.1-r1               apk     
-msal                            1.22.0                 python  
-msal-extensions                 1.0.0                  python  
-msrest                          0.7.1                  python  
-musl                            1.2.3-r4               apk     
-musl-utils                      1.2.3-r4               apk     
-mypy-extensions                 1.0.0                  python  
-nano                            7.0-r0                 apk     
-ncurses-libs                    6.3_p20221119-r0       apk     
-ncurses-terminfo-base           6.3_p20221119-r0       apk     
-netcat-openbsd                  1.130-r4               apk     
-nettle                          3.8.1-r0               apk     
-nghttp2-libs                    1.51.0-r0              apk     
-nginx                           1.22.1-r0              apk     
-nginx-mod-devel-kit             1.22.1-r0              apk     
-nginx-mod-http-brotli           1.22.1-r0              apk     
-nginx-mod-http-dav-ext          1.22.1-r0              apk     
-nginx-mod-http-echo             1.22.1-r0              apk     
-nginx-mod-http-fancyindex       1.22.1-r0              apk     
-nginx-mod-http-geoip2           1.22.1-r0              apk     
-nginx-mod-http-headers-more     1.22.1-r0              apk     
-nginx-mod-http-image-filter     1.22.1-r0              apk     
-nginx-mod-http-perl             1.22.1-r0              apk     
-nginx-mod-http-redis2           1.22.1-r0              apk     
-nginx-mod-http-set-misc         1.22.1-r0              apk     
-nginx-mod-http-upload-progress  1.22.1-r0              apk     
-nginx-mod-http-xslt-filter      1.22.1-r0              apk     
-nginx-mod-mail                  1.22.1-r0              apk     
-nginx-mod-rtmp                  1.22.1-r0              apk     
-nginx-mod-stream                1.22.1-r0              apk     
-nginx-mod-stream-geoip2         1.22.1-r0              apk     
-nginx-vim                       1.22.1-r0              apk     
-npth                            1.6-r2                 apk     
-oauth2client                    4.1.3                  python  
-oauthlib                        3.2.2                  python  
-oniguruma                       6.9.8-r0               apk     
-openssl                         3.0.8-r4               apk     
-p11-kit                         0.24.1-r1              apk     
-packaging                       23.1                   python  
-parsedatetime                   2.6                    python  
-pcre                            8.45-r2                apk     
-pcre2                           10.42-r0               apk     
-perl                            5.36.0-r1              apk     
-perl-error                      0.17029-r1             apk     
-perl-git                        2.38.4-r1              apk     
-php-cli                         8.1.18                 binary  
-php-fpm                         8.1.18                 binary  
-php81                           8.1.18-r0              apk     
-php81-bcmath                    8.1.18-r0              apk     
-php81-bz2                       8.1.18-r0              apk     
-php81-common                    8.1.18-r0              apk     
-php81-ctype                     8.1.18-r0              apk     
-php81-curl                      8.1.18-r0              apk     
-php81-dom                       8.1.18-r0              apk     
-php81-exif                      8.1.18-r0              apk     
-php81-fileinfo                  8.1.18-r0              apk     
-php81-fpm                       8.1.18-r0              apk     
-php81-ftp                       8.1.18-r0              apk     
-php81-gd                        8.1.18-r0              apk     
-php81-gmp                       8.1.18-r0              apk     
-php81-iconv                     8.1.18-r0              apk     
-php81-imap                      8.1.18-r0              apk     
-php81-intl                      8.1.18-r0              apk     
-php81-ldap                      8.1.18-r0              apk     
-php81-mbstring                  8.1.18-r0              apk     
-php81-mysqli                    8.1.18-r0              apk     
-php81-mysqlnd                   8.1.18-r0              apk     
-php81-opcache                   8.1.18-r0              apk     
-php81-openssl                   8.1.18-r0              apk     
-php81-pdo                       8.1.18-r0              apk     
-php81-pdo_mysql                 8.1.18-r0              apk     
-php81-pdo_odbc                  8.1.18-r0              apk     
-php81-pdo_pgsql                 8.1.18-r0              apk     
-php81-pdo_sqlite                8.1.18-r0              apk     
-php81-pear                      8.1.18-r0              apk     
-php81-pecl-apcu                 5.1.22-r0              apk     
-php81-pecl-igbinary             3.2.12-r0              apk     
-php81-pecl-mailparse            3.1.4-r0               apk     
-php81-pecl-mcrypt               1.0.6-r0               apk     
-php81-pecl-memcached            3.2.0-r0               apk     
-php81-pecl-redis                5.3.7-r0               apk     
-php81-pecl-xmlrpc               1.0.0_rc3-r0           apk     
-php81-pgsql                     8.1.18-r0              apk     
-php81-phar                      8.1.18-r0              apk     
-php81-posix                     8.1.18-r0              apk     
-php81-session                   8.1.18-r0              apk     
-php81-simplexml                 8.1.18-r0              apk     
-php81-soap                      8.1.18-r0              apk     
-php81-sockets                   8.1.18-r0              apk     
-php81-sodium                    8.1.18-r0              apk     
-php81-sqlite3                   8.1.18-r0              apk     
-php81-tokenizer                 8.1.18-r0              apk     
-php81-xml                       8.1.18-r0              apk     
-php81-xmlreader                 8.1.18-r0              apk     
-php81-xmlwriter                 8.1.18-r0              apk     
-php81-xsl                       8.1.18-r0              apk     
-php81-zip                       8.1.18-r0              apk     
-pinentry                        1.2.1-r0               apk     
-pip                             23.1                   python  
-pkb-client                      1.2                    python  
-popt                            1.19-r0                apk     
-portalocker                     2.7.0                  python  
-procps                          3.3.17-r2              apk     
-protobuf                        4.22.3                 python  
-publicsuffixlist                0.9.4                  python  
-pyOpenSSL                       23.1.1                 python  
-pyRFC3339                       1.1                    python  
-pyacmedns                       0.4                    python  
-pyasn1                          0.5.0                  python  
-pyasn1-modules                  0.3.0                  python  
-pycparser                       2.21                   python  
-pyparsing                       3.0.9                  python  
-python                          3.10.11                binary  
-python-dateutil                 2.8.2                  python  
-python-digitalocean             1.17.0                 python  
-python-transip                  0.6.0                  python  
-python3                         3.10.11-r0             apk     
-pytz                            2023.3                 python  
-readline                        8.2.0-r0               apk     
-requests                        2.28.2                 python  
-requests-file                   1.5.1                  python  
-requests-mock                   1.10.0                 python  
-requests-oauthlib               1.3.1                  python  
-rsa                             4.9                    python  
-s3transfer                      0.6.0                  python  
-scanelf                         1.3.5-r1               apk     
-setuptools                      65.5.0                 python  
-shadow                          4.13-r0                apk     
-six                             1.16.0                 python  
-skalibs                         2.12.0.1-r0            apk     
-soupsieve                       2.4.1                  python  
-sqlite-libs                     3.40.1-r0              apk     
-ssl_client                      1.35.0-r29             apk     
-tiff                            4.4.0-r3               apk     
-tldextract                      3.4.0                  python  
-typing-inspect                  0.8.0                  python  
-typing_extensions               4.5.0                  python  
-tzdata                          2023c-r0               apk     
-unixodbc                        2.3.11-r0              apk     
-uritemplate                     4.1.1                  python  
-urllib3                         1.26.15                python  
-utmps-libs                      0.1.2.0-r1             apk     
-wheel                           0.40.0                 python  
-whois                           5.5.14-r0              apk     
-xz                              5.2.9-r0               apk     
-xz-libs                         5.2.9-r0               apk     
-zipp                            3.15.0                 python  
-zlib                            1.2.13-r0              apk     
-zope.interface                  6.0                    python  
-zstd-libs                       1.5.5-r0               apk     
+NAME                            VERSION                 TYPE   
+ConfigArgParse                  1.7                     python  
+PyJWT                           2.8.0                   python  
+PyNamecheap                     0.0.3                   python  
+PyYAML                          6.0.1                   python  
+Simple Launcher                 1.1.0.14                dotnet  
+acme                            2.8.0                   python  
+alpine-baselayout               3.4.3-r1                apk     
+alpine-baselayout-data          3.4.3-r1                apk     
+alpine-keys                     2.4-r1                  apk     
+alpine-release                  3.18.5-r0               apk     
+anyio                           4.2.0                   python  
+aom-libs                        3.6.1-r0                apk     
+apache2-utils                   2.4.58-r0               apk     
+apk-tools                       2.14.0-r2               apk     
+apr                             1.7.4-r0                apk     
+apr-util                        1.6.3-r1                apk     
+argon2-libs                     20190702-r4             apk     
+attrs                           23.1.0                  python  
+azure-common                    1.1.28                  python  
+azure-core                      1.29.6                  python  
+azure-identity                  1.15.0                  python  
+azure-mgmt-core                 1.4.0                   python  
+azure-mgmt-dns                  8.1.0                   python  
+bash                            5.2.15-r5               apk     
+beautifulsoup4                  4.12.2                  python  
+boto3                           1.34.7                  python  
+botocore                        1.34.7                  python  
+brotli-libs                     1.0.9-r14               apk     
+bs4                             0.0.1                   python  
+busybox                         1.36.1-r5               apk     
+busybox-binsh                   1.36.1-r5               apk     
+c-client                        2007f-r15               apk     
+ca-certificates                 20230506-r0             apk     
+ca-certificates-bundle          20230506-r0             apk     
+cachetools                      5.3.2                   python  
+certbot                         2.8.0                   python  
+certbot-dns-acmedns             0.1.0                   python  
+certbot-dns-aliyun              2.0.0                   python  
+certbot-dns-azure               2.4.0                   python  
+certbot-dns-bunny               0.0.9                   python  
+certbot-dns-cloudflare          2.8.0                   python  
+certbot-dns-cpanel              0.4.0                   python  
+certbot-dns-desec               1.2.1                   python  
+certbot-dns-digitalocean        2.8.0                   python  
+certbot-dns-directadmin         1.0.3                   python  
+certbot-dns-dnsimple            2.8.0                   python  
+certbot-dns-dnsmadeeasy         2.8.0                   python  
+certbot-dns-dnspod              0.1.0                   python  
+certbot-dns-do                  0.31.0                  python  
+certbot-dns-domeneshop          0.2.9                   python  
+certbot-dns-dreamhost           1.0                     python  
+certbot-dns-duckdns             1.3                     python  
+certbot-dns-freedns             0.1.0                   python  
+certbot-dns-gehirn              2.8.0                   python  
+certbot-dns-godaddy             2.7.4                   python  
+certbot-dns-google              2.8.0                   python  
+certbot-dns-google-domains      0.1.11                  python  
+certbot-dns-he                  1.0.0                   python  
+certbot-dns-hetzner             2.0.0                   python  
+certbot-dns-infomaniak          0.2.1                   python  
+certbot-dns-inwx                2.2.0                   python  
+certbot-dns-ionos               2023.11.13.post1        python  
+certbot-dns-linode              2.8.0                   python  
+certbot-dns-loopia              1.0.1                   python  
+certbot-dns-luadns              2.8.0                   python  
+certbot-dns-namecheap           1.0.0                   python  
+certbot-dns-netcup              1.4.3                   python  
+certbot-dns-njalla              1.0.0                   python  
+certbot-dns-nsone               2.8.0                   python  
+certbot-dns-ovh                 2.8.0                   python  
+certbot-dns-porkbun             0.8                     python  
+certbot-dns-rfc2136             2.8.0                   python  
+certbot-dns-route53             2.8.0                   python  
+certbot-dns-sakuracloud         2.8.0                   python  
+certbot-dns-standalone          1.1                     python  
+certbot-dns-transip             0.5.2                   python  
+certbot-dns-vultr               1.1.0                   python  
+certbot-plugin-gandi            1.5.0                   python  
+certifi                         2023.11.17              python  
+cffi                            1.16.0                  python  
+charset-normalizer              3.3.2                   python  
+cloudflare                      2.14.3                  python  
+composer                        2.6.6                   binary  
+configobj                       5.0.8                   python  
+coreutils                       9.3-r1                  apk     
+cryptography                    41.0.7                  python  
+curl                            8.5.0-r0                apk     
+dataclasses-json                0.5.14                  python  
+distro                          1.8.0                   python  
+dns-lexicon                     3.17.0                  python  
+dnslib                          0.9.23                  python  
+dnspython                       2.4.2                   python  
+domeneshop                      0.4.3                   python  
+fail2ban                        1.0.2                   python  
+fail2ban                        1.0.2-r2                apk     
+fail2ban-pyc                    1.0.2-r2                apk     
+filelock                        3.13.1                  python  
+fontconfig                      2.14.2-r3               apk     
+freetype                        2.13.0-r5               apk     
+future                          0.18.3                  python  
+gdbm                            1.23-r1                 apk     
+git                             2.40.1-r0               apk     
+git-perl                        2.40.1-r0               apk     
+gmp                             6.2.1-r3                apk     
+gnupg                           2.4.3-r0                apk     
+gnupg-dirmngr                   2.4.3-r0                apk     
+gnupg-gpgconf                   2.4.3-r0                apk     
+gnupg-keyboxd                   2.4.3-r0                apk     
+gnupg-utils                     2.4.3-r0                apk     
+gnupg-wks-client                2.4.3-r0                apk     
+gnutls                          3.8.0-r2                apk     
+google-api-core                 2.15.0                  python  
+google-api-python-client        2.111.0                 python  
+google-auth                     2.25.2                  python  
+google-auth-httplib2            0.2.0                   python  
+googleapis-common-protos        1.62.0                  python  
+gpg                             2.4.3-r0                apk     
+gpg-agent                       2.4.3-r0                apk     
+gpg-wks-server                  2.4.3-r0                apk     
+gpgsm                           2.4.3-r0                apk     
+gpgv                            2.4.3-r0                apk     
+httplib2                        0.22.0                  python  
+icu-data-en                     73.2-r2                 apk     
+icu-libs                        73.2-r2                 apk     
+idna                            3.6                     python  
+ip6tables                       1.8.9-r2                apk     
+iptables                        1.8.9-r2                apk     
+isodate                         0.6.1                   python  
+jmespath                        1.0.1                   python  
+josepy                          1.14.0                  python  
+jq                              1.6-r4                  apk     
+jsonlines                       4.0.0                   python  
+jsonpickle                      3.0.2                   python  
+libacl                          2.3.1-r3                apk     
+libassuan                       2.5.6-r0                apk     
+libattr                         2.5.1-r4                apk     
+libavif                         0.11.1-r2               apk     
+libbsd                          0.11.7-r1               apk     
+libbz2                          1.0.8-r5                apk     
+libc-utils                      0.7.2-r5                apk     
+libcrypto3                      3.1.4-r1                apk     
+libcurl                         8.5.0-r0                apk     
+libdav1d                        1.2.1-r0                apk     
+libedit                         20221030.3.1-r1         apk     
+libevent                        2.1.12-r6               apk     
+libexpat                        2.5.0-r1                apk     
+libffi                          3.4.4-r2                apk     
+libgcc                          12.2.1_git20220924-r10  apk     
+libgcrypt                       1.10.2-r1               apk     
+libgd                           2.3.3-r7                apk     
+libgpg-error                    1.47-r1                 apk     
+libice                          1.1.1-r2                apk     
+libidn2                         2.3.4-r1                apk     
+libintl                         0.21.1-r7               apk     
+libjpeg-turbo                   2.1.5.1-r3              apk     
+libksba                         1.6.4-r0                apk     
+libldap                         2.6.5-r0                apk     
+libmaxminddb-libs               1.7.1-r1                apk     
+libmcrypt                       2.5.8-r10               apk     
+libmd                           1.0.4-r2                apk     
+libmemcached-libs               1.1.4-r1                apk     
+libmnl                          1.0.5-r1                apk     
+libncursesw                     6.4_p20230506-r0        apk     
+libnftnl                        1.2.5-r1                apk     
+libpanelw                       6.4_p20230506-r0        apk     
+libpng                          1.6.39-r3               apk     
+libpq                           15.5-r0                 apk     
+libproc2                        4.0.4-r0                apk     
+libsasl                         2.1.28-r4               apk     
+libseccomp                      2.5.4-r2                apk     
+libsm                           1.2.4-r1                apk     
+libsodium                       1.0.18-r3               apk     
+libssl3                         3.1.4-r1                apk     
+libstdc++                       12.2.1_git20220924-r10  apk     
+libtasn1                        4.19.0-r1               apk     
+libunistring                    1.1-r1                  apk     
+libuuid                         2.38.1-r8               apk     
+libwebp                         1.3.2-r0                apk     
+libx11                          1.8.7-r0                apk     
+libxau                          1.0.11-r2               apk     
+libxcb                          1.15-r1                 apk     
+libxdmcp                        1.1.4-r2                apk     
+libxext                         1.3.5-r2                apk     
+libxml2                         2.11.6-r0               apk     
+libxpm                          3.5.16-r1               apk     
+libxslt                         1.1.38-r0               apk     
+libxt                           1.3.0-r2                apk     
+libzip                          1.9.2-r2                apk     
+linux-pam                       1.5.2-r10               apk     
+logrotate                       3.21.0-r1               apk     
+loopialib                       0.2.0                   python  
+lxml                            4.9.4                   python  
+lz4-libs                        1.9.4-r4                apk     
+marshmallow                     3.20.1                  python  
+memcached                       1.6.21-r0               apk     
+mock                            5.1.0                   python  
+mpdecimal                       2.5.1-r2                apk     
+msal                            1.26.0                  python  
+msal-extensions                 1.1.0                   python  
+musl                            1.2.4-r2                apk     
+musl-utils                      1.2.4-r2                apk     
+mypy-extensions                 1.0.0                   python  
+nano                            7.2-r1                  apk     
+ncurses-terminfo-base           6.4_p20230506-r0        apk     
+netcat-openbsd                  1.219-r1                apk     
+nettle                          3.8.1-r2                apk     
+nghttp2-libs                    1.57.0-r0               apk     
+nginx                           1.24.0-r7               apk     
+nginx-mod-devel-kit             1.24.0-r7               apk     
+nginx-mod-http-brotli           1.24.0-r7               apk     
+nginx-mod-http-dav-ext          1.24.0-r7               apk     
+nginx-mod-http-echo             1.24.0-r7               apk     
+nginx-mod-http-fancyindex       1.24.0-r7               apk     
+nginx-mod-http-geoip2           1.24.0-r7               apk     
+nginx-mod-http-headers-more     1.24.0-r7               apk     
+nginx-mod-http-image-filter     1.24.0-r7               apk     
+nginx-mod-http-perl             1.24.0-r7               apk     
+nginx-mod-http-redis2           1.24.0-r7               apk     
+nginx-mod-http-set-misc         1.24.0-r7               apk     
+nginx-mod-http-upload-progress  1.24.0-r7               apk     
+nginx-mod-http-xslt-filter      1.24.0-r7               apk     
+nginx-mod-mail                  1.24.0-r7               apk     
+nginx-mod-rtmp                  1.24.0-r7               apk     
+nginx-mod-stream                1.24.0-r7               apk     
+nginx-mod-stream-geoip2         1.24.0-r7               apk     
+nginx-vim                       1.24.0-r7               apk     
+npth                            1.6-r4                  apk     
+oniguruma                       6.9.8-r1                apk     
+openssl                         3.1.4-r1                apk     
+p11-kit                         0.24.1-r2               apk     
+packaging                       23.2                    python  
+parsedatetime                   2.6                     python  
+pcre                            8.45-r3                 apk     
+pcre2                           10.42-r1                apk     
+perl                            5.36.2-r0               apk     
+perl-error                      0.17029-r1              apk     
+perl-git                        2.40.1-r0               apk     
+php82                           8.2.13-r0               apk     
+php82-bcmath                    8.2.13-r0               apk     
+php82-bz2                       8.2.13-r0               apk     
+php82-common                    8.2.13-r0               apk     
+php82-ctype                     8.2.13-r0               apk     
+php82-curl                      8.2.13-r0               apk     
+php82-dom                       8.2.13-r0               apk     
+php82-exif                      8.2.13-r0               apk     
+php82-fileinfo                  8.2.13-r0               apk     
+php82-fpm                       8.2.13-r0               apk     
+php82-ftp                       8.2.13-r0               apk     
+php82-gd                        8.2.13-r0               apk     
+php82-gmp                       8.2.13-r0               apk     
+php82-iconv                     8.2.13-r0               apk     
+php82-imap                      8.2.13-r0               apk     
+php82-intl                      8.2.13-r0               apk     
+php82-ldap                      8.2.13-r0               apk     
+php82-mbstring                  8.2.13-r0               apk     
+php82-mysqli                    8.2.13-r0               apk     
+php82-mysqlnd                   8.2.13-r0               apk     
+php82-opcache                   8.2.13-r0               apk     
+php82-openssl                   8.2.13-r0               apk     
+php82-pdo                       8.2.13-r0               apk     
+php82-pdo_mysql                 8.2.13-r0               apk     
+php82-pdo_odbc                  8.2.13-r0               apk     
+php82-pdo_pgsql                 8.2.13-r0               apk     
+php82-pdo_sqlite                8.2.13-r0               apk     
+php82-pear                      8.2.13-r0               apk     
+php82-pecl-apcu                 5.1.22-r0               apk     
+php82-pecl-igbinary             3.2.14-r0               apk     
+php82-pecl-mcrypt               1.0.7-r0                apk     
+php82-pecl-memcached            3.2.0-r1                apk     
+php82-pecl-msgpack              2.2.0-r0                apk     
+php82-pecl-redis                6.0.2-r0                apk     
+php82-pgsql                     8.2.13-r0               apk     
+php82-phar                      8.2.13-r0               apk     
+php82-posix                     8.2.13-r0               apk     
+php82-session                   8.2.13-r0               apk     
+php82-simplexml                 8.2.13-r0               apk     
+php82-soap                      8.2.13-r0               apk     
+php82-sockets                   8.2.13-r0               apk     
+php82-sodium                    8.2.13-r0               apk     
+php82-sqlite3                   8.2.13-r0               apk     
+php82-tokenizer                 8.2.13-r0               apk     
+php82-xml                       8.2.13-r0               apk     
+php82-xmlreader                 8.2.13-r0               apk     
+php82-xmlwriter                 8.2.13-r0               apk     
+php82-xsl                       8.2.13-r0               apk     
+php82-zip                       8.2.13-r0               apk     
+pinentry                        1.2.1-r1                apk     
+pip                             23.3.2                  python  
+pkb-client                      1.2                     python  
+popt                            1.19-r2                 apk     
+portalocker                     2.8.2                   python  
+procps-ng                       4.0.4-r0                apk     
+protobuf                        4.25.1                  python  
+publicsuffixlist                0.9.4                   python  
+pyOpenSSL                       23.3.0                  python  
+pyRFC3339                       1.1                     python  
+pyacmedns                       0.4                     python  
+pyasn1                          0.5.1                   python  
+pyasn1-modules                  0.3.0                   python  
+pyc                             0.1-r0                  apk     
+pycparser                       2.21                    python  
+pyotp                           2.9.0                   python  
+pyparsing                       3.1.1                   python  
+python-dateutil                 2.8.2                   python  
+python-digitalocean             1.17.0                  python  
+python-transip                  0.6.0                   python  
+python3                         3.11.6-r0               apk     
+python3-pyc                     3.11.6-r0               apk     
+python3-pycache-pyc0            3.11.6-r0               apk     
+pytz                            2023.3.post1            python  
+readline                        8.2.1-r1                apk     
+requests                        2.31.0                  python  
+requests-file                   1.5.1                   python  
+requests-mock                   1.11.0                  python  
+rsa                             4.9                     python  
+s3transfer                      0.10.0                  python  
+scanelf                         1.3.7-r1                apk     
+setuptools                      65.5.0                  python  
+shadow                          4.13-r4                 apk     
+six                             1.16.0                  python  
+skalibs                         2.13.1.1-r1             apk     
+sniffio                         1.3.0                   python  
+soupsieve                       2.5                     python  
+sqlite-libs                     3.41.2-r2               apk     
+ssl_client                      1.36.1-r5               apk     
+tiff                            4.5.1-r0                apk     
+tldextract                      5.1.1                   python  
+typing-inspect                  0.9.0                   python  
+typing_extensions               4.9.0                   python  
+tzdata                          2023c-r1                apk     
+unixodbc                        2.3.11-r2               apk     
+uritemplate                     4.1.1                   python  
+urllib3                         2.0.7                   python  
+utmps-libs                      0.1.2.1-r1              apk     
+wheel                           0.42.0                  python  
+whois                           5.5.17-r0               apk     
+xz-libs                         5.4.3-r0                apk     
+zlib                            1.2.13-r1               apk     
+zope.interface                  6.1                     python  
+zstd-libs                       1.5.5-r4                apk     

readme-vars.yml

@@ -14,7 +14,6 @@ project_blurb_optional_extras: []
 available_architectures:
   - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
   - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
-  - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"}
 
 # development version
 development_versions: false
@@ -51,7 +50,7 @@ opt_param_usage_include_env: true
 opt_param_env_vars:
   - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
   - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
   - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
   - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@@ -84,13 +83,28 @@ app_setup_block: |
   * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
     * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
     * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
-    * DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
+    * DuckDNS only supports two types of DNS validated certificates (not both at the same time):
       1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
       2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
   * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
   * After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
   * Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
 
+  ### Certbot Plugins
+
+  SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
+  If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
+
+  Set the following environment variables on your container:
+
+  ```yaml
+  DOCKER_MODS=linuxserver/mods:universal-package-install
+  INSTALL_PIP_PACKAGES=certbot-dns-<plugin>
+  ```
+
+  Set the required credentials (usually found in the plugin documentation) in `/config/dns-conf/<plugin>.ini`.
+  It is recommended to attempt obtaining a certificate with `STAGING=true` first to make sure the plugin is working as expected.
+
   ### Security and password protection
 
   * The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
@@ -154,6 +168,16 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "11.12.23:", desc: "Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins." }
+  - { date: "30.11.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404." }
+  - { date: "23.11.23:", desc: "Run certbot as root to allow fix http validation." }
+  - { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
+  - { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
+  - { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
+  - { date: "07.08.23:", desc: "Add Bunny DNS Configuration." }
+  - { date: "27.07.23:", desc: "Added support for dreamhost validation." }
+  - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." }
+  - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." }
   - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." }
   - { date: "25.03.23:", desc: "Fix renewal post hook." }
   - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }

root/defaults/dns-conf/bunny.ini

@@ -0,0 +1,2 @@
+# Bunny API token used by Certbot
+dns_bunny_api_key = a65e8ebd-45ab-44d2-a542-40d4d009e3bf

root/defaults/dns-conf/dreamhost.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/goncalo-leal/certbot-dns-dreamhost#usage
+# Replace with your values
+dns_dreamhost_baseurl = "https://api.dreamhost.com/"
+dns_dreamhost_api_key = "<api_key>"

root/defaults/dns-conf/dynu.ini

@@ -1,3 +0,0 @@
-# Instructions: https://github.com/bikram990/certbot-dns-dynu#configuration
-# Replace with your API token from your dynu account.
-dns_dynu_auth_token = AbCbASsd!@34

root/defaults/dns-conf/freedns.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/schleuss/certbot_dns_freedns#credentials
+# Replace with your values
+dns_freedns_username = myremoteuser
+dns_freedns_password = verysecureremoteuserpassword

root/defaults/dns-conf/namecheap.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/knoxell/certbot-dns-namecheap#credentials
+# Namecheap API credentials used by Certbot
+dns_namecheap_username=my-username
+dns_namecheap_api_key=my-api-key

root/defaults/fail2ban/filter.d/nginx-deny.conf

@@ -12,4 +12,4 @@ datepattern = {^LN-BEG}
 
 # DEV NOTES:
 #
-# Author: Will L (driz@linuxserver.io)
+# Author: notdriz

root/defaults/fail2ban/filter.d/nginx-unauthorized.conf

@@ -3,5 +3,3 @@
 [Definition]
 
 failregex = ^<HOST>.*"(GET|POST|HEAD).*" (401) .*$
-
-ignoreregex = .*(?i)plex.*

root/defaults/nginx/authelia-location.conf.sample

@@ -1,25 +1,27 @@
-## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
+## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
 
-## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
+## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource
 auth_request /authelia/api/verify;
-## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
 error_page 401 = @authelia_proxy_signin;
 
-## Translate response headers from Authelia into variables
+## Translate the user information response headers from the auth subrequest into variables
 auth_request_set $email $upstream_http_remote_email;
 auth_request_set $groups $upstream_http_remote_groups;
 auth_request_set $name $upstream_http_remote_name;
 auth_request_set $user $upstream_http_remote_user;
 
-## Inject the response header variables into the request made to the actual upstream
+## Inject the user information into the request made to the actual upstream
 proxy_set_header Remote-Email $email;
 proxy_set_header Remote-Groups $groups;
 proxy_set_header Remote-Name $name;
 proxy_set_header Remote-User $user;
 
-## Include the Set-Cookie header if present.
+## Translate the Set-Cookie response header from the auth subrequest into a variable
 auth_request_set $set_cookie $upstream_http_set_cookie;
-add_header Set-Cookie $set_cookie;
+
+## Translate the Location response header from the auth subrequest into a variable
+auth_request_set $signin_url $upstream_http_location;

root/defaults/nginx/authelia-server.conf.sample

@@ -1,4 +1,4 @@
-## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
 # Make sure that the authelia configuration.yml has 'path: "authelia"' defined
@@ -19,9 +19,9 @@ location = /authelia/api/verify {
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
-    proxy_pass http://$upstream_authelia:9091/authelia/api/verify;
+    proxy_pass http://$upstream_authelia:9091;
 
-    ## Include the Set-Cookie header if present.
+    ## Include the Set-Cookie header if present
     auth_request_set $set_cookie $upstream_http_set_cookie;
     add_header Set-Cookie $set_cookie;
 
@@ -29,27 +29,25 @@ location = /authelia/api/verify {
     proxy_set_header Content-Length "";
 }
 
-# Virtual location for authelia 401 redirects
+# virtual location for authelia 401 redirects
 location @authelia_proxy_signin {
     internal;
 
-    ## Set the $target_url variable based on the original request.
-    set_escape_uri $target_url $scheme://$http_host$request_uri;
-
-    ## Include the Set-Cookie header if present.
+    ## Include the Set-Cookie header if present
     auth_request_set $set_cookie $upstream_http_set_cookie;
     add_header Set-Cookie $set_cookie;
 
-    ## Set $authelia_backend to route requests to the current domain by default
-    set $authelia_backend $http_host;
-    ## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain
-    ## To use authelia on a separate subdomain:
-    ##  * comment the $authelia_backend line above
-    ##  * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
-    ##  * make sure that your dns has a cname set for authelia
-    ##  * uncomment the $authelia_backend line below and change example.com to your domain
-    ##  * restart the swag container
-    #set $authelia_backend authelia.example.com;
+    ## Set the $target_url variable based on the original request
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
 
-    return 302 https://$authelia_backend/authelia/?rd=$target_url;
+    ## Translate the Location response header from the auth subrequest into a variable
+    auth_request_set $signin_url $upstream_http_location;
+
+    if ($signin_url = '') {
+        ## Set the $signin_url variable
+        set $signin_url https://$http_host/authelia/?rd=$target_url;
+    }
+
+    ## Redirect to login
+    return 302 $signin_url;
 }

root/defaults/nginx/authentik-location.conf.sample

@@ -1,26 +1,25 @@
-## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
+## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
 # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
 # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
 
-## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
+## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource
 auth_request /outpost.goauthentik.io/auth/nginx;
-## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
+## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
 error_page 401 = @goauthentik_proxy_signin;
 
-## Translate response headers from Authentik into variables
+## Translate the user information response headers from the auth subrequest into variables
 auth_request_set $authentik_email $upstream_http_x_authentik_email;
 auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
 auth_request_set $authentik_name $upstream_http_x_authentik_name;
 auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
 auth_request_set $authentik_username $upstream_http_x_authentik_username;
 
-## Inject the response header variables into the request made to the actual upstream
+## Inject the user information into the request made to the actual upstream
 proxy_set_header X-authentik-email $authentik_email;
 proxy_set_header X-authentik-groups $authentik_groups;
 proxy_set_header X-authentik-name $authentik_name;
 proxy_set_header X-authentik-uid $authentik_uid;
 proxy_set_header X-authentik-username $authentik_username;
 
-## Include the Set-Cookie header if present.
+## Translate the Set-Cookie response header from the auth subrequest into a variable
 auth_request_set $set_cookie $upstream_http_set_cookie;
-add_header Set-Cookie $set_cookie;

root/defaults/nginx/authentik-server.conf.sample

@@ -1,4 +1,4 @@
-## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
+## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
 # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
 # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
 
@@ -18,9 +18,9 @@ location = /outpost.goauthentik.io/auth/nginx {
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authentik authentik-server;
-    proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
+    proxy_pass http://$upstream_authentik:9000;
 
-    ## Include the Set-Cookie header if present.
+    ## Include the Set-Cookie header if present
     auth_request_set $set_cookie $upstream_http_set_cookie;
     add_header Set-Cookie $set_cookie;
 
@@ -28,18 +28,20 @@ location = /outpost.goauthentik.io/auth/nginx {
     proxy_set_header Content-Length "";
 }
 
-# Virtual location for authentik 401 redirects
+# virtual location for authentik 401 redirects
 location @goauthentik_proxy_signin {
     internal;
 
-    ## Set the $target_url variable based on the original request.
-    set_escape_uri $target_url $scheme://$http_host$request_uri;
-
-    ## Include the Set-Cookie header if present.
+    ## Include the Set-Cookie header if present
     auth_request_set $set_cookie $upstream_http_set_cookie;
     add_header Set-Cookie $set_cookie;
 
-    ## Set $authentik_backend to route requests to the current domain by default
-    set $authentik_backend $http_host;
-    return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
+    ## Set the $target_url variable based on the original request
+    set_escape_uri $target_url $scheme://$http_host$request_uri;
+
+    ## Set the $signin_url variable
+    set $signin_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url;
+
+    ## Redirect to login
+    return 302 $signin_url;
 }

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,4 +1,4 @@
-## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2023/11/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 
 # redirect all traffic to https
 server {
@@ -48,10 +48,24 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
-        try_files $uri $uri/ /index.html /index.php$is_args$args =404;
+        try_files $uri $uri/ /index.html /index.php$is_args$args;
     }
 
     location ~ ^(.+\.php)(.*)$ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        try_files $fastcgi_script_name =404;
         fastcgi_split_path_info ^(.+\.php)(.*)$;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_index index.php;

root/etc/crontabs/root

@@ -1,9 +1,2 @@
-# do daily/weekly/monthly maintenance
 # min   hour    day     month   weekday command
-*/15    *       *       *       *       run-parts /etc/periodic/15min
-0       *       *       *       *       run-parts /etc/periodic/hourly
-0       2       *       *       *       run-parts /etc/periodic/daily
-0       3       *       *       6       run-parts /etc/periodic/weekly
-0       5       1       *       *       run-parts /etc/periodic/monthly
-# renew letsencrypt certs
 8       2       *       *       *       /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -24,18 +24,44 @@ for i in "${SANED_VARS[@]}"; do
 done
 
 # check to make sure DNSPLUGIN is selected if dns validation is used
-if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
-    echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
+CERTBOT_DNS_AUTHENTICATORS=$(certbot plugins --authenticators 2>/dev/null | sed -e 's/^Entry point: EntryPoint(name='\''cpanel'\''/Entry point: EntryPoint(name='\''dns-cpanel'\''/' -e '/EntryPoint(name='\''dns-/!d' -e 's/^Entry point: EntryPoint(name='\''dns-\([^ ]*\)'\'',/\1/' | sort)
+if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | grep -q "${DNSPLUGIN}"; then
+    echo "Please set the DNSPLUGIN variable to one of the following:"
+    echo "${CERTBOT_DNS_AUTHENTICATORS}"
     sleep infinity
 fi
 
+# set owner of certbot's CONFIG_DIR, WORK_DIR, and LOGS_DIR to abc
+lsiown -R abc:abc \
+    /etc/letsencrypt \
+    /var/lib/letsencrypt \
+    /var/log/letsencrypt
+
+# set_ini_value logic:
+# - if the name is not found in the file, append the name=value to the end of the file
+# - if the name is found in the file, replace the value
+# - if the name is found in the file but commented out, uncomment the line and replace the value
+# call set_ini_value with parameters: $1=name $2=value $3=file
+function set_ini_value() {
+    name=${1//\//\\/}
+    value=${2//\//\\/}
+    sed -i \
+        -e '/^#\?\(\s*'"${name}"'\s*=\s*\).*/{s//\1'"${value}"'/;:a;n;ba;q}' \
+        -e '$a'"${name}"'='"${value}" "${3}"
+}
+
+# ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
+touch /config/etc/letsencrypt/cli.ini
+lsiown abc:abc /config/etc/letsencrypt/cli.ini
+grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
+
 # copy dns default configs
-cp -n /defaults/dns-conf/* /config/dns-conf/
+cp -n /defaults/dns-conf/* /config/dns-conf/ 2> >(grep -v 'cp: not replacing')
 lsiown -R abc:abc /config/dns-conf
 
 # copy default renewal hooks
 chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
-cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
+cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ 2> >(grep -v 'cp: not replacing')
 lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
 
 # replace nginx service location in renewal hooks
@@ -157,21 +183,25 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
     [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
     echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
     if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
-        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
-        REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
-        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
+        REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
+        REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
         if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
-            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
-            sleep infinity
+            REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
+            REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
+        fi
+        if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
+            REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
         fi
-        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
     elif [[ "${ORIGSTAGING}" = "true" ]]; then
-        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
+        REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
     else
-        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+        REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     fi
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+    else
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -182,9 +212,11 @@ echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS
 # Check if the cert is using the old LE root cert, revoke and regen if necessary
 if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
     echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
-    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+    else
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -208,52 +240,51 @@ else
     ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
 fi
 
-# figuring out url only vs url & subdomains vs subdomains only
+set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
+
+# figuring out domain only vs domain & subdomains vs subdomains only
+DOMAINS_ARRAY=()
+if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
+    DOMAINS_ARRAY+=("${URL}")
+fi
 if [[ -n "${SUBDOMAINS}" ]]; then
     echo "SUBDOMAINS entered, processing"
+    SUBDOMAINS_ARRAY=()
     if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
-        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
-            export URL_REAL="-d *.${URL}"
-            echo "Wildcard cert for only the subdomains of ${URL} will be requested"
-        else
-            export URL_REAL="-d *.${URL} -d ${URL}"
-            echo "Wildcard cert for ${URL} will be requested"
-        fi
+        SUBDOMAINS_ARRAY+=("*.${URL}")
+        echo "Wildcard cert for ${URL} will be requested"
     else
-        echo "SUBDOMAINS entered, processing"
         for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
-            export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
+            SUBDOMAINS_ARRAY+=("${job}.${URL}")
         done
-        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
-            URL_REAL="${SUBDOMAINS_REAL}"
-            echo "Only subdomains, no URL in cert"
-        else
-            URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
-        fi
-        echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
+        echo "Sub-domains processed are: $(echo "${SUBDOMAINS_ARRAY[*]}" | tr " " ",")"
     fi
-else
-    echo "No subdomains defined"
-    URL_REAL="-d ${URL}"
+    DOMAINS_ARRAY+=("${SUBDOMAINS_ARRAY[@]}")
 fi
 
 # add extra domains
 if [[ -n "${EXTRA_DOMAINS}" ]]; then
     echo "EXTRA_DOMAINS entered, processing"
+    EXTRA_DOMAINS_ARRAY=()
     for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
-        export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
+        EXTRA_DOMAINS_ARRAY+=("${job}")
     done
-    echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
-    URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
+    echo "Extra domains processed are: $(echo "${EXTRA_DOMAINS_ARRAY[*]}" | tr " " ",")"
+    DOMAINS_ARRAY+=("${EXTRA_DOMAINS_ARRAY[@]}")
 fi
 
+# setting domains in cli.ini
+set_ini_value "domains" "$(echo "${DOMAINS_ARRAY[*]}" | tr " " ",")" /config/etc/letsencrypt/cli.ini
+
 # figuring out whether to use e-mail and which
 if [[ ${EMAIL} == *@* ]]; then
     echo "E-mail address entered: ${EMAIL}"
-    EMAILPARAM="-m ${EMAIL} --no-eff-email"
+    set_ini_value "email" "${EMAIL}" /config/etc/letsencrypt/cli.ini
+    set_ini_value "no-eff-email" "true" /config/etc/letsencrypt/cli.ini
+    set_ini_value "register-unsafely-without-email" "false" /config/etc/letsencrypt/cli.ini
 else
     echo "No e-mail address entered or address invalid"
-    EMAILPARAM="--register-unsafely-without-email"
+    set_ini_value "register-unsafely-without-email" "true" /config/etc/letsencrypt/cli.ini
 fi
 
 # alter extension for error message
@@ -265,37 +296,41 @@ fi
 
 # setting the validation method to use
 if [[ "${VALIDATION}" = "dns" ]]; then
-    AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
-    DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
-    if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+    set_ini_value "preferred-challenges" "dns" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "dns-${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
+    set_ini_value "dns-${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
+    if [[ -n "${PROPAGATION}" ]]; then set_ini_value "dns-${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
 
     # plugins that don't support setting credentials file
     if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
-        DNSCREDENTIALSPARAM=""
+        sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
     fi
     # plugins that don't support setting propagation
     if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
         if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
-        PROPAGATIONPARAM=""
+        sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
     fi
     # plugins that use old parameter naming convention
     if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
-        AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
-        DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+        sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
+        sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
+        set_ini_value "authenticator" "${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
+        set_ini_value "${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
+        if [[ -n "${PROPAGATION}" ]]; then set_ini_value "${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
     fi
     # don't restore txt records when using DuckDNS plugin
     if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
-        AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
+        set_ini_value "dns-${DNSPLUGIN}-no-txt-restore" "true" /config/etc/letsencrypt/cli.ini
     fi
 
-    PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
     echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
 elif [[ "${VALIDATION}" = "tls-sni" ]]; then
-    PREFCHAL="--standalone --preferred-challenges http"
+    set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
     echo "*****tls-sni validation has been deprecated, attempting http validation instead"
 else
-    PREFCHAL="--standalone --preferred-challenges http"
+    set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
     echo "http validation is selected"
 fi
 
@@ -304,17 +339,17 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
     if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
         echo "Retrieving EAB from ZeroSSL"
         EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
-        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
-        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | jq .eab_kid)
+        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | jq .eab_hmac_key)
         if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
             echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
             sleep infinity
         fi
-        ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
+        set_ini_value "eab-kid" "${ZEROSSL_EAB_KID}" /config/etc/letsencrypt/cli.ini
+        set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
     fi
     echo "Generating new certificate"
-    # shellcheck disable=SC2086
-    certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
+    certbot certonly --non-interactive --renew-by-default
     if [[ ! -d /config/keys/letsencrypt ]]; then
         if [[ "${VALIDATION}" = "dns" ]]; then
             echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

@@ -1,38 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-# make folders
-mkdir -p \
-    /config/crontabs
-
-## root
-# if crontabs do not exist in config
-if [[ ! -f /config/crontabs/root ]]; then
-    # copy crontab from system
-    if crontab -l -u root; then
-        crontab -l -u root >/config/crontabs/root
-    fi
-
-    # if crontabs still do not exist in config (were not copied from system)
-    # copy crontab from included defaults (using -n, do not overwrite an existing file)
-    cp -n /etc/crontabs/root /config/crontabs/
-fi
-# set permissions and import user crontabs
-lsiown root:root /config/crontabs/root
-crontab -u root /config/crontabs/root
-
-## abc
-# if crontabs do not exist in config
-if [[ ! -f /config/crontabs/abc ]]; then
-    # copy crontab from system
-    if crontab -l -u abc; then
-        crontab -l -u abc >/config/crontabs/abc
-    fi
-
-    # if crontabs still do not exist in config (were not copied from system)
-    # copy crontab from included defaults (using -n, do not overwrite an existing file)
-    cp -n /etc/crontabs/abc /config/crontabs/
-fi
-# set permissions and import user crontabs
-lsiown abc:abc /config/crontabs/abc
-crontab -u abc /config/crontabs/abc

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type

@@ -1 +0,0 @@
-oneshot

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up

@@ -1 +0,0 @@
-/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

root/etc/s6-overlay/s6-rc.d/init-folders-config/run

@@ -3,7 +3,7 @@
 
 # make our folders and links
 mkdir -p \
-    /config/{fail2ban,crontabs,dns-conf} \
+    /config/{fail2ban,dns-conf} \
     /config/etc/letsencrypt/renewal-hooks \
     /config/log/{fail2ban,letsencrypt,nginx} \
     /config/nginx/proxy-confs \