Bot Updating Package Versions

Add GleSYS DNS plugin

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -53,7 +53,6 @@ body:
       options:
         - x86-64
         - arm64
-        - armhf
     validations:
       required: true
   - type: textarea

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.17
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.18
 
 # set version label
 ARG BUILD_DATE
@@ -24,7 +24,7 @@ RUN \
     openssl-dev \
     python3-dev && \
   echo "**** install runtime packages ****" && \
-  apk add --no-cache --upgrade \
+  apk add --no-cache \
     fail2ban \
     gnupg \
     memcached \
@@ -45,59 +45,53 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php81-bcmath \
+    php82-bcmath \
-    php81-bz2 \
+    php82-bz2 \
-    php81-ctype \
+    php82-dom \
-    php81-curl \
+    php82-exif \
-    php81-dom \
+    php82-ftp \
-    php81-exif \
+    php82-gd \
-    php81-ftp \
+    php82-gmp \
-    php81-gd \
+    php82-imap \
-    php81-gmp \
+    php82-intl \
-    php81-iconv \
+    php82-ldap \
-    php81-imap \
+    php82-mysqli \
-    php81-intl \
+    php82-mysqlnd \
-    php81-ldap \
+    php82-opcache \
-    php81-mysqli \
+    php82-pdo_mysql \
-    php81-mysqlnd \
+    php82-pdo_odbc \
-    php81-opcache \
+    php82-pdo_pgsql \
-    php81-pdo_mysql \
+    php82-pdo_sqlite \
-    php81-pdo_odbc \
+    php82-pear \
-    php81-pdo_pgsql \
+    php82-pecl-apcu \
-    php81-pdo_sqlite \
+    php82-pecl-memcached \
-    php81-pear \
+    php82-pecl-redis \
-    php81-pecl-apcu \
+    php82-pgsql \
-    php81-pecl-mailparse \
+    php82-posix \
-    php81-pecl-memcached \
+    php82-soap \
-    php81-pecl-redis \
+    php82-sockets \
-    php81-pgsql \
+    php82-sodium \
-    php81-phar \
+    php82-sqlite3 \
-    php81-posix \
+    php82-tokenizer \
-    php81-soap \
+    php82-xmlreader \
-    php81-sockets \
+    php82-xsl \
-    php81-sodium \
-    php81-sqlite3 \
-    php81-tokenizer \
-    php81-xmlreader \
-    php81-xsl \
-    php81-zip \
     whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
-    php81-pecl-mcrypt \
+    php82-pecl-mcrypt && \
-    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
     CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  python3 -m ensurepip && \
+  python3 -m venv /lsiopy && \
-  pip3 install -U --no-cache-dir \
+  pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \
     certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
+    certbot-dns-bunny \
     certbot-dns-cloudflare \
     certbot-dns-cpanel \
     certbot-dns-desec \
@@ -108,9 +102,11 @@ RUN \
     certbot-dns-dnspod \
     certbot-dns-do \
     certbot-dns-domeneshop \
+    certbot-dns-dreamhost \
     certbot-dns-duckdns \
-    certbot-dns-dynu \
+    certbot-dns-freedns \
     certbot-dns-gehirn \
+    certbot-dns-glesys \
     certbot-dns-godaddy \
     certbot-dns-google \
     certbot-dns-google-domains \
@@ -122,6 +118,7 @@ RUN \
     certbot-dns-linode \
     certbot-dns-loopia \
     certbot-dns-luadns \
+    certbot-dns-namecheap \
     certbot-dns-netcup \
     certbot-dns-njalla \
     certbot-dns-nsone \

Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.17
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.18
 
 # set version label
 ARG BUILD_DATE
@@ -24,7 +24,7 @@ RUN \
     openssl-dev \
     python3-dev && \
   echo "**** install runtime packages ****" && \
-  apk add --no-cache --upgrade \
+  apk add --no-cache \
     fail2ban \
     gnupg \
     memcached \
@@ -45,59 +45,53 @@ RUN \
     nginx-mod-stream \
     nginx-mod-stream-geoip2 \
     nginx-vim \
-    php81-bcmath \
+    php82-bcmath \
-    php81-bz2 \
+    php82-bz2 \
-    php81-ctype \
+    php82-dom \
-    php81-curl \
+    php82-exif \
-    php81-dom \
+    php82-ftp \
-    php81-exif \
+    php82-gd \
-    php81-ftp \
+    php82-gmp \
-    php81-gd \
+    php82-imap \
-    php81-gmp \
+    php82-intl \
-    php81-iconv \
+    php82-ldap \
-    php81-imap \
+    php82-mysqli \
-    php81-intl \
+    php82-mysqlnd \
-    php81-ldap \
+    php82-opcache \
-    php81-mysqli \
+    php82-pdo_mysql \
-    php81-mysqlnd \
+    php82-pdo_odbc \
-    php81-opcache \
+    php82-pdo_pgsql \
-    php81-pdo_mysql \
+    php82-pdo_sqlite \
-    php81-pdo_odbc \
+    php82-pear \
-    php81-pdo_pgsql \
+    php82-pecl-apcu \
-    php81-pdo_sqlite \
+    php82-pecl-memcached \
-    php81-pear \
+    php82-pecl-redis \
-    php81-pecl-apcu \
+    php82-pgsql \
-    php81-pecl-mailparse \
+    php82-posix \
-    php81-pecl-memcached \
+    php82-soap \
-    php81-pecl-redis \
+    php82-sockets \
-    php81-pgsql \
+    php82-sodium \
-    php81-phar \
+    php82-sqlite3 \
-    php81-posix \
+    php82-tokenizer \
-    php81-soap \
+    php82-xmlreader \
-    php81-sockets \
+    php82-xsl \
-    php81-sodium \
-    php81-sqlite3 \
-    php81-tokenizer \
-    php81-xmlreader \
-    php81-xsl \
-    php81-zip \
     whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
-    php81-pecl-mcrypt \
+    php82-pecl-mcrypt && \
-    php81-pecl-xmlrpc && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \
     CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
   fi && \
-  python3 -m ensurepip && \
+  python3 -m venv /lsiopy && \
-  pip3 install -U --no-cache-dir \
+  pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
+  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.18/ \
     certbot==${CERTBOT_VERSION} \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
+    certbot-dns-bunny \
     certbot-dns-cloudflare \
     certbot-dns-cpanel \
     certbot-dns-desec \
@@ -108,9 +102,11 @@ RUN \
     certbot-dns-dnspod \
     certbot-dns-do \
     certbot-dns-domeneshop \
+    certbot-dns-dreamhost \
     certbot-dns-duckdns \
-    certbot-dns-dynu \
+    certbot-dns-freedns \
     certbot-dns-gehirn \
+    certbot-dns-glesys \
     certbot-dns-godaddy \
     certbot-dns-google \
     certbot-dns-google-domains \
@@ -122,6 +118,7 @@ RUN \
     certbot-dns-linode \
     certbot-dns-loopia \
     certbot-dns-luadns \
+    certbot-dns-namecheap \
     certbot-dns-netcup \
     certbot-dns-njalla \
     certbot-dns-nsone \

Dockerfile.armhf

@@ -1,186 +0,0 @@
-# syntax=docker/dockerfile:1
-
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.17
-
-# set version label
-ARG BUILD_DATE
-ARG VERSION
-ARG CERTBOT_VERSION
-LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
-LABEL maintainer="nemchik"
-
-# environment settings
-ENV DHLEVEL=2048 ONLY_SUBDOMAINS=false AWS_CONFIG_FILE=/config/dns-conf/route53.ini
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
-
-RUN \
-  echo "**** install build packages ****" && \
-  apk add --no-cache --virtual=build-dependencies \
-    build-base \
-    cargo \
-    libffi-dev \
-    libxml2-dev \
-    libxslt-dev \
-    openssl-dev \
-    python3-dev && \
-  echo "**** install runtime packages ****" && \
-  apk add --no-cache --upgrade \
-    fail2ban \
-    gnupg \
-    memcached \
-    nginx-mod-http-brotli \
-    nginx-mod-http-dav-ext \
-    nginx-mod-http-echo \
-    nginx-mod-http-fancyindex \
-    nginx-mod-http-geoip2 \
-    nginx-mod-http-headers-more \
-    nginx-mod-http-image-filter \
-    nginx-mod-http-perl \
-    nginx-mod-http-redis2 \
-    nginx-mod-http-set-misc \
-    nginx-mod-http-upload-progress \
-    nginx-mod-http-xslt-filter \
-    nginx-mod-mail \
-    nginx-mod-rtmp \
-    nginx-mod-stream \
-    nginx-mod-stream-geoip2 \
-    nginx-vim \
-    php81-bcmath \
-    php81-bz2 \
-    php81-ctype \
-    php81-curl \
-    php81-dom \
-    php81-exif \
-    php81-ftp \
-    php81-gd \
-    php81-gmp \
-    php81-iconv \
-    php81-imap \
-    php81-intl \
-    php81-ldap \
-    php81-mysqli \
-    php81-mysqlnd \
-    php81-opcache \
-    php81-pdo_mysql \
-    php81-pdo_odbc \
-    php81-pdo_pgsql \
-    php81-pdo_sqlite \
-    php81-pear \
-    php81-pecl-apcu \
-    php81-pecl-mailparse \
-    php81-pecl-memcached \
-    php81-pecl-redis \
-    php81-pgsql \
-    php81-phar \
-    php81-posix \
-    php81-soap \
-    php81-sockets \
-    php81-sodium \
-    php81-sqlite3 \
-    php81-tokenizer \
-    php81-xmlreader \
-    php81-xsl \
-    php81-zip \
-    whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    php81-pecl-mcrypt \
-    php81-pecl-xmlrpc && \
-  echo "**** install certbot plugins ****" && \
-  if [ -z ${CERTBOT_VERSION+x} ]; then \
-    CERTBOT_VERSION=$(curl -sL  https://pypi.python.org/pypi/certbot/json |jq -r '. | .info.version'); \
-  fi && \
-  python3 -m ensurepip && \
-  pip3 install -U --no-cache-dir \
-    pip \
-    wheel && \
-  pip3 install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.17/ \
-    certbot==${CERTBOT_VERSION} \
-    certbot-dns-acmedns \
-    certbot-dns-aliyun \
-    certbot-dns-azure \
-    certbot-dns-cloudflare \
-    certbot-dns-cpanel \
-    certbot-dns-desec \
-    certbot-dns-digitalocean \
-    certbot-dns-directadmin \
-    certbot-dns-dnsimple \
-    certbot-dns-dnsmadeeasy \
-    certbot-dns-dnspod \
-    certbot-dns-do \
-    certbot-dns-domeneshop \
-    certbot-dns-duckdns \
-    certbot-dns-dynu \
-    certbot-dns-gehirn \
-    certbot-dns-godaddy \
-    certbot-dns-google \
-    certbot-dns-google-domains \
-    certbot-dns-he \
-    certbot-dns-hetzner \
-    certbot-dns-infomaniak \
-    certbot-dns-inwx \
-    certbot-dns-ionos \
-    certbot-dns-linode \
-    certbot-dns-loopia \
-    certbot-dns-luadns \
-    certbot-dns-netcup \
-    certbot-dns-njalla \
-    certbot-dns-nsone \
-    certbot-dns-ovh \
-    certbot-dns-porkbun \
-    certbot-dns-rfc2136 \
-    certbot-dns-route53 \
-    certbot-dns-sakuracloud \
-    certbot-dns-standalone \
-    certbot-dns-transip \
-    certbot-dns-vultr \
-    certbot-plugin-gandi \
-    cryptography \
-    future \
-    requests && \
-  echo "**** enable OCSP stapling from base ****" && \
-  sed -i \
-    's|#ssl_stapling on;|ssl_stapling on;|' \
-    /defaults/nginx/ssl.conf.sample && \
-  sed -i \
-    's|#ssl_stapling_verify on;|ssl_stapling_verify on;|' \
-    /defaults/nginx/ssl.conf.sample && \
-  sed -i \
-    's|#ssl_trusted_certificate /config/keys/cert.crt;|ssl_trusted_certificate /config/keys/cert.crt;|' \
-    /defaults/nginx/ssl.conf.sample && \
-  echo "**** correct ip6tables legacy issue ****" && \
-  rm \
-    /sbin/ip6tables && \
-  ln -s \
-    /sbin/ip6tables-nft /sbin/ip6tables && \
-  echo "**** remove unnecessary fail2ban filters ****" && \
-  rm \
-    /etc/fail2ban/jail.d/alpine-ssh.conf && \
-  echo "**** copy fail2ban default action and filter to /defaults ****" && \
-  mkdir -p /defaults/fail2ban && \
-  mv /etc/fail2ban/action.d /defaults/fail2ban/ && \
-  mv /etc/fail2ban/filter.d /defaults/fail2ban/ && \
-  echo "**** define allowipv6 to silence warning ****" && \
-  sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf && \
-  echo "**** copy proxy confs to /defaults ****" && \
-  mkdir -p \
-    /defaults/nginx/proxy-confs && \
-  curl -o \
-    /tmp/proxy-confs.tar.gz -L \
-    "https://github.com/linuxserver/reverse-proxy-confs/tarball/master" && \
-  tar xf \
-    /tmp/proxy-confs.tar.gz -C \
-    /defaults/nginx/proxy-confs --strip-components=1 --exclude=linux*/.editorconfig --exclude=linux*/.gitattributes --exclude=linux*/.github --exclude=linux*/.gitignore --exclude=linux*/LICENSE && \
-  echo "**** cleanup ****" && \
-  apk del --purge \
-    build-dependencies && \
-  rm -rf \
-    /tmp/* \
-    $HOME/.cache \
-    $HOME/.cargo
-
-# copy local files
-COPY root/ /
-
-# ports and volumes
-EXPOSE 80 443
-VOLUME /config

Jenkinsfile

@@ -16,7 +16,7 @@ pipeline {
     GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab')
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
-    SCARF_TOKEN=credentials('scarf_api_key')
+    DOCKERHUB_TOKEN=credentials('docker-hub-ci-pat')
     EXT_PIP = 'certbot'
     BUILD_VERSION_ARG = 'CERTBOT_VERSION'
     LS_USER = 'linuxserver'
@@ -40,7 +40,12 @@ pipeline {
     // Setup all the basic environment variables needed for the build
     stage("Set ENV Variables base"){
       steps{
-        sh '''docker pull quay.io/skopeo/stable:v1 || : '''
+        sh '''#! /bin/bash
+              containers=$(docker ps -aq)
+              if [[ -n "${containers}" ]]; then
+                docker stop ${containers}
+              fi
+              docker system prune -af --volumes || : '''
         script{
           env.EXIT_STATUS = ''
           env.LS_RELEASE = sh(
@@ -55,11 +60,16 @@ pipeline {
           env.COMMIT_SHA = sh(
             script: '''git rev-parse HEAD''',
             returnStdout: true).trim()
+          env.GH_DEFAULT_BRANCH = sh(
+            script: '''git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||' ''',
+            returnStdout: true).trim()
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/commit/' + env.GIT_COMMIT
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.DOCKERHUB_IMAGE + '/tags/'
           env.PULL_REQUEST = env.CHANGE_ID
           env.TEMPLATED_FILES = 'Jenkinsfile README.md LICENSE .editorconfig ./.github/CONTRIBUTING.md ./.github/FUNDING.yml ./.github/ISSUE_TEMPLATE/config.yml ./.github/ISSUE_TEMPLATE/issue.bug.yml ./.github/ISSUE_TEMPLATE/issue.feature.yml ./.github/PULL_REQUEST_TEMPLATE.md ./.github/workflows/external_trigger_scheduler.yml ./.github/workflows/greetings.yml ./.github/workflows/package_trigger_scheduler.yml ./.github/workflows/call_issue_pr_tracker.yml ./.github/workflows/call_issues_cron.yml ./.github/workflows/permissions.yml ./.github/workflows/external_trigger.yml ./.github/workflows/package_trigger.yml ./root/donate.txt'
         }
+        sh '''#! /bin/bash
+              echo "The default github branch detected as ${GH_DEFAULT_BRANCH}" '''
         script{
           env.LS_RELEASE_NUMBER = sh(
             script: '''echo ${LS_RELEASE} |sed 's/^.*-ls//g' ''',
@@ -116,7 +126,7 @@ pipeline {
       steps{
         script{
           env.EXT_RELEASE_CLEAN = sh(
-            script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g' ''',
+            script: '''echo ${EXT_RELEASE} | sed 's/[~,%@+;:/ ]//g' ''',
             returnStdout: true).trim()
 
           def semver = env.EXT_RELEASE_CLEAN =~ /(\d+)\.(\d+)\.(\d+)/
@@ -134,7 +144,7 @@ pipeline {
           }
 
           if (env.SEMVER != null) {
-            if (BRANCH_NAME != "master" && BRANCH_NAME != "main") {
+            if (BRANCH_NAME != "${env.GH_DEFAULT_BRANCH}") {
               env.SEMVER = "${env.SEMVER}-${BRANCH_NAME}"
             }
             println("SEMVER: ${env.SEMVER}")
@@ -158,7 +168,7 @@ pipeline {
           env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/' + env.CONTAINER_NAME
           env.QUAYIMAGE = 'quay.io/linuxserver.io/' + env.CONTAINER_NAME
           if (env.MULTIARCH == 'true') {
-            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
+            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           } else {
             env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-ls' + env.LS_TAG_NUMBER
           }
@@ -181,7 +191,7 @@ pipeline {
           env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lsiodev-' + env.CONTAINER_NAME
           env.QUAYIMAGE = 'quay.io/linuxserver.io/lsiodev-' + env.CONTAINER_NAME
           if (env.MULTIARCH == 'true') {
-            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
+            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
           } else {
             env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA
           }
@@ -204,12 +214,12 @@ pipeline {
           env.GITLABIMAGE = 'registry.gitlab.com/linuxserver.io/' + env.LS_REPO + '/lspipepr-' + env.CONTAINER_NAME
           env.QUAYIMAGE = 'quay.io/linuxserver.io/lspipepr-' + env.CONTAINER_NAME
           if (env.MULTIARCH == 'true') {
-            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm32v7-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+            env.CI_TAGS = 'amd64-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST + '|arm64v8-' + env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
           } else {
-            env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+            env.CI_TAGS = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
           }
-          env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+          env.VERSION_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
-          env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-pr-' + env.PULL_REQUEST
+          env.META_TAG = env.EXT_RELEASE_CLEAN + '-pkg-' + env.PACKAGE_TAG + '-dev-' + env.COMMIT_SHA + '-pr-' + env.PULL_REQUEST
           env.EXT_RELEASE_TAG = 'version-' + env.EXT_RELEASE_CLEAN
           env.CODE_URL = 'https://github.com/' + env.LS_USER + '/' + env.LS_REPO + '/pull/' + env.PULL_REQUEST
           env.DOCKERHUB_LINK = 'https://hub.docker.com/r/' + env.PR_DOCKERHUB_IMAGE + '/tags/'
@@ -252,112 +262,150 @@ pipeline {
         }
       }
       steps {
-        sh '''#! /bin/bash
+        withCredentials([
-              set -e
+          [
-              TEMPDIR=$(mktemp -d)
+            $class: 'UsernamePasswordMultiBinding',
-              docker pull ghcr.io/linuxserver/jenkins-builder:latest
+            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
-              docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest 
+            usernameVariable: 'DOCKERUSER',
-              # Stage 1 - Jenkinsfile update
+            passwordVariable: 'DOCKERPASS'
-              if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then
+          ]
-                mkdir -p ${TEMPDIR}/repo
+        ]) {
-                git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
+          sh '''#! /bin/bash
-                cd ${TEMPDIR}/repo/${LS_REPO}
+                set -e
-                git checkout -f master
+                TEMPDIR=$(mktemp -d)
-                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/
+                docker pull ghcr.io/linuxserver/jenkins-builder:latest
-                git add Jenkinsfile
+                docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest 
-                git commit -m 'Bot Updating Templated Files'
+                # Stage 1 - Jenkinsfile update
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then
-                echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                  mkdir -p ${TEMPDIR}/repo
-                echo "Updating Jenkinsfile"
+                  git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
-                rm -Rf ${TEMPDIR}
+                  cd ${TEMPDIR}/repo/${LS_REPO}
-                exit 0
+                  git checkout -f master
-              else
+                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/
-                echo "Jenkinsfile is up to date."
+                  git add Jenkinsfile
-              fi
+                  git commit -m 'Bot Updating Templated Files'
-              # Stage 2 - Delete old templates
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
-              OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml"
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
-              for i in ${OLD_TEMPLATES}; do
+                  echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                if [[ -f "${i}" ]]; then
+                  echo "Updating Jenkinsfile"
-                  TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
+                  rm -Rf ${TEMPDIR}
-                fi
+                  exit 0
-              done
-              if [[ -n "${TEMPLATES_TO_DELETE}" ]]; then
-                mkdir -p ${TEMPDIR}/repo
-                git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
-                cd ${TEMPDIR}/repo/${LS_REPO}
-                git checkout -f master
-                for i in ${TEMPLATES_TO_DELETE}; do
-                  git rm "${i}"
-                done
-                git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
-                echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-                echo "Deleting old and deprecated templates"
-                rm -Rf ${TEMPDIR}
-                exit 0
-              else
-                echo "No templates to delete"
-              fi
-              # Stage 3 - Update templates
-              CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
-              cd ${TEMPDIR}/docker-${CONTAINER_NAME}
-              NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
-              if [[ "${CURRENTHASH}" != "${NEWHASH}" ]] || ! grep -q '.jenkins-external' "${WORKSPACE}/.gitignore" 2>/dev/null; then
-                mkdir -p ${TEMPDIR}/repo
-                git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
-                cd ${TEMPDIR}/repo/${LS_REPO}
-                git checkout -f master
-                cd ${TEMPDIR}/docker-${CONTAINER_NAME}
-                mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows
-                mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE
-                cp --parents ${TEMPLATED_FILES} ${TEMPDIR}/repo/${LS_REPO}/ || :
-                cd ${TEMPDIR}/repo/${LS_REPO}/
-                if ! grep -q '.jenkins-external' .gitignore 2>/dev/null; then
-                  echo ".jenkins-external" >> .gitignore
-                  git add .gitignore
-                fi
-                git add ${TEMPLATED_FILES}
-                git commit -m 'Bot Updating Templated Files'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
-                echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-              else
-                echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
-              fi
-              mkdir -p ${TEMPDIR}/gitbook
-              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
-                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
-                cd ${TEMPDIR}/gitbook/docker-documentation/
-                git add images/docker-${CONTAINER_NAME}.md
-                git commit -m 'Bot Updating Documentation'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all
-              fi
-              mkdir -p ${TEMPDIR}/unraid
-              git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
-              git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
-              if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
-                sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
-              fi
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
-                cd ${TEMPDIR}/unraid/templates/
-                if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
-                  echo "Image is on the ignore list, marking Unraid template as deprecated"
-                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
-                  git add -u unraid/${CONTAINER_NAME}.xml
-                  git mv unraid/${CONTAINER_NAME}.xml unraid/deprecated/${CONTAINER_NAME}.xml || :
-                  git commit -m 'Bot Moving Deprecated Unraid Template' || :
                 else
-                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
+                  echo "Jenkinsfile is up to date."
-                  git add unraid/${CONTAINER_NAME}.xml
-                  git commit -m 'Bot Updating Unraid Template'
                 fi
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git --all
+                # Stage 2 - Delete old templates
-              fi
+                OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/issue.bug.md .github/ISSUE_TEMPLATE/issue.feature.md .github/workflows/call_invalid_helper.yml .github/workflows/stale.yml Dockerfile.armhf"
-              rm -Rf ${TEMPDIR}'''
+                for i in ${OLD_TEMPLATES}; do
-        script{
+                  if [[ -f "${i}" ]]; then
-          env.FILES_UPDATED = sh(
+                    TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
-            script: '''cat /tmp/${COMMIT_SHA}-${BUILD_NUMBER}''',
+                  fi
-            returnStdout: true).trim()
+                done
+                if [[ -n "${TEMPLATES_TO_DELETE}" ]]; then
+                  mkdir -p ${TEMPDIR}/repo
+                  git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
+                  cd ${TEMPDIR}/repo/${LS_REPO}
+                  git checkout -f master
+                  for i in ${TEMPLATES_TO_DELETE}; do
+                    git rm "${i}"
+                  done
+                  git commit -m 'Bot Updating Templated Files'
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
+                  echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                  echo "Deleting old and deprecated templates"
+                  rm -Rf ${TEMPDIR}
+                  exit 0
+                else
+                  echo "No templates to delete"
+                fi
+                # Stage 3 - Update templates
+                CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
+                cd ${TEMPDIR}/docker-${CONTAINER_NAME}
+                NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
+                if [[ "${CURRENTHASH}" != "${NEWHASH}" ]] || ! grep -q '.jenkins-external' "${WORKSPACE}/.gitignore" 2>/dev/null; then
+                  mkdir -p ${TEMPDIR}/repo
+                  git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
+                  cd ${TEMPDIR}/repo/${LS_REPO}
+                  git checkout -f master
+                  cd ${TEMPDIR}/docker-${CONTAINER_NAME}
+                  mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows
+                  mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE
+                  cp --parents ${TEMPLATED_FILES} ${TEMPDIR}/repo/${LS_REPO}/ || :
+                  cp --parents readme-vars.yml ${TEMPDIR}/repo/${LS_REPO}/ || :
+                  cd ${TEMPDIR}/repo/${LS_REPO}/
+                  if ! grep -q '.jenkins-external' .gitignore 2>/dev/null; then
+                    echo ".jenkins-external" >> .gitignore
+                    git add .gitignore
+                  fi
+                  git add readme-vars.yml ${TEMPLATED_FILES}
+                  git commit -m 'Bot Updating Templated Files'
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
+                  echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                else
+                  echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
+                fi
+                mkdir -p ${TEMPDIR}/docs
+                git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
+                if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}"  ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
+                  cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
+                  cd ${TEMPDIR}/docs/docker-documentation
+                  GH_DOCS_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
+                  git add docs/images/docker-${CONTAINER_NAME}.md
+                  git commit -m 'Bot Updating Documentation'
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH}
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git ${GH_DOCS_DEFAULT_BRANCH}
+                fi
+                mkdir -p ${TEMPDIR}/unraid
+                git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
+                git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
+                if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-logo.png ]]; then
+                  sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-logo.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
+                elif [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
+                  sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
+                fi
+                if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
+                  cd ${TEMPDIR}/unraid/templates/
+                  GH_TEMPLATES_DEFAULT_BRANCH=$(git remote show origin | grep "HEAD branch:" | sed 's|.*HEAD branch: ||')
+                  if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
+                    echo "Image is on the ignore list, marking Unraid template as deprecated"
+                    cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
+                    git add -u unraid/${CONTAINER_NAME}.xml
+                    git mv unraid/${CONTAINER_NAME}.xml unraid/deprecated/${CONTAINER_NAME}.xml || :
+                    git commit -m 'Bot Moving Deprecated Unraid Template' || :
+                  else
+                    cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
+                    git add unraid/${CONTAINER_NAME}.xml
+                    git commit -m 'Bot Updating Unraid Template'
+                  fi
+                  git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH}
+                  git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/templates.git ${GH_TEMPLATES_DEFAULT_BRANCH}
+                fi
+                # Stage 4 - Sync Readme to Docker Hub
+                if [[ "${BRANCH_NAME}" == "${GH_DEFAULT_BRANCH}" ]]; then
+                  if [[ $(cat ${TEMPDIR}/docker-${CONTAINER_NAME}/README.md | wc -m) > 25000 ]]; then
+                    echo "Readme is longer than 25,000 characters. Syncing the lite version to Docker Hub"
+                    DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/README.lite"
+                  else
+                    echo "Syncing readme to Docker Hub"
+                    DH_README_SYNC_PATH="${TEMPDIR}/docker-${CONTAINER_NAME}/README.md"
+                  fi
+                  DH_TOKEN=$(curl -d '{"username":"'${DOCKERUSER}'", "password":"'${DOCKERHUB_TOKEN}'"}' -H "Content-Type: application/json" -X POST https://hub.docker.com/v2/users/login | jq -r '.token')
+                  curl -s \
+                    -H "Authorization: JWT ${DH_TOKEN}" \
+                    -H "Content-Type: application/json" \
+                    -X PATCH \
+                    -d "{\\"full_description\\":$(jq -Rsa . ${DH_README_SYNC_PATH})}" \
+                    https://hub.docker.com/v2/repositories/${DOCKERHUB_IMAGE} || :
+                else
+                  echo "Not the default Github branch. Skipping readme sync to Docker Hub."
+                fi
+                rm -Rf ${TEMPDIR}'''
+          script{
+            env.FILES_UPDATED = sh(
+              script: '''cat /tmp/${COMMIT_SHA}-${BUILD_NUMBER}''',
+              returnStdout: true).trim()
+          }
         }
       }
     }
@@ -417,36 +465,6 @@ pipeline {
              "visibility":"public"}' '''
       } 
     }
-    /* #######################
-           Scarf.sh package registry
-       ####################### */
-    // Add package to Scarf.sh and set permissions
-    stage("Scarf.sh package registry"){
-      when {
-        branch "master"
-        environment name: 'EXIT_STATUS', value: ''
-      }
-      steps{
-        sh '''#! /bin/bash
-              set -e
-              PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid')
-              if [ -z "${PACKAGE_UUID}" ]; then
-                echo "Adding package to Scarf.sh"
-                curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \
-                  -H "Authorization: Bearer ${SCARF_TOKEN}" \
-                  -H "Content-Type: application/json" \
-                  -d '{"name":"linuxserver/swag",\
-                       "shortDescription":"example description",\
-                       "libraryType":"docker",\
-                       "website":"https://github.com/linuxserver/docker-swag",\
-                       "backendUrl":"https://ghcr.io/linuxserver/swag",\
-                       "publicUrl":"https://lscr.io/linuxserver/swag"}' || :
-              else
-                echo "Package already exists on Scarf.sh"
-              fi
-           '''
-      } 
-    }
     /* ###############
        Build Container
        ############### */
@@ -509,41 +527,6 @@ pipeline {
               --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
           }
         }
-        stage('Build ARMHF') {
-          agent {
-            label 'ARMHF'
-          }
-          steps {
-            echo "Running on node: ${NODE_NAME}"
-            echo 'Logging into Github'
-            sh '''#! /bin/bash
-                  echo $GITHUB_TOKEN | docker login ghcr.io -u LinuxServer-CI --password-stdin
-               '''
-            sh "sed -r -i 's|(^FROM .*)|\\1\\n\\nENV LSIO_FIRST_PARTY=true|g' Dockerfile.armhf"
-            sh "docker buildx build \
-              --label \"org.opencontainers.image.created=${GITHUB_DATE}\" \
-              --label \"org.opencontainers.image.authors=linuxserver.io\" \
-              --label \"org.opencontainers.image.url=https://github.com/linuxserver/docker-swag/packages\" \
-              --label \"org.opencontainers.image.documentation=https://docs.linuxserver.io/images/docker-swag\" \
-              --label \"org.opencontainers.image.source=https://github.com/linuxserver/docker-swag\" \
-              --label \"org.opencontainers.image.version=${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}\" \
-              --label \"org.opencontainers.image.revision=${COMMIT_SHA}\" \
-              --label \"org.opencontainers.image.vendor=linuxserver.io\" \
-              --label \"org.opencontainers.image.licenses=GPL-3.0-only\" \
-              --label \"org.opencontainers.image.ref.name=${COMMIT_SHA}\" \
-              --label \"org.opencontainers.image.title=Swag\" \
-              --label \"org.opencontainers.image.description=SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.\" \
-              --no-cache --pull -f Dockerfile.armhf -t ${IMAGE}:arm32v7-${META_TAG} --platform=linux/arm/v7 \
-              --build-arg ${BUILD_VERSION_ARG}=${EXT_RELEASE} --build-arg VERSION=\"${VERSION_TAG}\" --build-arg BUILD_DATE=${GITHUB_DATE} ."
-            sh "docker tag ${IMAGE}:arm32v7-${META_TAG} ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
-            retry(5) {
-              sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}"
-            }
-            sh '''docker rmi \
-                  ${IMAGE}:arm32v7-${META_TAG} \
-                  ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
-          }
-        }
         stage('Build ARM64') {
           agent {
             label 'ARM64'
@@ -574,9 +557,12 @@ pipeline {
             retry(5) {
               sh "docker push ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}"
             }
-            sh '''docker rmi \
+            sh '''#! /bin/bash
-                  ${IMAGE}:arm64v8-${META_TAG} \
+                  containers=$(docker ps -aq)
-                  ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :'''
+                  if [[ -n "${containers}" ]]; then
+                    docker stop ${containers}
+                  fi
+                  docker system prune -af --volumes || : '''
           }
         }
       }
@@ -613,7 +599,8 @@ pipeline {
                 wait
                 git add package_versions.txt
                 git commit -m 'Bot Updating Package Versions'
-                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
+                git pull https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
+                git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git master
                 echo "true" > /tmp/packages-${COMMIT_SHA}-${BUILD_NUMBER}
                 echo "Package tag updated, stopping build process"
               else
@@ -637,13 +624,6 @@ pipeline {
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        sh '''#! /bin/bash
-              echo "Packages were updated. Cleaning up the image and exiting."
-              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then
-                docker rmi ${IMAGE}:amd64-${META_TAG}
-              else
-                docker rmi ${IMAGE}:${META_TAG}
-              fi'''
         script{
           env.EXIT_STATUS = 'ABORTED'
         }
@@ -661,13 +641,6 @@ pipeline {
         }
       }
       steps {
-        sh '''#! /bin/bash
-              echo "There are no package updates. Cleaning up the image and exiting."
-              if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" == "false" ]; then
-                docker rmi ${IMAGE}:amd64-${META_TAG}
-              else
-                docker rmi ${IMAGE}:${META_TAG}
-              fi'''
         script{
           env.EXIT_STATUS = 'ABORTED'
         }
@@ -695,9 +668,7 @@ pipeline {
                 set -e
                 docker pull ghcr.io/linuxserver/ci:latest
                 if [ "${MULTIARCH}" == "true" ]; then
-                  docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
                   docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
-                  docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
                   docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                 fi
                 docker run --rm \
@@ -768,17 +739,6 @@ pipeline {
                   done
                '''
           }
-          sh '''#! /bin/bash
-                for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
-                  docker rmi \
-                  ${DELETEIMAGE}:${META_TAG} \
-                  ${DELETEIMAGE}:${EXT_RELEASE_TAG} \
-                  ${DELETEIMAGE}:latest || :
-                  if [ -n "${SEMVER}" ]; then
-                    docker rmi ${DELETEIMAGE}:${SEMVER} || :
-                  fi
-                done
-             '''
         }
       }
     }
@@ -811,8 +771,6 @@ pipeline {
                   echo $GITLAB_TOKEN | docker login registry.gitlab.com -u LinuxServer.io --password-stdin
                   echo $QUAYPASS | docker login quay.io -u $QUAYUSER --password-stdin
                   if [ "${CI}" == "false" ]; then
-                    docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
-                    docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm32v7-${META_TAG}
                     docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
                     docker tag ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} ${IMAGE}:arm64v8-${META_TAG}
                   fi
@@ -820,49 +778,47 @@ pipeline {
                     docker tag ${IMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-latest
                     docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
-                    docker tag ${IMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-latest
-                    docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
                     docker tag ${IMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-latest
                     docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker tag ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker tag ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${SEMVER}
                       docker tag ${MANIFESTIMAGE}:arm64v8-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker push ${MANIFESTIMAGE}:amd64-${META_TAG}
                     docker push ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG}
                     docker push ${MANIFESTIMAGE}:amd64-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-${META_TAG}
-                    docker push ${MANIFESTIMAGE}:arm32v7-latest
-                    docker push ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG}
                     docker push ${MANIFESTIMAGE}:arm64v8-${META_TAG}
                     docker push ${MANIFESTIMAGE}:arm64v8-latest
                     docker push ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
                     if [ -n "${SEMVER}" ]; then
                       docker push ${MANIFESTIMAGE}:amd64-${SEMVER}
-                      docker push ${MANIFESTIMAGE}:arm32v7-${SEMVER}
                       docker push ${MANIFESTIMAGE}:arm64v8-${SEMVER}
                     fi
                     docker manifest push --purge ${MANIFESTIMAGE}:latest || :
-                    docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:arm64v8-latest
+                    docker manifest create ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:amd64-latest ${MANIFESTIMAGE}:arm64v8-latest
-                    docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm32v7-latest --os linux --arch arm
                     docker manifest annotate ${MANIFESTIMAGE}:latest ${MANIFESTIMAGE}:arm64v8-latest --os linux --arch arm64 --variant v8
                     docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} || :
-                    docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
+                    docker manifest create ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:amd64-${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG}
-                    docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm32v7-${META_TAG} --os linux --arch arm
                     docker manifest annotate ${MANIFESTIMAGE}:${META_TAG} ${MANIFESTIMAGE}:arm64v8-${META_TAG} --os linux --arch arm64 --variant v8
                     docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} || :
-                    docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
+                    docker manifest create ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:amd64-${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG}
-                    docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm32v7-${EXT_RELEASE_TAG} --os linux --arch arm
                     docker manifest annotate ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} ${MANIFESTIMAGE}:arm64v8-${EXT_RELEASE_TAG} --os linux --arch arm64 --variant v8
                     if [ -n "${SEMVER}" ]; then
                       docker manifest push --purge ${MANIFESTIMAGE}:${SEMVER} || :
-                      docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
+                      docker manifest create ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:amd64-${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER}
-                      docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm32v7-${SEMVER} --os linux --arch arm
                       docker manifest annotate ${MANIFESTIMAGE}:${SEMVER} ${MANIFESTIMAGE}:arm64v8-${SEMVER} --os linux --arch arm64 --variant v8
                     fi
+                    token=$(curl -sX GET "https://ghcr.io/token?scope=repository%3Alinuxserver%2F${CONTAINER_NAME}%3Apull" | jq -r '.token')
+                    digest=$(curl -s \
+                      --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+                      --header "Authorization: Bearer ${token}" \
+                      "https://ghcr.io/v2/linuxserver/${CONTAINER_NAME}/manifests/arm32v7-latest")
+                    if [[ $(echo "$digest" | jq -r '.layers') != "null" ]]; then
+                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest || :
+                      docker manifest create ${MANIFESTIMAGE}:arm32v7-latest ${MANIFESTIMAGE}:amd64-latest
+                      docker manifest push --purge ${MANIFESTIMAGE}:arm32v7-latest
+                    fi
                     docker manifest push --purge ${MANIFESTIMAGE}:latest
                     docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} 
                     docker manifest push --purge ${MANIFESTIMAGE}:${EXT_RELEASE_TAG} 
@@ -872,29 +828,6 @@ pipeline {
                   done
                '''
           }
-          sh '''#! /bin/bash
-                for DELETEIMAGE in "${GITHUBIMAGE}" "${GITLABIMAGE}" "${QUAYIMAGE}" "${IMAGE}"; do
-                  docker rmi \
-                  ${DELETEIMAGE}:amd64-${META_TAG} \
-                  ${DELETEIMAGE}:amd64-latest \
-                  ${DELETEIMAGE}:amd64-${EXT_RELEASE_TAG} \
-                  ${DELETEIMAGE}:arm32v7-${META_TAG} \
-                  ${DELETEIMAGE}:arm32v7-latest \
-                  ${DELETEIMAGE}:arm32v7-${EXT_RELEASE_TAG} \
-                  ${DELETEIMAGE}:arm64v8-${META_TAG} \
-                  ${DELETEIMAGE}:arm64v8-latest \
-                  ${DELETEIMAGE}:arm64v8-${EXT_RELEASE_TAG} || :
-                  if [ -n "${SEMVER}" ]; then
-                    docker rmi \
-                    ${DELETEIMAGE}:amd64-${SEMVER} \
-                    ${DELETEIMAGE}:arm32v7-${SEMVER} \
-                    ${DELETEIMAGE}:arm64v8-${SEMVER} || :
-                  fi
-                done
-                docker rmi \
-                ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER} \
-                ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER} || :
-             '''
         }
       }
     }
@@ -928,44 +861,45 @@ pipeline {
               curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
       }
     }
-    // Use helper container to sync the current README on master to the dockerhub endpoint
+    // Add protection to the release branch
-    stage('Sync-README') {
+    stage('Github-Release-Branch-Protection') {
       when {
+        branch "master"
         environment name: 'CHANGE_ID', value: ''
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
-        withCredentials([
+        echo "Setting up protection for release branch master"
-          [
+        sh '''#! /bin/bash
-            $class: 'UsernamePasswordMultiBinding',
+          curl -H "Authorization: token ${GITHUB_TOKEN}" -X PUT https://api.github.com/repos/${LS_USER}/${LS_REPO}/branches/master/protection \
-            credentialsId: '3f9ba4d5-100d-45b0-a3c4-633fd6061207',
+          -d $(jq -c .  << EOF
-            usernameVariable: 'DOCKERUSER',
+            {
-            passwordVariable: 'DOCKERPASS'
+              "required_status_checks": null,
-          ]
+              "enforce_admins": false,
-        ]) {
+              "required_pull_request_reviews": {
-          sh '''#! /bin/bash
+                "dismiss_stale_reviews": false,
-                set -e
+                "require_code_owner_reviews": false,
-                TEMPDIR=$(mktemp -d)
+                "require_last_push_approval": false,
-                docker pull ghcr.io/linuxserver/jenkins-builder:latest
+                "required_approving_review_count": 1
-                docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
+              },
-                docker pull ghcr.io/linuxserver/readme-sync
+              "restrictions": null,
-                docker run --rm=true \
+              "required_linear_history": false,
-                  -e DOCKERHUB_USERNAME=$DOCKERUSER \
+              "allow_force_pushes": false,
-                  -e DOCKERHUB_PASSWORD=$DOCKERPASS \
+              "allow_deletions": false,
-                  -e GIT_REPOSITORY=${LS_USER}/${LS_REPO} \
+              "block_creations": false,
-                  -e DOCKER_REPOSITORY=${IMAGE} \
+              "required_conversation_resolution": true,
-                  -e GIT_BRANCH=master \
+              "lock_branch": false,
-                  -v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \
+              "allow_fork_syncing": false,
-                  ghcr.io/linuxserver/readme-sync bash -c 'node sync'
+              "required_signatures": false
-                rm -Rf ${TEMPDIR} '''
+            }
-        }
+EOF
+          ) '''
       }
     }
     // If this is a Pull request send the CI link as a comment on it
     stage('Pull Request Comment') {
       when {
         not {environment name: 'CHANGE_ID', value: ''}
-        environment name: 'CI', value: 'true'
         environment name: 'EXIT_STATUS', value: ''
       }
       steps {
@@ -1019,16 +953,24 @@ pipeline {
               echo "$escaped_table"
             }
 
-            # Retrieve JSON data from URL
+            if [[ "${CI}" = "true" ]]; then
-            data=$(get_json "$CI_JSON_URL")
+              # Retrieve JSON data from URL
-            # Create table from JSON data
+              data=$(get_json "$CI_JSON_URL")
-            table=$(build_table "$data")
+              # Create table from JSON data
-            echo -e "$table"
+              table=$(build_table "$data")
+              echo -e "$table"
 
-            curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
+              curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-              -H "Accept: application/vnd.github.v3+json" \
+                -H "Accept: application/vnd.github.v3+json" \
-              "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
+                "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-              -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"'''
+                -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
+            else
+              curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
+                -H "Accept: application/vnd.github.v3+json" \
+                "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
+                -d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
+            fi
+            '''
 
       }
     }
@@ -1055,6 +997,14 @@ pipeline {
       }
     }
     cleanup {
+      sh '''#! /bin/bash
+            echo "Performing docker system prune!!"
+            containers=$(docker ps -aq)
+            if [[ -n "${containers}" ]]; then
+              docker stop ${containers}
+            fi
+            docker system prune -af --volumes || :
+         '''
       cleanWs()
     }
   }

README.md

@@ -1,6 +1,5 @@
-<!-- DO NOT EDIT THIS FILE MANUALLY  -->
+<!-- DO NOT EDIT THIS FILE MANUALLY -->
-<!-- Please read the https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
+<!-- Please read https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
-
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
 
 [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
@@ -46,7 +45,7 @@ SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relatio
 
 ## Supported Architectures
 
-We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
 
 Simply pulling `lscr.io/linuxserver/swag:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
 
@@ -56,7 +55,7 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
-| armhf | ✅ | arm32v7-\<version tag\> |
+| armhf | ❌ | |
 
 ## Application Setup
 
@@ -68,13 +67,28 @@ The architectures supported by this image are:
 * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
   * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
   * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
-  * DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
+  * DuckDNS only supports two types of DNS validated certificates (not both at the same time):
     1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
     2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
 * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
 * After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
 * Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
 
+### Certbot Plugins
+
+SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
+If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
+
+Set the following environment variables on your container:
+
+```yaml
+DOCKER_MODS=linuxserver/mods:universal-package-install
+INSTALL_PIP_PACKAGES=certbot-dns-<plugin>
+```
+
+Set the required credentials (usually found in the plugin documentation) in `/config/dns-conf/<plugin>.ini`.
+It is recommended to attempt obtaining a certificate with `STAGING=true` first to make sure the plugin is working as expected.
+
 ### Security and password protection
 
 * The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
@@ -138,13 +152,12 @@ Please follow the instructions [on this blog post](https://www.linuxserver.io/bl
 
 ## Usage
 
-Here are some example snippets to help you get started creating a container.
+To help you get started creating a container from this image you can either use docker-compose or the docker cli.
 
 ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
 
 ```yaml
 ---
-version: "2.1"
 services:
   swag:
     image: lscr.io/linuxserver/swag:latest
@@ -197,12 +210,11 @@ docker run -d \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
-
 ```
 
 ## Parameters
 
-Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
+Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 
 | Parameter | Function |
 | :----: | --- |
@@ -215,7 +227,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -234,10 +246,10 @@ You can set any environment variable from a file by using a special prepend `FIL
 As an example:
 
 ```bash
--e FILE__PASSWORD=/run/secrets/mysecretpassword
+-e FILE__MYVAR=/run/secrets/mysecretvariable
 ```
 
-Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
+Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file.
 
 ## Umask for running applications
 
@@ -246,15 +258,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu
 
 ## User / Group Identifiers
 
-When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
+When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 
-In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
+In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below:
 
 ```bash
-  $ id username
+id your_user
-    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
+```
+
+Example output:
+
+```text
+uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)
 ```
 
 ## Docker Mods
@@ -265,53 +282,100 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 
 ## Support Info
 
-* Shell access whilst the container is running: `docker exec -it swag /bin/bash`
+* Shell access whilst the container is running:
-* To monitor the logs of the container in realtime: `docker logs -f swag`
+
-* container version number
+    ```bash
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' swag`
+    docker exec -it swag /bin/bash
-* image version number
+    ```
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest`
+
+* To monitor the logs of the container in realtime:
+
+    ```bash
+    docker logs -f swag
+    ```
+
+* Container version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' swag
+    ```
+
+* Image version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest
+    ```
 
 ## Updating Info
 
-Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
+Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
 
 Below are the instructions for updating containers:
 
 ### Via Docker Compose
 
-* Update all images: `docker-compose pull`
+* Update images:
-  * or update a single image: `docker-compose pull swag`
+    * All images:
-* Let compose update all containers as necessary: `docker-compose up -d`
+
-  * or update a single container: `docker-compose up -d swag`
+        ```bash
-* You can also remove the old dangling images: `docker image prune`
+        docker-compose pull
+        ```
+
+    * Single image:
+
+        ```bash
+        docker-compose pull swag
+        ```
+
+* Update containers:
+    * All containers:
+
+        ```bash
+        docker-compose up -d
+        ```
+
+    * Single container:
+
+        ```bash
+        docker-compose up -d swag
+        ```
+
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Via Docker Run
 
-* Update the image: `docker pull lscr.io/linuxserver/swag:latest`
+* Update the image:
-* Stop the running container: `docker stop swag`
+
-* Delete the container: `docker rm swag`
+    ```bash
+    docker pull lscr.io/linuxserver/swag:latest
+    ```
+
+* Stop the running container:
+
+    ```bash
+    docker stop swag
+    ```
+
+* Delete the container:
+
+    ```bash
+    docker rm swag
+    ```
+
 * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
-* You can also remove the old dangling images: `docker image prune`
+* You can also remove the old dangling images:
 
-### Via Watchtower auto-updater (only use if you don't remember the original parameters)
+    ```bash
-
+    docker image prune
-* Pull the latest image at its tag and replace it with the same env variables in one run:
+    ```
-
-  ```bash
-  docker run --rm \
-  -v /var/run/docker.sock:/var/run/docker.sock \
-  containrrr/watchtower \
-  --run-once swag
-  ```
-
-* You can also remove the old dangling images: `docker image prune`
-
-**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
 
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 
-* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
+**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 
 ## Building locally
 
@@ -336,6 +400,16 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **01.01.24:** - Add GleSYS DNS plugin.
+* **11.12.23:** - Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins.
+* **30.11.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404.
+* **23.11.23:** - Run certbot as root to allow fix http validation.
+* **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin.
+* **28.08.23:** - Add Namecheap DNS plugin.
+* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
+* **07.08.23:** - Add Bunny DNS Configuration.
+* **27.07.23:** - Added support for dreamhost validation.
+* **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf.
 * **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
 * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.
 * **25.03.23:** - Fix renewal post hook.

jenkins-vars.yml

@@ -6,6 +6,7 @@ external_type: pip_version
 release_type: stable
 release_tag: latest
 ls_branch: master
+build_armhf: false
 repo_vars:
   - EXT_PIP = 'certbot'
   - BUILD_VERSION_ARG = 'CERTBOT_VERSION'

package_versions.txt

@@ -1,339 +1,342 @@
-NAME                            VERSION                TYPE   
+NAME                            VERSION                 TYPE   
-ConfigArgParse                  1.5.3                  python  
+ConfigArgParse                  1.7                     python  
-PyJWT                           2.7.0                  python  
+PyJWT                           2.8.0                   python  
-PyYAML                          6.0                    python  
+PyNamecheap                     0.0.3                   python  
-acme                            2.6.0                  python  
+PyYAML                          6.0.1                   python  
-alpine-baselayout               3.4.0-r0               apk     
+Simple Launcher                 1.1.0.14                dotnet  
-alpine-baselayout-data          3.4.0-r0               apk     
+acme                            2.8.0                   python  
-alpine-keys                     2.4-r1                 apk     
+alpine-baselayout               3.4.3-r1                apk     
-alpine-release                  3.17.3-r0              apk     
+alpine-baselayout-data          3.4.3-r1                apk     
-aom-libs                        3.5.0-r0               apk     
+alpine-keys                     2.4-r1                  apk     
-apache2-utils                   2.4.57-r0              apk     
+alpine-release                  3.18.5-r0               apk     
-apk-tools                       2.12.10-r1             apk     
+anyio                           4.2.0                   python  
-apr                             1.7.2-r0               apk     
+aom-libs                        3.6.1-r0                apk     
-apr-util                        1.6.3-r0               apk     
+apache2-utils                   2.4.58-r0               apk     
-argon2-libs                     20190702-r2            apk     
+apk-tools                       2.14.0-r2               apk     
-attrs                           23.1.0                 python  
+apr                             1.7.4-r0                apk     
-azure-common                    1.1.28                 python  
+apr-util                        1.6.3-r1                apk     
-azure-core                      1.26.4                 python  
+argon2-libs                     20190702-r4             apk     
-azure-identity                  1.13.0                 python  
+attrs                           23.2.0                  python  
-azure-mgmt-core                 1.4.0                  python  
+azure-common                    1.1.28                  python  
-azure-mgmt-dns                  8.0.0                  python  
+azure-core                      1.29.6                  python  
-bash                            5.2.15-r0              apk     
+azure-identity                  1.15.0                  python  
-beautifulsoup4                  4.12.2                 python  
+azure-mgmt-core                 1.4.0                   python  
-boto3                           1.26.135               python  
+azure-mgmt-dns                  8.1.0                   python  
-botocore                        1.29.135               python  
+bash                            5.2.15-r5               apk     
-brotli-libs                     1.0.9-r9               apk     
+beautifulsoup4                  4.12.2                  python  
-bs4                             0.0.1                  python  
+boto3                           1.34.18                 python  
-busybox                         1.35.0                 binary  
+botocore                        1.34.18                 python  
-busybox                         1.35.0-r29             apk     
+brotli-libs                     1.0.9-r14               apk     
-busybox-binsh                   1.35.0-r29             apk     
+bs4                             0.0.1                   python  
-c-client                        2007f-r14              apk     
+busybox                         1.36.1-r5               apk     
-ca-certificates                 20230506-r0            apk     
+busybox-binsh                   1.36.1-r5               apk     
-ca-certificates-bundle          20230506-r0            apk     
+c-client                        2007f-r15               apk     
-cachetools                      5.3.0                  python  
+ca-certificates                 20230506-r0             apk     
-certbot                         2.6.0                  python  
+ca-certificates-bundle          20230506-r0             apk     
-certbot-dns-acmedns             0.1.0                  python  
+cachetools                      5.3.2                   python  
-certbot-dns-aliyun              2.0.0                  python  
+certbot                         2.8.0                   python  
-certbot-dns-azure               2.1.0                  python  
+certbot-dns-acmedns             0.1.0                   python  
-certbot-dns-cloudflare          2.6.0                  python  
+certbot-dns-aliyun              2.0.0                   python  
-certbot-dns-cpanel              0.4.0                  python  
+certbot-dns-azure               2.4.0                   python  
-certbot-dns-desec               1.2.1                  python  
+certbot-dns-bunny               0.0.9                   python  
-certbot-dns-digitalocean        2.6.0                  python  
+certbot-dns-cloudflare          2.8.0                   python  
-certbot-dns-directadmin         1.0.3                  python  
+certbot-dns-cpanel              0.4.0                   python  
-certbot-dns-dnsimple            2.6.0                  python  
+certbot-dns-desec               1.2.1                   python  
-certbot-dns-dnsmadeeasy         2.6.0                  python  
+certbot-dns-digitalocean        2.8.0                   python  
-certbot-dns-dnspod              0.1.0                  python  
+certbot-dns-directadmin         1.0.3                   python  
-certbot-dns-do                  0.31.0                 python  
+certbot-dns-dnsimple            2.8.0                   python  
-certbot-dns-domeneshop          0.2.9                  python  
+certbot-dns-dnsmadeeasy         2.8.0                   python  
-certbot-dns-duckdns             1.3                    python  
+certbot-dns-dnspod              0.1.0                   python  
-certbot-dns-dynu                0.0.4                  python  
+certbot-dns-do                  0.31.0                  python  
-certbot-dns-gehirn              2.6.0                  python  
+certbot-dns-domeneshop          0.2.9                   python  
-certbot-dns-godaddy             0.2.2                  python  
+certbot-dns-dreamhost           1.0                     python  
-certbot-dns-google              2.6.0                  python  
+certbot-dns-duckdns             1.3                     python  
-certbot-dns-google-domains      0.1.11                 python  
+certbot-dns-freedns             0.1.0                   python  
-certbot-dns-he                  1.0.0                  python  
+certbot-dns-gehirn              2.8.0                   python  
-certbot-dns-hetzner             2.0.0                  python  
+certbot-dns-glesys              2.1.0                   python  
-certbot-dns-infomaniak          0.2.1                  python  
+certbot-dns-godaddy             2.8.0                   python  
-certbot-dns-inwx                2.2.0                  python  
+certbot-dns-google              2.8.0                   python  
-certbot-dns-ionos               2022.11.24             python  
+certbot-dns-google-domains      0.1.11                  python  
-certbot-dns-linode              2.6.0                  python  
+certbot-dns-he                  1.0.0                   python  
-certbot-dns-loopia              1.0.1                  python  
+certbot-dns-hetzner             2.0.0                   python  
-certbot-dns-luadns              2.6.0                  python  
+certbot-dns-infomaniak          0.2.1                   python  
-certbot-dns-netcup              1.3.0                  python  
+certbot-dns-inwx                2.2.0                   python  
-certbot-dns-njalla              1.0.0                  python  
+certbot-dns-ionos               2024.1.8                python  
-certbot-dns-nsone               2.6.0                  python  
+certbot-dns-linode              2.8.0                   python  
-certbot-dns-ovh                 2.6.0                  python  
+certbot-dns-loopia              1.0.1                   python  
-certbot-dns-porkbun             0.8                    python  
+certbot-dns-luadns              2.8.0                   python  
-certbot-dns-rfc2136             2.6.0                  python  
+certbot-dns-namecheap           1.0.0                   python  
-certbot-dns-route53             2.6.0                  python  
+certbot-dns-netcup              1.4.3                   python  
-certbot-dns-sakuracloud         2.6.0                  python  
+certbot-dns-njalla              1.0.0                   python  
-certbot-dns-standalone          1.1                    python  
+certbot-dns-nsone               2.8.0                   python  
-certbot-dns-transip             0.5.2                  python  
+certbot-dns-ovh                 2.8.0                   python  
-certbot-dns-vultr               1.0.3                  python  
+certbot-dns-porkbun             0.8                     python  
-certbot-plugin-gandi            1.4.3                  python  
+certbot-dns-rfc2136             2.8.0                   python  
-certifi                         2023.5.7               python  
+certbot-dns-route53             2.8.0                   python  
-cffi                            1.15.1                 python  
+certbot-dns-sakuracloud         2.8.0                   python  
-charset-normalizer              3.1.0                  python  
+certbot-dns-standalone          1.1                     python  
-cloudflare                      2.11.1                 python  
+certbot-dns-transip             0.5.2                   python  
-configobj                       5.0.8                  python  
+certbot-dns-vultr               1.1.0                   python  
-coreutils                       9.1-r0                 apk     
+certbot-plugin-gandi            1.5.0                   python  
-cryptography                    40.0.2                 python  
+certifi                         2023.11.17              python  
-curl                            8.0.1-r0               apk     
+cffi                            1.16.0                  python  
-dataclasses-json                0.5.7                  python  
+charset-normalizer              3.3.2                   python  
-distro                          1.8.0                  python  
+cloudflare                      2.16.0                  python  
-dns-lexicon                     3.11.7                 python  
+composer                        2.6.6                   binary  
-dnslib                          0.9.23                 python  
+configobj                       5.0.8                   python  
-dnspython                       2.3.0                  python  
+coreutils                       9.3-r1                  apk     
-domeneshop                      0.4.3                  python  
+cryptography                    41.0.7                  python  
-fail2ban                        1.0.2                  python  
+curl                            8.5.0-r0                apk     
-fail2ban                        1.0.2-r0               apk     
+dataclasses-json                0.5.14                  python  
-filelock                        3.12.0                 python  
+distro                          1.9.0                   python  
-fontconfig                      2.14.1-r0              apk     
+dns-lexicon                     3.17.0                  python  
-freetype                        2.12.1-r0              apk     
+dnslib                          0.9.24                  python  
-future                          0.18.3                 python  
+dnspython                       2.4.2                   python  
-gdbm                            1.23-r0                apk     
+domeneshop                      0.4.3                   python  
-git                             2.38.5-r0              apk     
+fail2ban                        1.0.2                   python  
-git-perl                        2.38.5-r0              apk     
+fail2ban                        1.0.2-r2                apk     
-gmp                             6.2.1-r2               apk     
+fail2ban-pyc                    1.0.2-r2                apk     
-gnupg                           2.2.40-r0              apk     
+filelock                        3.13.1                  python  
-gnupg-dirmngr                   2.2.40-r0              apk     
+fontconfig                      2.14.2-r3               apk     
-gnupg-gpgconf                   2.2.40-r0              apk     
+freetype                        2.13.0-r5               apk     
-gnupg-utils                     2.2.40-r0              apk     
+future                          0.18.3                  python  
-gnupg-wks-client                2.2.40-r0              apk     
+gdbm                            1.23-r1                 apk     
-gnutls                          3.7.8-r3               apk     
+git                             2.40.1-r0               apk     
-google-api-core                 2.11.0                 python  
+git-perl                        2.40.1-r0               apk     
-google-api-python-client        2.86.0                 python  
+gmp                             6.2.1-r3                apk     
-google-auth                     2.18.1                 python  
+gnupg                           2.4.3-r0                apk     
-google-auth-httplib2            0.1.0                  python  
+gnupg-dirmngr                   2.4.3-r0                apk     
-googleapis-common-protos        1.59.0                 python  
+gnupg-gpgconf                   2.4.3-r0                apk     
-gpg                             2.2.40-r0              apk     
+gnupg-keyboxd                   2.4.3-r0                apk     
-gpg-agent                       2.2.40-r0              apk     
+gnupg-utils                     2.4.3-r0                apk     
-gpg-wks-server                  2.2.40-r0              apk     
+gnupg-wks-client                2.4.3-r0                apk     
-gpgsm                           2.2.40-r0              apk     
+gnutls                          3.8.0-r2                apk     
-gpgv                            2.2.40-r0              apk     
+google-api-core                 2.15.0                  python  
-httplib2                        0.22.0                 python  
+google-api-python-client        2.113.0                 python  
-icu-data-en                     72.1-r1                apk     
+google-auth                     2.26.2                  python  
-icu-libs                        72.1-r1                apk     
+google-auth-httplib2            0.2.0                   python  
-idna                            3.4                    python  
+googleapis-common-protos        1.62.0                  python  
-importlib-metadata              6.6.0                  python  
+gpg                             2.4.3-r0                apk     
-ip6tables                       1.8.8-r2               apk     
+gpg-agent                       2.4.3-r0                apk     
-iptables                        1.8.8-r2               apk     
+gpg-wks-server                  2.4.3-r0                apk     
-isodate                         0.6.1                  python  
+gpgsm                           2.4.3-r0                apk     
-jmespath                        1.0.1                  python  
+gpgv                            2.4.3-r0                apk     
-josepy                          1.13.0                 python  
+httplib2                        0.22.0                  python  
-jq                              1.6-r2                 apk     
+icu-data-en                     73.2-r2                 apk     
-jsonlines                       3.1.0                  python  
+icu-libs                        73.2-r2                 apk     
-jsonpickle                      3.0.1                  python  
+idna                            3.6                     python  
-libacl                          2.3.1-r1               apk     
+ip6tables                       1.8.9-r2                apk     
-libassuan                       2.5.5-r1               apk     
+iptables                        1.8.9-r2                apk     
-libattr                         2.5.1-r2               apk     
+isodate                         0.6.1                   python  
-libavif                         0.11.1-r0              apk     
+jmespath                        1.0.1                   python  
-libbsd                          0.11.7-r0              apk     
+josepy                          1.14.0                  python  
-libbz2                          1.0.8-r4               apk     
+jq                              1.6-r4                  apk     
-libc-utils                      0.7.2-r3               apk     
+jsonlines                       4.0.0                   python  
-libcrypto3                      3.0.8-r4               apk     
+jsonpickle                      3.0.2                   python  
-libcurl                         8.1.0-r0               apk     
+libacl                          2.3.1-r3                apk     
-libdav1d                        1.0.0-r2               apk     
+libassuan                       2.5.6-r0                apk     
-libedit                         20221030.3.1-r0        apk     
+libattr                         2.5.1-r4                apk     
-libevent                        2.1.12-r5              apk     
+libavif                         0.11.1-r2               apk     
-libexpat                        2.5.0-r0               apk     
+libbsd                          0.11.7-r1               apk     
-libffi                          3.4.4-r0               apk     
+libbz2                          1.0.8-r5                apk     
-libgcc                          12.2.1_git20220924-r4  apk     
+libc-utils                      0.7.2-r5                apk     
-libgcrypt                       1.10.1-r0              apk     
+libcrypto3                      3.1.4-r3                apk     
-libgd                           2.3.3-r3               apk     
+libcurl                         8.5.0-r0                apk     
-libgpg-error                    1.46-r1                apk     
+libdav1d                        1.2.1-r0                apk     
-libice                          1.0.10-r1              apk     
+libedit                         20221030.3.1-r1         apk     
-libidn                          1.41-r0                apk     
+libevent                        2.1.12-r6               apk     
-libintl                         0.21.1-r1              apk     
+libexpat                        2.5.0-r1                apk     
-libjpeg-turbo                   2.1.4-r0               apk     
+libffi                          3.4.4-r2                apk     
-libksba                         1.6.3-r0               apk     
+libgcc                          12.2.1_git20220924-r10  apk     
-libldap                         2.6.3-r6               apk     
+libgcrypt                       1.10.2-r1               apk     
-libmaxminddb-libs               1.7.1-r0               apk     
+libgd                           2.3.3-r7                apk     
-libmcrypt                       2.5.8-r10              apk     
+libgpg-error                    1.47-r1                 apk     
-libmd                           1.0.4-r0               apk     
+libice                          1.1.1-r2                apk     
-libmemcached-libs               1.0.18-r5              apk     
+libidn2                         2.3.4-r1                apk     
-libmnl                          1.0.5-r0               apk     
+libintl                         0.21.1-r7               apk     
-libnftnl                        1.2.4-r0               apk     
+libjpeg-turbo                   2.1.5.1-r3              apk     
-libpng                          1.6.38-r0              apk     
+libksba                         1.6.4-r0                apk     
-libpq                           15.3-r0                apk     
+libldap                         2.6.5-r0                apk     
-libproc                         3.3.17-r2              apk     
+libmaxminddb-libs               1.7.1-r1                apk     
-libsasl                         2.1.28-r3              apk     
+libmcrypt                       2.5.8-r10               apk     
-libseccomp                      2.5.4-r0               apk     
+libmd                           1.0.4-r2                apk     
-libsm                           1.2.3-r1               apk     
+libmemcached-libs               1.1.4-r1                apk     
-libsodium                       1.0.18-r2              apk     
+libmnl                          1.0.5-r1                apk     
-libssl3                         3.0.8-r4               apk     
+libncursesw                     6.4_p20230506-r0        apk     
-libstdc++                       12.2.1_git20220924-r4  apk     
+libnftnl                        1.2.5-r1                apk     
-libtasn1                        4.19.0-r0              apk     
+libpanelw                       6.4_p20230506-r0        apk     
-libunistring                    1.1-r0                 apk     
+libpng                          1.6.39-r3               apk     
-libuuid                         2.38.1-r1              apk     
+libpq                           15.5-r0                 apk     
-libwebp                         1.2.4-r1               apk     
+libproc2                        4.0.4-r0                apk     
-libx11                          1.8.4-r0               apk     
+libsasl                         2.1.28-r4               apk     
-libxau                          1.0.10-r0              apk     
+libseccomp                      2.5.4-r2                apk     
-libxcb                          1.15-r0                apk     
+libsm                           1.2.4-r1                apk     
-libxdmcp                        1.1.4-r0               apk     
+libsodium                       1.0.18-r3               apk     
-libxext                         1.3.5-r0               apk     
+libssl3                         3.1.4-r3                apk     
-libxml2                         2.10.4-r0              apk     
+libstdc++                       12.2.1_git20220924-r10  apk     
-libxpm                          3.5.15-r0              apk     
+libtasn1                        4.19.0-r1               apk     
-libxslt                         1.1.37-r1              apk     
+libunistring                    1.1-r1                  apk     
-libxt                           1.2.1-r0               apk     
+libuuid                         2.38.1-r8               apk     
-libzip                          1.9.2-r2               apk     
+libwebp                         1.3.2-r0                apk     
-linux-pam                       1.5.2-r1               apk     
+libx11                          1.8.7-r0                apk     
-logrotate                       3.20.1-r3              apk     
+libxau                          1.0.11-r2               apk     
-loopialib                       0.2.0                  python  
+libxcb                          1.15-r1                 apk     
-lxml                            4.9.2                  python  
+libxdmcp                        1.1.4-r2                apk     
-lz4-libs                        1.9.4-r1               apk     
+libxext                         1.3.5-r2                apk     
-marshmallow                     3.19.0                 python  
+libxml2                         2.11.6-r0               apk     
-marshmallow-enum                1.5.1                  python  
+libxpm                          3.5.16-r1               apk     
-memcached                       1.6.17                 binary  
+libxslt                         1.1.38-r0               apk     
-memcached                       1.6.17-r0              apk     
+libxt                           1.3.0-r2                apk     
-mock                            5.0.2                  python  
+libzip                          1.9.2-r2                apk     
-mpdecimal                       2.5.1-r1               apk     
+linux-pam                       1.5.2-r10               apk     
-msal                            1.22.0                 python  
+logrotate                       3.21.0-r1               apk     
-msal-extensions                 1.0.0                  python  
+loopialib                       0.2.0                   python  
-msrest                          0.7.1                  python  
+lxml                            5.1.0                   python  
-musl                            1.2.3-r4               apk     
+lz4-libs                        1.9.4-r4                apk     
-musl-utils                      1.2.3-r4               apk     
+marshmallow                     3.20.2                  python  
-mypy-extensions                 1.0.0                  python  
+memcached                       1.6.21-r0               apk     
-nano                            7.0-r0                 apk     
+mock                            5.1.0                   python  
-ncurses-libs                    6.3_p20221119-r0       apk     
+mpdecimal                       2.5.1-r2                apk     
-ncurses-terminfo-base           6.3_p20221119-r0       apk     
+msal                            1.26.0                  python  
-netcat-openbsd                  1.130-r4               apk     
+msal-extensions                 1.1.0                   python  
-nettle                          3.8.1-r0               apk     
+musl                            1.2.4-r2                apk     
-nghttp2-libs                    1.51.0-r0              apk     
+musl-utils                      1.2.4-r2                apk     
-nginx                           1.22.1-r0              apk     
+mypy-extensions                 1.0.0                   python  
-nginx-mod-devel-kit             1.22.1-r0              apk     
+nano                            7.2-r1                  apk     
-nginx-mod-http-brotli           1.22.1-r0              apk     
+ncurses-terminfo-base           6.4_p20230506-r0        apk     
-nginx-mod-http-dav-ext          1.22.1-r0              apk     
+netcat-openbsd                  1.219-r1                apk     
-nginx-mod-http-echo             1.22.1-r0              apk     
+nettle                          3.8.1-r2                apk     
-nginx-mod-http-fancyindex       1.22.1-r0              apk     
+nghttp2-libs                    1.57.0-r0               apk     
-nginx-mod-http-geoip2           1.22.1-r0              apk     
+nginx                           1.24.0-r7               apk     
-nginx-mod-http-headers-more     1.22.1-r0              apk     
+nginx-mod-devel-kit             1.24.0-r7               apk     
-nginx-mod-http-image-filter     1.22.1-r0              apk     
+nginx-mod-http-brotli           1.24.0-r7               apk     
-nginx-mod-http-perl             1.22.1-r0              apk     
+nginx-mod-http-dav-ext          1.24.0-r7               apk     
-nginx-mod-http-redis2           1.22.1-r0              apk     
+nginx-mod-http-echo             1.24.0-r7               apk     
-nginx-mod-http-set-misc         1.22.1-r0              apk     
+nginx-mod-http-fancyindex       1.24.0-r7               apk     
-nginx-mod-http-upload-progress  1.22.1-r0              apk     
+nginx-mod-http-geoip2           1.24.0-r7               apk     
-nginx-mod-http-xslt-filter      1.22.1-r0              apk     
+nginx-mod-http-headers-more     1.24.0-r7               apk     
-nginx-mod-mail                  1.22.1-r0              apk     
+nginx-mod-http-image-filter     1.24.0-r7               apk     
-nginx-mod-rtmp                  1.22.1-r0              apk     
+nginx-mod-http-perl             1.24.0-r7               apk     
-nginx-mod-stream                1.22.1-r0              apk     
+nginx-mod-http-redis2           1.24.0-r7               apk     
-nginx-mod-stream-geoip2         1.22.1-r0              apk     
+nginx-mod-http-set-misc         1.24.0-r7               apk     
-nginx-vim                       1.22.1-r0              apk     
+nginx-mod-http-upload-progress  1.24.0-r7               apk     
-npth                            1.6-r2                 apk     
+nginx-mod-http-xslt-filter      1.24.0-r7               apk     
-oauthlib                        3.2.2                  python  
+nginx-mod-mail                  1.24.0-r7               apk     
-oniguruma                       6.9.8-r0               apk     
+nginx-mod-rtmp                  1.24.0-r7               apk     
-openssl                         3.0.8-r4               apk     
+nginx-mod-stream                1.24.0-r7               apk     
-p11-kit                         0.24.1-r1              apk     
+nginx-mod-stream-geoip2         1.24.0-r7               apk     
-packaging                       23.1                   python  
+nginx-vim                       1.24.0-r7               apk     
-parsedatetime                   2.6                    python  
+npth                            1.6-r4                  apk     
-pcre                            8.45-r2                apk     
+oniguruma                       6.9.8-r1                apk     
-pcre2                           10.42-r0               apk     
+openssl                         3.1.4-r3                apk     
-perl                            5.36.0-r1              apk     
+p11-kit                         0.24.1-r2               apk     
-perl-error                      0.17029-r1             apk     
+packaging                       23.2                    python  
-perl-git                        2.38.5-r0              apk     
+parsedatetime                   2.6                     python  
-php-cli                         8.1.19                 binary  
+pcre                            8.45-r3                 apk     
-php-fpm                         8.1.19                 binary  
+pcre2                           10.42-r1                apk     
-php81                           8.1.19-r0              apk     
+perl                            5.36.2-r0               apk     
-php81-bcmath                    8.1.19-r0              apk     
+perl-error                      0.17029-r1              apk     
-php81-bz2                       8.1.19-r0              apk     
+perl-git                        2.40.1-r0               apk     
-php81-common                    8.1.19-r0              apk     
+php82                           8.2.13-r0               apk     
-php81-ctype                     8.1.19-r0              apk     
+php82-bcmath                    8.2.13-r0               apk     
-php81-curl                      8.1.19-r0              apk     
+php82-bz2                       8.2.13-r0               apk     
-php81-dom                       8.1.19-r0              apk     
+php82-common                    8.2.13-r0               apk     
-php81-exif                      8.1.19-r0              apk     
+php82-ctype                     8.2.13-r0               apk     
-php81-fileinfo                  8.1.19-r0              apk     
+php82-curl                      8.2.13-r0               apk     
-php81-fpm                       8.1.19-r0              apk     
+php82-dom                       8.2.13-r0               apk     
-php81-ftp                       8.1.19-r0              apk     
+php82-exif                      8.2.13-r0               apk     
-php81-gd                        8.1.19-r0              apk     
+php82-fileinfo                  8.2.13-r0               apk     
-php81-gmp                       8.1.19-r0              apk     
+php82-fpm                       8.2.13-r0               apk     
-php81-iconv                     8.1.19-r0              apk     
+php82-ftp                       8.2.13-r0               apk     
-php81-imap                      8.1.19-r0              apk     
+php82-gd                        8.2.13-r0               apk     
-php81-intl                      8.1.19-r0              apk     
+php82-gmp                       8.2.13-r0               apk     
-php81-ldap                      8.1.19-r0              apk     
+php82-iconv                     8.2.13-r0               apk     
-php81-mbstring                  8.1.19-r0              apk     
+php82-imap                      8.2.13-r0               apk     
-php81-mysqli                    8.1.19-r0              apk     
+php82-intl                      8.2.13-r0               apk     
-php81-mysqlnd                   8.1.19-r0              apk     
+php82-ldap                      8.2.13-r0               apk     
-php81-opcache                   8.1.19-r0              apk     
+php82-mbstring                  8.2.13-r0               apk     
-php81-openssl                   8.1.19-r0              apk     
+php82-mysqli                    8.2.13-r0               apk     
-php81-pdo                       8.1.19-r0              apk     
+php82-mysqlnd                   8.2.13-r0               apk     
-php81-pdo_mysql                 8.1.19-r0              apk     
+php82-opcache                   8.2.13-r0               apk     
-php81-pdo_odbc                  8.1.19-r0              apk     
+php82-openssl                   8.2.13-r0               apk     
-php81-pdo_pgsql                 8.1.19-r0              apk     
+php82-pdo                       8.2.13-r0               apk     
-php81-pdo_sqlite                8.1.19-r0              apk     
+php82-pdo_mysql                 8.2.13-r0               apk     
-php81-pear                      8.1.19-r0              apk     
+php82-pdo_odbc                  8.2.13-r0               apk     
-php81-pecl-apcu                 5.1.22-r0              apk     
+php82-pdo_pgsql                 8.2.13-r0               apk     
-php81-pecl-igbinary             3.2.12-r0              apk     
+php82-pdo_sqlite                8.2.13-r0               apk     
-php81-pecl-mailparse            3.1.4-r0               apk     
+php82-pear                      8.2.13-r0               apk     
-php81-pecl-mcrypt               1.0.6-r0               apk     
+php82-pecl-apcu                 5.1.22-r0               apk     
-php81-pecl-memcached            3.2.0-r0               apk     
+php82-pecl-igbinary             3.2.14-r0               apk     
-php81-pecl-redis                5.3.7-r0               apk     
+php82-pecl-mcrypt               1.0.7-r0                apk     
-php81-pecl-xmlrpc               1.0.0_rc3-r1           apk     
+php82-pecl-memcached            3.2.0-r1                apk     
-php81-pgsql                     8.1.19-r0              apk     
+php82-pecl-msgpack              2.2.0-r0                apk     
-php81-phar                      8.1.19-r0              apk     
+php82-pecl-redis                6.0.2-r0                apk     
-php81-posix                     8.1.19-r0              apk     
+php82-pgsql                     8.2.13-r0               apk     
-php81-session                   8.1.19-r0              apk     
+php82-phar                      8.2.13-r0               apk     
-php81-simplexml                 8.1.19-r0              apk     
+php82-posix                     8.2.13-r0               apk     
-php81-soap                      8.1.19-r0              apk     
+php82-session                   8.2.13-r0               apk     
-php81-sockets                   8.1.19-r0              apk     
+php82-simplexml                 8.2.13-r0               apk     
-php81-sodium                    8.1.19-r0              apk     
+php82-soap                      8.2.13-r0               apk     
-php81-sqlite3                   8.1.19-r0              apk     
+php82-sockets                   8.2.13-r0               apk     
-php81-tokenizer                 8.1.19-r0              apk     
+php82-sodium                    8.2.13-r0               apk     
-php81-xml                       8.1.19-r0              apk     
+php82-sqlite3                   8.2.13-r0               apk     
-php81-xmlreader                 8.1.19-r0              apk     
+php82-tokenizer                 8.2.13-r0               apk     
-php81-xmlwriter                 8.1.19-r0              apk     
+php82-xml                       8.2.13-r0               apk     
-php81-xsl                       8.1.19-r0              apk     
+php82-xmlreader                 8.2.13-r0               apk     
-php81-zip                       8.1.19-r0              apk     
+php82-xmlwriter                 8.2.13-r0               apk     
-pinentry                        1.2.1-r0               apk     
+php82-xsl                       8.2.13-r0               apk     
-pip                             23.1.2                 python  
+php82-zip                       8.2.13-r0               apk     
-pkb-client                      1.2                    python  
+pinentry                        1.2.1-r1                apk     
-popt                            1.19-r0                apk     
+pip                             23.3.2                  python  
-portalocker                     2.7.0                  python  
+pkb-client                      1.2                     python  
-procps                          3.3.17-r2              apk     
+popt                            1.19-r2                 apk     
-protobuf                        4.23.1                 python  
+portalocker                     2.8.2                   python  
-publicsuffixlist                0.9.4                  python  
+procps-ng                       4.0.4-r0                apk     
-pyOpenSSL                       23.1.1                 python  
+protobuf                        4.25.2                  python  
-pyRFC3339                       1.1                    python  
+publicsuffixlist                0.9.4                   python  
-pyacmedns                       0.4                    python  
+pyOpenSSL                       23.3.0                  python  
-pyasn1                          0.5.0                  python  
+pyRFC3339                       1.1                     python  
-pyasn1-modules                  0.3.0                  python  
+pyacmedns                       0.4                     python  
-pycparser                       2.21                   python  
+pyasn1                          0.5.1                   python  
-pyparsing                       3.0.9                  python  
+pyasn1-modules                  0.3.0                   python  
-python                          3.10.11                binary  
+pyc                             0.1-r0                  apk     
-python-dateutil                 2.8.2                  python  
+pycparser                       2.21                    python  
-python-digitalocean             1.17.0                 python  
+pyotp                           2.9.0                   python  
-python-transip                  0.6.0                  python  
+pyparsing                       3.1.1                   python  
-python3                         3.10.11-r0             apk     
+python-dateutil                 2.8.2                   python  
-pytz                            2023.3                 python  
+python-digitalocean             1.17.0                  python  
-readline                        8.2.0-r0               apk     
+python-transip                  0.6.0                   python  
-requests                        2.30.0                 python  
+python3                         3.11.6-r0               apk     
-requests-file                   1.5.1                  python  
+python3-pyc                     3.11.6-r0               apk     
-requests-mock                   1.10.0                 python  
+python3-pycache-pyc0            3.11.6-r0               apk     
-requests-oauthlib               1.3.1                  python  
+pytz                            2023.3.post1            python  
-rsa                             4.9                    python  
+readline                        8.2.1-r1                apk     
-s3transfer                      0.6.1                  python  
+requests                        2.31.0                  python  
-scanelf                         1.3.5-r1               apk     
+requests-file                   1.5.1                   python  
-setuptools                      65.5.0                 python  
+requests-mock                   1.11.0                  python  
-shadow                          4.13-r0                apk     
+rsa                             4.9                     python  
-six                             1.16.0                 python  
+s3transfer                      0.10.0                  python  
-skalibs                         2.12.0.1-r0            apk     
+scanelf                         1.3.7-r1                apk     
-soupsieve                       2.4.1                  python  
+setuptools                      65.5.0                  python  
-sqlite-libs                     3.40.1-r0              apk     
+shadow                          4.13-r4                 apk     
-ssl_client                      1.35.0-r29             apk     
+six                             1.16.0                  python  
-tiff                            4.4.0-r3               apk     
+skalibs                         2.13.1.1-r1             apk     
-tldextract                      3.4.2                  python  
+sniffio                         1.3.0                   python  
-typing-inspect                  0.8.0                  python  
+soupsieve                       2.5                     python  
-typing_extensions               4.5.0                  python  
+sqlite-libs                     3.41.2-r2               apk     
-tzdata                          2023c-r0               apk     
+ssl_client                      1.36.1-r5               apk     
-unixodbc                        2.3.11-r0              apk     
+tiff                            4.5.1-r0                apk     
-uritemplate                     4.1.1                  python  
+tldextract                      5.1.1                   python  
-urllib3                         1.26.15                python  
+typing-inspect                  0.9.0                   python  
-utmps-libs                      0.1.2.0-r1             apk     
+typing_extensions               4.9.0                   python  
-wheel                           0.40.0                 python  
+tzdata                          2023d-r0                apk     
-whois                           5.5.14-r0              apk     
+unixodbc                        2.3.11-r2               apk     
-xz                              5.2.9-r0               apk     
+uritemplate                     4.1.1                   python  
-xz-libs                         5.2.9-r0               apk     
+urllib3                         2.0.7                   python  
-zipp                            3.15.0                 python  
+utmps-libs                      0.1.2.1-r1              apk     
-zlib                            1.2.13-r0              apk     
+wheel                           0.42.0                  python  
-zope.interface                  6.0                    python  
+whois                           5.5.17-r0               apk     
-zstd-libs                       1.5.5-r0               apk     
+xz-libs                         5.4.3-r0                apk     
+zlib                            1.2.13-r1               apk     
+zope.interface                  6.1                     python  
+zstd-libs                       1.5.5-r4                apk     

readme-vars.yml

@@ -14,7 +14,6 @@ project_blurb_optional_extras: []
 available_architectures:
   - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
   - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
-  - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"}
 
 # development version
 development_versions: false
@@ -51,7 +50,7 @@ opt_param_usage_include_env: true
 opt_param_env_vars:
   - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
   - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `glesys`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
   - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
   - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@@ -84,13 +83,28 @@ app_setup_block: |
   * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
     * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
     * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
-    * DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
+    * DuckDNS only supports two types of DNS validated certificates (not both at the same time):
       1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
       2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
   * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
   * After setup, navigate to `https://yourdomain.url` to access the default homepage (http access through port 80 is disabled by default, you can enable it by editing the default site config at `/config/nginx/site-confs/default.conf`).
   * Certs are checked nightly and if expiration is within 30 days, renewal is attempted. If your cert is about to expire in less than 30 days, check the logs under `/config/log/letsencrypt` to see why the renewals have been failing. It is recommended to input your e-mail in docker parameters so you receive expiration notices from Let's Encrypt in those circumstances.
 
+  ### Certbot Plugins
+
+  SWAG includes many Certbot plugins out of the box, but not all plugins can be includes.
+  If you need a plugin that is not included, the quickest way to have the plugin available is to use our [Universal Package Install Docker Mod](https://github.com/linuxserver/docker-mods/tree/universal-package-install).
+
+  Set the following environment variables on your container:
+
+  ```yaml
+  DOCKER_MODS=linuxserver/mods:universal-package-install
+  INSTALL_PIP_PACKAGES=certbot-dns-<plugin>
+  ```
+
+  Set the required credentials (usually found in the plugin documentation) in `/config/dns-conf/<plugin>.ini`.
+  It is recommended to attempt obtaining a certificate with `STAGING=true` first to make sure the plugin is working as expected.
+
   ### Security and password protection
 
   * The container detects changes to url and subdomains, revokes existing certs and generates new ones during start.
@@ -154,6 +168,16 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "01.01.24:", desc: "Add GleSYS DNS plugin." }
+  - { date: "11.12.23:", desc: "Deprecate certbot-dns-dynu to resolve dependency conflicts with other plugins." }
+  - { date: "30.11.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) site-confs/default.conf - Fix index.php being downloaded on 404." }
+  - { date: "23.11.23:", desc: "Run certbot as root to allow fix http validation." }
+  - { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
+  - { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
+  - { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
+  - { date: "07.08.23:", desc: "Add Bunny DNS Configuration." }
+  - { date: "27.07.23:", desc: "Added support for dreamhost validation." }
+  - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." }
   - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." }
   - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." }
   - { date: "25.03.23:", desc: "Fix renewal post hook." }

root/defaults/dns-conf/bunny.ini

@@ -0,0 +1,2 @@
+# Bunny API token used by Certbot
+dns_bunny_api_key = a65e8ebd-45ab-44d2-a542-40d4d009e3bf

root/defaults/dns-conf/dreamhost.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/goncalo-leal/certbot-dns-dreamhost#usage
+# Replace with your values
+dns_dreamhost_baseurl = "https://api.dreamhost.com/"
+dns_dreamhost_api_key = "<api_key>"

root/defaults/dns-conf/dynu.ini

@@ -1,3 +0,0 @@
-# Instructions: https://github.com/bikram990/certbot-dns-dynu#configuration
-# Replace with your API token from your dynu account.
-dns_dynu_auth_token = AbCbASsd!@34

root/defaults/dns-conf/freedns.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/schleuss/certbot_dns_freedns#credentials
+# Replace with your values
+dns_freedns_username = myremoteuser
+dns_freedns_password = verysecureremoteuserpassword

root/defaults/dns-conf/glesys.ini

@@ -0,0 +1,5 @@
+# Instructions: https://github.com/runfalk/certbot-dns-glesys#usage
+
+# GleSYS API credentials used by Certbot
+dns_glesys_user = CL00000
+dns_glesys_password = apikeygoeshere

root/defaults/dns-conf/namecheap.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/knoxell/certbot-dns-namecheap#credentials
+# Namecheap API credentials used by Certbot
+dns_namecheap_username=my-username
+dns_namecheap_api_key=my-api-key

root/defaults/fail2ban/filter.d/nginx-deny.conf

@@ -12,4 +12,4 @@ datepattern = {^LN-BEG}
 
 # DEV NOTES:
 #
-# Author: Will L (driz@linuxserver.io)
+# Author: notdriz

root/defaults/fail2ban/filter.d/nginx-unauthorized.conf

@@ -3,5 +3,3 @@
 [Definition]
 
 failregex = ^<HOST>.*"(GET|POST|HEAD).*" (401) .*$
-
-ignoreregex = .*(?i)plex.*

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,4 +1,4 @@
-## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2023/11/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 
 # redirect all traffic to https
 server {
@@ -48,10 +48,24 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
-        try_files $uri $uri/ /index.html /index.php$is_args$args =404;
+        try_files $uri $uri/ /index.html /index.php$is_args$args;
     }
 
     location ~ ^(.+\.php)(.*)$ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        try_files $fastcgi_script_name =404;
         fastcgi_split_path_info ^(.+\.php)(.*)$;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_index index.php;

root/etc/crontabs/root

@@ -1,9 +1,2 @@
-# do daily/weekly/monthly maintenance
 # min   hour    day     month   weekday command
-*/15    *       *       *       *       run-parts /etc/periodic/15min
-0       *       *       *       *       run-parts /etc/periodic/hourly
-0       2       *       *       *       run-parts /etc/periodic/daily
-0       3       *       *       6       run-parts /etc/periodic/weekly
-0       5       1       *       *       run-parts /etc/periodic/monthly
-# renew letsencrypt certs
 8       2       *       *       *       /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -24,18 +24,44 @@ for i in "${SANED_VARS[@]}"; do
 done
 
 # check to make sure DNSPLUGIN is selected if dns validation is used
-if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
+CERTBOT_DNS_AUTHENTICATORS=$(certbot plugins --authenticators 2>/dev/null | sed -e 's/^Entry point: EntryPoint(name='\''cpanel'\''/Entry point: EntryPoint(name='\''dns-cpanel'\''/' -e '/EntryPoint(name='\''dns-/!d' -e 's/^Entry point: EntryPoint(name='\''dns-\([^ ]*\)'\'',/\1/' | sort)
-    echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
+if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | grep -q "${DNSPLUGIN}"; then
+    echo "Please set the DNSPLUGIN variable to one of the following:"
+    echo "${CERTBOT_DNS_AUTHENTICATORS}"
     sleep infinity
 fi
 
+# set owner of certbot's CONFIG_DIR, WORK_DIR, and LOGS_DIR to abc
+lsiown -R abc:abc \
+    /etc/letsencrypt \
+    /var/lib/letsencrypt \
+    /var/log/letsencrypt
+
+# set_ini_value logic:
+# - if the name is not found in the file, append the name=value to the end of the file
+# - if the name is found in the file, replace the value
+# - if the name is found in the file but commented out, uncomment the line and replace the value
+# call set_ini_value with parameters: $1=name $2=value $3=file
+function set_ini_value() {
+    name=${1//\//\\/}
+    value=${2//\//\\/}
+    sed -i \
+        -e '/^#\?\(\s*'"${name}"'\s*=\s*\).*/{s//\1'"${value}"'/;:a;n;ba;q}' \
+        -e '$a'"${name}"'='"${value}" "${3}"
+}
+
+# ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
+touch /config/etc/letsencrypt/cli.ini
+lsiown abc:abc /config/etc/letsencrypt/cli.ini
+grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
+
 # copy dns default configs
-cp -n /defaults/dns-conf/* /config/dns-conf/
+cp -n /defaults/dns-conf/* /config/dns-conf/ 2> >(grep -v 'cp: not replacing')
 lsiown -R abc:abc /config/dns-conf
 
 # copy default renewal hooks
 chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
-cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/
+cp -nR /defaults/etc/letsencrypt/renewal-hooks/* /config/etc/letsencrypt/renewal-hooks/ 2> >(grep -v 'cp: not replacing')
 lsiown -R abc:abc /config/etc/letsencrypt/renewal-hooks
 
 # replace nginx service location in renewal hooks
@@ -157,21 +183,25 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
     [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
     echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
     if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
-        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
+        REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
-        REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
-        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
         if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
-            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+            REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
-            sleep infinity
+            REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
+        fi
+        if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
+            REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
         fi
-        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
     elif [[ "${ORIGSTAGING}" = "true" ]]; then
-        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
+        REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
     else
-        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+        REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     fi
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+    else
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -182,9 +212,11 @@ echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS
 # Check if the cert is using the old LE root cert, revoke and regen if necessary
 if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
     echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
-    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+    else
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -208,52 +240,51 @@ else
     ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
 fi
 
-# figuring out url only vs url & subdomains vs subdomains only
+set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
+
+# figuring out domain only vs domain & subdomains vs subdomains only
+DOMAINS_ARRAY=()
+if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
+    DOMAINS_ARRAY+=("${URL}")
+fi
 if [[ -n "${SUBDOMAINS}" ]]; then
     echo "SUBDOMAINS entered, processing"
+    SUBDOMAINS_ARRAY=()
     if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
-        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
+        SUBDOMAINS_ARRAY+=("*.${URL}")
-            export URL_REAL="-d *.${URL}"
+        echo "Wildcard cert for ${URL} will be requested"
-            echo "Wildcard cert for only the subdomains of ${URL} will be requested"
-        else
-            export URL_REAL="-d *.${URL} -d ${URL}"
-            echo "Wildcard cert for ${URL} will be requested"
-        fi
     else
-        echo "SUBDOMAINS entered, processing"
         for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
-            export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
+            SUBDOMAINS_ARRAY+=("${job}.${URL}")
         done
-        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
+        echo "Sub-domains processed are: $(echo "${SUBDOMAINS_ARRAY[*]}" | tr " " ",")"
-            URL_REAL="${SUBDOMAINS_REAL}"
-            echo "Only subdomains, no URL in cert"
-        else
-            URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
-        fi
-        echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
     fi
-else
+    DOMAINS_ARRAY+=("${SUBDOMAINS_ARRAY[@]}")
-    echo "No subdomains defined"
-    URL_REAL="-d ${URL}"
 fi
 
 # add extra domains
 if [[ -n "${EXTRA_DOMAINS}" ]]; then
     echo "EXTRA_DOMAINS entered, processing"
+    EXTRA_DOMAINS_ARRAY=()
     for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
-        export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
+        EXTRA_DOMAINS_ARRAY+=("${job}")
     done
-    echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
+    echo "Extra domains processed are: $(echo "${EXTRA_DOMAINS_ARRAY[*]}" | tr " " ",")"
-    URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
+    DOMAINS_ARRAY+=("${EXTRA_DOMAINS_ARRAY[@]}")
 fi
 
+# setting domains in cli.ini
+set_ini_value "domains" "$(echo "${DOMAINS_ARRAY[*]}" | tr " " ",")" /config/etc/letsencrypt/cli.ini
+
 # figuring out whether to use e-mail and which
 if [[ ${EMAIL} == *@* ]]; then
     echo "E-mail address entered: ${EMAIL}"
-    EMAILPARAM="-m ${EMAIL} --no-eff-email"
+    set_ini_value "email" "${EMAIL}" /config/etc/letsencrypt/cli.ini
+    set_ini_value "no-eff-email" "true" /config/etc/letsencrypt/cli.ini
+    set_ini_value "register-unsafely-without-email" "false" /config/etc/letsencrypt/cli.ini
 else
     echo "No e-mail address entered or address invalid"
-    EMAILPARAM="--register-unsafely-without-email"
+    set_ini_value "register-unsafely-without-email" "true" /config/etc/letsencrypt/cli.ini
 fi
 
 # alter extension for error message
@@ -265,37 +296,41 @@ fi
 
 # setting the validation method to use
 if [[ "${VALIDATION}" = "dns" ]]; then
-    AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
+    set_ini_value "preferred-challenges" "dns" /config/etc/letsencrypt/cli.ini
-    DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+    set_ini_value "authenticator" "dns-${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
-    if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+    set_ini_value "dns-${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
+    if [[ -n "${PROPAGATION}" ]]; then set_ini_value "dns-${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
 
     # plugins that don't support setting credentials file
     if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
-        DNSCREDENTIALSPARAM=""
+        sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
     fi
     # plugins that don't support setting propagation
     if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
         if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
-        PROPAGATIONPARAM=""
+        sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
     fi
     # plugins that use old parameter naming convention
     if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
-        AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
+        sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
-        DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+        sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+        set_ini_value "authenticator" "${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
+        set_ini_value "${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
+        if [[ -n "${PROPAGATION}" ]]; then set_ini_value "${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
     fi
     # don't restore txt records when using DuckDNS plugin
     if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
-        AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
+        set_ini_value "dns-${DNSPLUGIN}-no-txt-restore" "true" /config/etc/letsencrypt/cli.ini
     fi
 
-    PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
     echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
 elif [[ "${VALIDATION}" = "tls-sni" ]]; then
-    PREFCHAL="--standalone --preferred-challenges http"
+    set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
     echo "*****tls-sni validation has been deprecated, attempting http validation instead"
 else
-    PREFCHAL="--standalone --preferred-challenges http"
+    set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
     echo "http validation is selected"
 fi
 
@@ -304,17 +339,17 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
     if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
         echo "Retrieving EAB from ZeroSSL"
         EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
-        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | jq .eab_kid)
-        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | jq .eab_hmac_key)
         if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
             echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
             sleep infinity
         fi
-        ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
+        set_ini_value "eab-kid" "${ZEROSSL_EAB_KID}" /config/etc/letsencrypt/cli.ini
+        set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
     fi
     echo "Generating new certificate"
-    # shellcheck disable=SC2086
+    certbot certonly --non-interactive --renew-by-default
-    certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
     if [[ ! -d /config/keys/letsencrypt ]]; then
         if [[ "${VALIDATION}" = "dns" ]]; then
             echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

@@ -1,38 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-# make folders
-mkdir -p \
-    /config/crontabs
-
-## root
-# if crontabs do not exist in config
-if [[ ! -f /config/crontabs/root ]]; then
-    # copy crontab from system
-    if crontab -l -u root; then
-        crontab -l -u root >/config/crontabs/root
-    fi
-
-    # if crontabs still do not exist in config (were not copied from system)
-    # copy crontab from included defaults (using -n, do not overwrite an existing file)
-    cp -n /etc/crontabs/root /config/crontabs/
-fi
-# set permissions and import user crontabs
-lsiown root:root /config/crontabs/root
-crontab -u root /config/crontabs/root
-
-## abc
-# if crontabs do not exist in config
-if [[ ! -f /config/crontabs/abc ]]; then
-    # copy crontab from system
-    if crontab -l -u abc; then
-        crontab -l -u abc >/config/crontabs/abc
-    fi
-
-    # if crontabs still do not exist in config (were not copied from system)
-    # copy crontab from included defaults (using -n, do not overwrite an existing file)
-    cp -n /etc/crontabs/abc /config/crontabs/
-fi
-# set permissions and import user crontabs
-lsiown abc:abc /config/crontabs/abc
-crontab -u abc /config/crontabs/abc

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type

@@ -1 +0,0 @@
-oneshot

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up

@@ -1 +0,0 @@
-/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

root/etc/s6-overlay/s6-rc.d/init-folders-config/run

@@ -3,7 +3,7 @@
 
 # make our folders and links
 mkdir -p \
-    /config/{fail2ban,crontabs,dns-conf} \
+    /config/{fail2ban,dns-conf} \
     /config/etc/letsencrypt/renewal-hooks \
     /config/log/{fail2ban,letsencrypt,nginx} \
     /config/nginx/proxy-confs \