Bot Updating Package Versions

Fix "unrecognized arguments" issue in DirectAdmin DNS plugin

Dockerfile

@@ -91,6 +91,7 @@ RUN \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
+    certbot-dns-bunny \
     certbot-dns-cloudflare \
     certbot-dns-cpanel \
     certbot-dns-desec \
@@ -101,8 +102,10 @@ RUN \
     certbot-dns-dnspod \
     certbot-dns-do \
     certbot-dns-domeneshop \
+    certbot-dns-dreamhost \
     certbot-dns-duckdns \
     certbot-dns-dynu \
+    certbot-dns-freedns \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
@@ -115,6 +118,7 @@ RUN \
     certbot-dns-linode \
     certbot-dns-loopia \
     certbot-dns-luadns \
+    certbot-dns-namecheap \
     certbot-dns-netcup \
     certbot-dns-njalla \
     certbot-dns-nsone \

Dockerfile.aarch64

@@ -91,6 +91,7 @@ RUN \
     certbot-dns-acmedns \
     certbot-dns-aliyun \
     certbot-dns-azure \
+    certbot-dns-bunny \
     certbot-dns-cloudflare \
     certbot-dns-cpanel \
     certbot-dns-desec \
@@ -101,8 +102,10 @@ RUN \
     certbot-dns-dnspod \
     certbot-dns-do \
     certbot-dns-domeneshop \
+    certbot-dns-dreamhost \
     certbot-dns-duckdns \
     certbot-dns-dynu \
+    certbot-dns-freedns \
     certbot-dns-gehirn \
     certbot-dns-godaddy \
     certbot-dns-google \
@@ -115,6 +118,7 @@ RUN \
     certbot-dns-linode \
     certbot-dns-loopia \
     certbot-dns-luadns \
+    certbot-dns-namecheap \
     certbot-dns-netcup \
     certbot-dns-njalla \
     certbot-dns-nsone \

Jenkinsfile

@@ -16,7 +16,6 @@ pipeline {
     GITHUB_TOKEN=credentials('498b4638-2d02-4ce5-832d-8a57d01d97ab')
     GITLAB_TOKEN=credentials('b6f0f1dd-6952-4cf6-95d1-9c06380283f0')
     GITLAB_NAMESPACE=credentials('gitlab-namespace-id')
-    SCARF_TOKEN=credentials('scarf_api_key')
     EXT_PIP = 'certbot'
     BUILD_VERSION_ARG = 'CERTBOT_VERSION'
     LS_USER = 'linuxserver'
@@ -329,12 +328,12 @@ pipeline {
               else
                 echo "false" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
               fi
-              mkdir -p ${TEMPDIR}/gitbook
+              mkdir -p ${TEMPDIR}/docs
-              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation
+              git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/docs/docker-documentation
-              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
+              if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/docs/docker-documentation/docs/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
-                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
+                cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/docs/docker-documentation/docs/images/
-                cd ${TEMPDIR}/gitbook/docker-documentation/
+                cd ${TEMPDIR}/docs/docker-documentation
-                git add images/docker-${CONTAINER_NAME}.md
+                git add docs/images/docker-${CONTAINER_NAME}.md
                 git commit -m 'Bot Updating Documentation'
                 git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/linuxserver/docker-documentation.git --all
               fi
@@ -425,35 +424,6 @@ pipeline {
              "visibility":"public"}' '''
       } 
     }
-    /* #######################
-           Scarf.sh package registry
-       ####################### */
-    // Add package to Scarf.sh and set permissions
-    stage("Scarf.sh package registry"){
-      when {
-        branch "master"
-        environment name: 'EXIT_STATUS', value: ''
-      }
-      steps{
-        sh '''#! /bin/bash
-              PACKAGE_UUID=$(curl -X GET -H "Authorization: Bearer ${SCARF_TOKEN}" https://scarf.sh/api/v1/organizations/linuxserver-ci/packages | jq -r '.[] | select(.name=="linuxserver/swag") | .uuid' || :)
-              if [ -z "${PACKAGE_UUID}" ]; then
-                echo "Adding package to Scarf.sh"
-                curl -sX POST https://scarf.sh/api/v1/organizations/linuxserver-ci/packages \
-                  -H "Authorization: Bearer ${SCARF_TOKEN}" \
-                  -H "Content-Type: application/json" \
-                  -d '{"name":"linuxserver/swag",\
-                       "shortDescription":"example description",\
-                       "libraryType":"docker",\
-                       "website":"https://github.com/linuxserver/docker-swag",\
-                       "backendUrl":"https://ghcr.io/linuxserver/swag",\
-                       "publicUrl":"https://lscr.io/linuxserver/swag"}' || :
-              else
-                echo "Package already exists on Scarf.sh"
-              fi
-           '''
-      } 
-    }
     /* ###############
        Build Container
        ############### */
@@ -849,6 +819,41 @@ pipeline {
               curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/releases -d @releasebody.json.done'''
       }
     }
+    // Add protection to the release branch
+    stage('Github-Release-Branch-Protection') {
+      when {
+        branch "master"
+        environment name: 'CHANGE_ID', value: ''
+        environment name: 'EXIT_STATUS', value: ''
+      }
+      steps {
+        echo "Setting up protection for release branch master"
+        sh '''#! /bin/bash
+          curl -H "Authorization: token ${GITHUB_TOKEN}" -X PUT https://api.github.com/repos/${LS_USER}/${LS_REPO}/branches/master/protection \
+          -d $(jq -c .  << EOF
+            {
+              "required_status_checks": null,
+              "enforce_admins": false,
+              "required_pull_request_reviews": {
+                "dismiss_stale_reviews": false,
+                "require_code_owner_reviews": false,
+                "require_last_push_approval": false,
+                "required_approving_review_count": 1
+              },
+              "restrictions": null,
+              "required_linear_history": false,
+              "allow_force_pushes": false,
+              "allow_deletions": false,
+              "block_creations": false,
+              "required_conversation_resolution": true,
+              "lock_branch": false,
+              "allow_fork_syncing": false,
+              "required_signatures": false
+            }
+EOF
+          ) '''
+      }
+    }
     // Use helper container to sync the current README on master to the dockerhub endpoint
     stage('Sync-README') {
       when {

README.md

@@ -1,6 +1,5 @@
-<!-- DO NOT EDIT THIS FILE MANUALLY  -->
+<!-- DO NOT EDIT THIS FILE MANUALLY -->
-<!-- Please read the https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
+<!-- Please read https://github.com/linuxserver/docker-swag/blob/master/.github/CONTRIBUTING.md -->
-
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
 
 [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
@@ -68,7 +67,7 @@ The architectures supported by this image are:
 * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
   * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
   * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
-  * DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
+  * DuckDNS only supports two types of DNS validated certificates (not both at the same time):
     1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
     2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
 * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
@@ -138,7 +137,7 @@ Please follow the instructions [on this blog post](https://www.linuxserver.io/bl
 
 ## Usage
 
-Here are some example snippets to help you get started creating a container.
+To help you get started creating a container from this image you can either use docker-compose or the docker cli.
 
 ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
 
@@ -197,12 +196,11 @@ docker run -d \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
-
 ```
 
 ## Parameters
 
-Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
+Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 
 | Parameter | Function |
 | :----: | --- |
@@ -215,7 +213,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e VALIDATION=http` | Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only) |
 | `-e CERTPROVIDER=` | Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt. |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e PROPAGATION=` | Optionally override (in seconds) the default propagation time for the dns plugins. |
 | `-e EMAIL=` | Optional e-mail address used for cert expiration notifications (Required for ZeroSSL). |
 | `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
@@ -234,10 +232,10 @@ You can set any environment variable from a file by using a special prepend `FIL
 As an example:
 
 ```bash
--e FILE__PASSWORD=/run/secrets/mysecretpassword
+-e FILE__MYVAR=/run/secrets/mysecretvariable
 ```
 
-Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
+Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file.
 
 ## Umask for running applications
 
@@ -246,15 +244,20 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu
 
 ## User / Group Identifiers
 
-When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
+When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 
-In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
+In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below:
 
 ```bash
-  $ id username
+id your_user
-    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
+```
+
+Example output:
+
+```text
+uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)
 ```
 
 ## Docker Mods
@@ -265,12 +268,29 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 
 ## Support Info
 
-* Shell access whilst the container is running: `docker exec -it swag /bin/bash`
+* Shell access whilst the container is running:
-* To monitor the logs of the container in realtime: `docker logs -f swag`
+
-* container version number
+    ```bash
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' swag`
+    docker exec -it swag /bin/bash
-* image version number
+    ```
-  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest`
+
+* To monitor the logs of the container in realtime:
+
+    ```bash
+    docker logs -f swag
+    ```
+
+* Container version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' swag
+    ```
+
+* Image version number:
+
+    ```bash
+    docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/swag:latest
+    ```
 
 ## Updating Info
 
@@ -280,38 +300,83 @@ Below are the instructions for updating containers:
 
 ### Via Docker Compose
 
-* Update all images: `docker-compose pull`
+* Update images:
-  * or update a single image: `docker-compose pull swag`
+    * All images:
-* Let compose update all containers as necessary: `docker-compose up -d`
+
-  * or update a single container: `docker-compose up -d swag`
+        ```bash
-* You can also remove the old dangling images: `docker image prune`
+        docker-compose pull
+        ```
+
+    * Single image:
+
+        ```bash
+        docker-compose pull swag
+        ```
+
+* Update containers:
+    * All containers:
+
+        ```bash
+        docker-compose up -d
+        ```
+
+    * Single container:
+
+        ```bash
+        docker-compose up -d swag
+        ```
+
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Via Docker Run
 
-* Update the image: `docker pull lscr.io/linuxserver/swag:latest`
+* Update the image:
-* Stop the running container: `docker stop swag`
+
-* Delete the container: `docker rm swag`
+    ```bash
+    docker pull lscr.io/linuxserver/swag:latest
+    ```
+
+* Stop the running container:
+
+    ```bash
+    docker stop swag
+    ```
+
+* Delete the container:
+
+    ```bash
+    docker rm swag
+    ```
+
 * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
-* You can also remove the old dangling images: `docker image prune`
+* You can also remove the old dangling images:
+
+    ```bash
+    docker image prune
+    ```
 
 ### Via Watchtower auto-updater (only use if you don't remember the original parameters)
 
 * Pull the latest image at its tag and replace it with the same env variables in one run:
 
-  ```bash
+    ```bash
-  docker run --rm \
+    docker run --rm \
-  -v /var/run/docker.sock:/var/run/docker.sock \
+      -v /var/run/docker.sock:/var/run/docker.sock \
-  containrrr/watchtower \
+      containrrr/watchtower \
-  --run-once swag
+      --run-once swag
-  ```
+    ```
 
 * You can also remove the old dangling images: `docker image prune`
 
-**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
+**warning**: We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
 
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 
-* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
+**tip**: We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 
 ## Building locally
 
@@ -336,6 +401,11 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **01.10.23:** - Fix "unrecognized arguments" issue in DirectAdmin DNS plugin.
+* **28.08.23:** - Add Namecheap DNS plugin.
+* **12.08.23:** - Add FreeDNS plugin. Detect certbot DNS authenticators using CLI.
+* **07.08.23:** - Add Bunny DNS Configuration.
+* **27.07.23:** - Added support for dreamhost validation.
 * **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf.
 * **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
 * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.

package_versions.txt

@@ -1,56 +1,60 @@
 NAME                            VERSION                 TYPE   
-ConfigArgParse                  1.5.5                   python  
+ConfigArgParse                  1.7                     python  
-PyJWT                           2.7.0                   python  
+PyJWT                           2.8.0                   python  
-PyYAML                          6.0                     python  
+PyNamecheap                     0.0.3                   python  
-acme                            2.6.0                   python  
+PyYAML                          6.0.1                   python  
+Simple Launcher Executable      1.1.0.14                dotnet  
+acme                            2.7.1                   python  
 alpine-baselayout               3.4.3-r1                apk     
 alpine-baselayout-data          3.4.3-r1                apk     
 alpine-keys                     2.4-r1                  apk     
-alpine-release                  3.18.2-r0               apk     
+alpine-release                  3.18.4-r0               apk     
 aom-libs                        3.6.1-r0                apk     
-apache2-utils                   2.4.57-r2               apk     
+apache2-utils                   2.4.57-r3               apk     
 apk-tools                       2.14.0-r2               apk     
 apr                             1.7.4-r0                apk     
 apr-util                        1.6.3-r1                apk     
 argon2-libs                     20190702-r4             apk     
 attrs                           23.1.0                  python  
 azure-common                    1.1.28                  python  
-azure-core                      1.27.1                  python  
+azure-core                      1.29.4                  python  
-azure-identity                  1.13.0                  python  
+azure-identity                  1.14.1                  python  
 azure-mgmt-core                 1.4.0                   python  
 azure-mgmt-dns                  8.1.0                   python  
 bash                            5.2.15-r5               apk     
 beautifulsoup4                  4.12.2                  python  
-boto3                           1.26.165                python  
+boto3                           1.28.63                 python  
-botocore                        1.29.165                python  
+botocore                        1.31.63                 python  
 brotli-libs                     1.0.9-r14               apk     
 bs4                             0.0.1                   python  
-busybox                         1.36.1                  binary  
+busybox                         1.36.1-r2               apk     
-busybox                         1.36.1-r0               apk     
+busybox-binsh                   1.36.1-r2               apk     
-busybox-binsh                   1.36.1-r0               apk     
 c-client                        2007f-r15               apk     
 ca-certificates                 20230506-r0             apk     
 ca-certificates-bundle          20230506-r0             apk     
 cachetools                      5.3.1                   python  
-certbot                         2.6.0                   python  
+certbot                         2.7.1                   python  
 certbot-dns-acmedns             0.1.0                   python  
 certbot-dns-aliyun              2.0.0                   python  
-certbot-dns-azure               2.3.0                   python  
+certbot-dns-azure               2.4.0                   python  
-certbot-dns-cloudflare          2.6.0                   python  
+certbot-dns-bunny               0.0.9                   python  
+certbot-dns-cloudflare          2.7.1                   python  
 certbot-dns-cpanel              0.4.0                   python  
 certbot-dns-desec               1.2.1                   python  
-certbot-dns-digitalocean        2.6.0                   python  
+certbot-dns-digitalocean        2.7.1                   python  
 certbot-dns-directadmin         1.0.3                   python  
 certbot-dns-dnsimple            2.6.0                   python  
 certbot-dns-dnsmadeeasy         2.6.0                   python  
 certbot-dns-dnspod              0.1.0                   python  
 certbot-dns-do                  0.31.0                  python  
 certbot-dns-domeneshop          0.2.9                   python  
+certbot-dns-dreamhost           1.0                     python  
 certbot-dns-duckdns             1.3                     python  
 certbot-dns-dynu                0.0.4                   python  
+certbot-dns-freedns             0.1.0                   python  
 certbot-dns-gehirn              2.6.0                   python  
 certbot-dns-godaddy             0.2.2                   python  
-certbot-dns-google              2.6.0                   python  
+certbot-dns-google              2.7.1                   python  
 certbot-dns-google-domains      0.1.11                  python  
 certbot-dns-he                  1.0.0                   python  
 certbot-dns-hetzner             2.0.0                   python  
@@ -60,36 +64,37 @@ certbot-dns-ionos               2022.11.24              python
 certbot-dns-linode              2.6.0                   python  
 certbot-dns-loopia              1.0.1                   python  
 certbot-dns-luadns              2.6.0                   python  
-certbot-dns-netcup              1.3.0                   python  
+certbot-dns-namecheap           1.0.0                   python  
+certbot-dns-netcup              1.3.1                   python  
 certbot-dns-njalla              1.0.0                   python  
 certbot-dns-nsone               2.6.0                   python  
 certbot-dns-ovh                 2.6.0                   python  
 certbot-dns-porkbun             0.8                     python  
-certbot-dns-rfc2136             2.6.0                   python  
+certbot-dns-rfc2136             2.7.1                   python  
-certbot-dns-route53             2.6.0                   python  
+certbot-dns-route53             2.7.1                   python  
 certbot-dns-sakuracloud         2.6.0                   python  
 certbot-dns-standalone          1.1                     python  
 certbot-dns-transip             0.5.2                   python  
 certbot-dns-vultr               1.1.0                   python  
 certbot-plugin-gandi            1.4.3                   python  
-certifi                         2023.5.7                python  
+certifi                         2023.7.22               python  
-cffi                            1.15.1                  python  
+cffi                            1.16.0                  python  
-charset-normalizer              3.1.0                   python  
+charset-normalizer              3.3.0                   python  
-cloudflare                      2.11.6                  python  
+cloudflare                      2.12.4                  python  
 configobj                       5.0.8                   python  
 coreutils                       9.3-r1                  apk     
-cryptography                    41.0.1                  python  
+cryptography                    41.0.4                  python  
-curl                            8.1.2-r0                apk     
+curl                            8.3.0-r0                apk     
-dataclasses-json                0.5.9                   python  
+dataclasses-json                0.5.14                  python  
 distro                          1.8.0                   python  
 dns-lexicon                     3.11.7                  python  
 dnslib                          0.9.23                  python  
-dnspython                       2.3.0                   python  
+dnspython                       2.4.2                   python  
 domeneshop                      0.4.3                   python  
 fail2ban                        1.0.2                   python  
 fail2ban                        1.0.2-r2                apk     
 fail2ban-pyc                    1.0.2-r2                apk     
-filelock                        3.12.2                  python  
+filelock                        3.12.4                  python  
 fontconfig                      2.14.2-r3               apk     
 freetype                        2.13.0-r5               apk     
 future                          0.18.3                  python  
@@ -97,36 +102,36 @@ gdbm                            1.23-r1                 apk
 git                             2.40.1-r0               apk     
 git-perl                        2.40.1-r0               apk     
 gmp                             6.2.1-r3                apk     
-gnupg                           2.4.1-r1                apk     
+gnupg                           2.4.3-r0                apk     
-gnupg-dirmngr                   2.4.1-r1                apk     
+gnupg-dirmngr                   2.4.3-r0                apk     
-gnupg-gpgconf                   2.4.1-r1                apk     
+gnupg-gpgconf                   2.4.3-r0                apk     
-gnupg-keyboxd                   2.4.1-r1                apk     
+gnupg-keyboxd                   2.4.3-r0                apk     
-gnupg-utils                     2.4.1-r1                apk     
+gnupg-utils                     2.4.3-r0                apk     
-gnupg-wks-client                2.4.1-r1                apk     
+gnupg-wks-client                2.4.3-r0                apk     
 gnutls                          3.8.0-r2                apk     
-google-api-core                 2.11.1                  python  
+google-api-core                 2.12.0                  python  
-google-api-python-client        2.91.0                  python  
+google-api-python-client        2.103.0                 python  
-google-auth                     2.21.0                  python  
+google-auth                     2.23.3                  python  
-google-auth-httplib2            0.1.0                   python  
+google-auth-httplib2            0.1.1                   python  
-googleapis-common-protos        1.59.1                  python  
+googleapis-common-protos        1.61.0                  python  
-gpg                             2.4.1-r1                apk     
+gpg                             2.4.3-r0                apk     
-gpg-agent                       2.4.1-r1                apk     
+gpg-agent                       2.4.3-r0                apk     
-gpg-wks-server                  2.4.1-r1                apk     
+gpg-wks-server                  2.4.3-r0                apk     
-gpgsm                           2.4.1-r1                apk     
+gpgsm                           2.4.3-r0                apk     
-gpgv                            2.4.1-r1                apk     
+gpgv                            2.4.3-r0                apk     
 httplib2                        0.22.0                  python  
-icu-data-en                     73.2-r1                 apk     
+icu-data-en                     73.2-r2                 apk     
-icu-libs                        73.2-r1                 apk     
+icu-libs                        73.2-r2                 apk     
 idna                            3.4                     python  
-importlib-metadata              6.7.0                   python  
+importlib-metadata              6.8.0                   python  
 ip6tables                       1.8.9-r2                apk     
 iptables                        1.8.9-r2                apk     
 isodate                         0.6.1                   python  
 jmespath                        1.0.1                   python  
 josepy                          1.13.0                  python  
 jq                              1.6-r3                  apk     
-jsonlines                       3.1.0                   python  
+jsonlines                       4.0.0                   python  
-jsonpickle                      3.0.1                   python  
+jsonpickle                      3.0.2                   python  
 libacl                          2.3.1-r3                apk     
 libassuan                       2.5.6-r0                apk     
 libattr                         2.5.1-r4                apk     
@@ -134,8 +139,8 @@ libavif                         0.11.1-r2               apk
 libbsd                          0.11.7-r1               apk     
 libbz2                          1.0.8-r5                apk     
 libc-utils                      0.7.2-r5                apk     
-libcrypto3                      3.1.1-r1                apk     
+libcrypto3                      3.1.3-r0                apk     
-libcurl                         8.1.2-r0                apk     
+libcurl                         8.3.0-r0                apk     
 libdav1d                        1.2.1-r0                apk     
 libedit                         20221030.3.1-r1         apk     
 libevent                        2.1.12-r6               apk     
@@ -150,7 +155,7 @@ libidn2                         2.3.4-r1                apk
 libintl                         0.21.1-r7               apk     
 libjpeg-turbo                   2.1.5.1-r3              apk     
 libksba                         1.6.4-r0                apk     
-libldap                         2.6.4-r3                apk     
+libldap                         2.6.5-r0                apk     
 libmaxminddb-libs               1.7.1-r1                apk     
 libmcrypt                       2.5.8-r10               apk     
 libmd                           1.0.4-r2                apk     
@@ -160,18 +165,18 @@ libncursesw                     6.4_p20230506-r0        apk
 libnftnl                        1.2.5-r1                apk     
 libpanelw                       6.4_p20230506-r0        apk     
 libpng                          1.6.39-r3               apk     
-libpq                           15.3-r0                 apk     
+libpq                           15.4-r0                 apk     
-libproc2                        4.0.3-r1                apk     
+libproc2                        4.0.4-r0                apk     
 libsasl                         2.1.28-r4               apk     
 libseccomp                      2.5.4-r2                apk     
 libsm                           1.2.4-r1                apk     
 libsodium                       1.0.18-r3               apk     
-libssl3                         3.1.1-r1                apk     
+libssl3                         3.1.3-r0                apk     
 libstdc++                       12.2.1_git20220924-r10  apk     
 libtasn1                        4.19.0-r1               apk     
 libunistring                    1.1-r1                  apk     
 libuuid                         2.38.1-r8               apk     
-libwebp                         1.3.1-r0                apk     
+libwebp                         1.3.2-r0                apk     
 libx11                          1.8.4-r4                apk     
 libxau                          1.0.11-r2               apk     
 libxcb                          1.15-r1                 apk     
@@ -185,24 +190,22 @@ libzip                          1.9.2-r2                apk
 linux-pam                       1.5.2-r10               apk     
 logrotate                       3.21.0-r1               apk     
 loopialib                       0.2.0                   python  
-lxml                            4.9.2                   python  
+lxml                            4.9.3                   python  
 lz4-libs                        1.9.4-r4                apk     
-marshmallow                     3.19.0                  python  
+marshmallow                     3.20.1                  python  
-marshmallow-enum                1.5.1                   python  
-memcached                       1.6.21                  binary  
 memcached                       1.6.21-r0               apk     
-mock                            5.0.2                   python  
+mock                            5.1.0                   python  
 mpdecimal                       2.5.1-r2                apk     
-msal                            1.22.0                  python  
+msal                            1.24.1                  python  
 msal-extensions                 1.0.0                   python  
-musl                            1.2.4-r0                apk     
+musl                            1.2.4-r2                apk     
-musl-utils                      1.2.4-r0                apk     
+musl-utils                      1.2.4-r2                apk     
 mypy-extensions                 1.0.0                   python  
 nano                            7.2-r1                  apk     
 ncurses-terminfo-base           6.4_p20230506-r0        apk     
 netcat-openbsd                  1.219-r1                apk     
 nettle                          3.8.1-r2                apk     
-nghttp2-libs                    1.53.0-r0               apk     
+nghttp2-libs                    1.55.1-r0               apk     
 nginx                           1.24.0-r6               apk     
 nginx-mod-devel-kit             1.24.0-r6               apk     
 nginx-mod-http-brotli           1.24.0-r6               apk     
@@ -224,73 +227,71 @@ nginx-mod-stream-geoip2         1.24.0-r6               apk
 nginx-vim                       1.24.0-r6               apk     
 npth                            1.6-r4                  apk     
 oniguruma                       6.9.8-r1                apk     
-openssl                         3.1.1-r1                apk     
+openssl                         3.1.3-r0                apk     
 p11-kit                         0.24.1-r2               apk     
-packaging                       23.1                    python  
+packaging                       23.2                    python  
 parsedatetime                   2.6                     python  
 pcre                            8.45-r3                 apk     
 pcre2                           10.42-r1                apk     
 perl                            5.36.1-r2               apk     
 perl-error                      0.17029-r1              apk     
 perl-git                        2.40.1-r0               apk     
-php-cli                         8.2.7                   binary  
+php82                           8.2.10-r0               apk     
-php-fpm                         8.2.7                   binary  
+php82-bcmath                    8.2.10-r0               apk     
-php82                           8.2.7-r0                apk     
+php82-bz2                       8.2.10-r0               apk     
-php82-bcmath                    8.2.7-r0                apk     
+php82-common                    8.2.10-r0               apk     
-php82-bz2                       8.2.7-r0                apk     
+php82-ctype                     8.2.10-r0               apk     
-php82-common                    8.2.7-r0                apk     
+php82-curl                      8.2.10-r0               apk     
-php82-ctype                     8.2.7-r0                apk     
+php82-dom                       8.2.10-r0               apk     
-php82-curl                      8.2.7-r0                apk     
+php82-exif                      8.2.10-r0               apk     
-php82-dom                       8.2.7-r0                apk     
+php82-fileinfo                  8.2.10-r0               apk     
-php82-exif                      8.2.7-r0                apk     
+php82-fpm                       8.2.10-r0               apk     
-php82-fileinfo                  8.2.7-r0                apk     
+php82-ftp                       8.2.10-r0               apk     
-php82-fpm                       8.2.7-r0                apk     
+php82-gd                        8.2.10-r0               apk     
-php82-ftp                       8.2.7-r0                apk     
+php82-gmp                       8.2.10-r0               apk     
-php82-gd                        8.2.7-r0                apk     
+php82-iconv                     8.2.10-r0               apk     
-php82-gmp                       8.2.7-r0                apk     
+php82-imap                      8.2.10-r0               apk     
-php82-iconv                     8.2.7-r0                apk     
+php82-intl                      8.2.10-r0               apk     
-php82-imap                      8.2.7-r0                apk     
+php82-ldap                      8.2.10-r0               apk     
-php82-intl                      8.2.7-r0                apk     
+php82-mbstring                  8.2.10-r0               apk     
-php82-ldap                      8.2.7-r0                apk     
+php82-mysqli                    8.2.10-r0               apk     
-php82-mbstring                  8.2.7-r0                apk     
+php82-mysqlnd                   8.2.10-r0               apk     
-php82-mysqli                    8.2.7-r0                apk     
+php82-opcache                   8.2.10-r0               apk     
-php82-mysqlnd                   8.2.7-r0                apk     
+php82-openssl                   8.2.10-r0               apk     
-php82-opcache                   8.2.7-r0                apk     
+php82-pdo                       8.2.10-r0               apk     
-php82-openssl                   8.2.7-r0                apk     
+php82-pdo_mysql                 8.2.10-r0               apk     
-php82-pdo                       8.2.7-r0                apk     
+php82-pdo_odbc                  8.2.10-r0               apk     
-php82-pdo_mysql                 8.2.7-r0                apk     
+php82-pdo_pgsql                 8.2.10-r0               apk     
-php82-pdo_odbc                  8.2.7-r0                apk     
+php82-pdo_sqlite                8.2.10-r0               apk     
-php82-pdo_pgsql                 8.2.7-r0                apk     
+php82-pear                      8.2.10-r0               apk     
-php82-pdo_sqlite                8.2.7-r0                apk     
-php82-pear                      8.2.7-r0                apk     
 php82-pecl-apcu                 5.1.22-r0               apk     
 php82-pecl-igbinary             3.2.14-r0               apk     
 php82-pecl-mcrypt               1.0.6-r0                apk     
 php82-pecl-memcached            3.2.0-r1                apk     
 php82-pecl-msgpack              2.2.0-r0                apk     
-php82-pecl-redis                5.3.7-r2                apk     
+php82-pecl-redis                6.0.1-r0                apk     
-php82-pgsql                     8.2.7-r0                apk     
+php82-pgsql                     8.2.10-r0               apk     
-php82-phar                      8.2.7-r0                apk     
+php82-phar                      8.2.10-r0               apk     
-php82-posix                     8.2.7-r0                apk     
+php82-posix                     8.2.10-r0               apk     
-php82-session                   8.2.7-r0                apk     
+php82-session                   8.2.10-r0               apk     
-php82-simplexml                 8.2.7-r0                apk     
+php82-simplexml                 8.2.10-r0               apk     
-php82-soap                      8.2.7-r0                apk     
+php82-soap                      8.2.10-r0               apk     
-php82-sockets                   8.2.7-r0                apk     
+php82-sockets                   8.2.10-r0               apk     
-php82-sodium                    8.2.7-r0                apk     
+php82-sodium                    8.2.10-r0               apk     
-php82-sqlite3                   8.2.7-r0                apk     
+php82-sqlite3                   8.2.10-r0               apk     
-php82-tokenizer                 8.2.7-r0                apk     
+php82-tokenizer                 8.2.10-r0               apk     
-php82-xml                       8.2.7-r0                apk     
+php82-xml                       8.2.10-r0               apk     
-php82-xmlreader                 8.2.7-r0                apk     
+php82-xmlreader                 8.2.10-r0               apk     
-php82-xmlwriter                 8.2.7-r0                apk     
+php82-xmlwriter                 8.2.10-r0               apk     
-php82-xsl                       8.2.7-r0                apk     
+php82-xsl                       8.2.10-r0               apk     
-php82-zip                       8.2.7-r0                apk     
+php82-zip                       8.2.10-r0               apk     
 pinentry                        1.2.1-r1                apk     
-pip                             23.1.2                  python  
+pip                             23.2.1                  python  
 pkb-client                      1.2                     python  
 popt                            1.19-r2                 apk     
-portalocker                     2.7.0                   python  
+portalocker                     2.8.2                   python  
-procps-ng                       4.0.3-r1                apk     
+procps-ng                       4.0.4-r0                apk     
-protobuf                        4.23.3                  python  
+protobuf                        4.24.4                  python  
 publicsuffixlist                0.9.4                   python  
 pyOpenSSL                       23.2.0                  python  
 pyRFC3339                       1.1                     python  
@@ -299,42 +300,41 @@ pyasn1                          0.5.0                   python
 pyasn1-modules                  0.3.0                   python  
 pyc                             0.1-r0                  apk     
 pycparser                       2.21                    python  
-pyparsing                       3.1.0                   python  
+pyparsing                       3.1.1                   python  
-python                          3.11.4                  binary  
 python-dateutil                 2.8.2                   python  
 python-digitalocean             1.17.0                  python  
 python-transip                  0.6.0                   python  
-python3                         3.11.4-r0               apk     
+python3                         3.11.6-r0               apk     
-python3-pyc                     3.11.4-r0               apk     
+python3-pyc                     3.11.6-r0               apk     
-python3-pycache-pyc0            3.11.4-r0               apk     
+python3-pycache-pyc0            3.11.6-r0               apk     
-pytz                            2023.3                  python  
+pytz                            2023.3.post1            python  
 readline                        8.2.1-r1                apk     
 requests                        2.31.0                  python  
 requests-file                   1.5.1                   python  
 requests-mock                   1.11.0                  python  
 rsa                             4.9                     python  
-s3transfer                      0.6.1                   python  
+s3transfer                      0.7.0                   python  
 scanelf                         1.3.7-r1                apk     
 setuptools                      65.5.0                  python  
 shadow                          4.13-r4                 apk     
 six                             1.16.0                  python  
 skalibs                         2.13.1.1-r1             apk     
-soupsieve                       2.4.1                   python  
+soupsieve                       2.5                     python  
 sqlite-libs                     3.41.2-r2               apk     
-ssl_client                      1.36.1-r0               apk     
+ssl_client                      1.36.1-r2               apk     
 tiff                            4.5.1-r0                apk     
-tldextract                      3.4.4                   python  
+tldextract                      5.0.0                   python  
 typing-inspect                  0.9.0                   python  
-typing_extensions               4.7.0                   python  
+typing_extensions               4.8.0                   python  
 tzdata                          2023c-r1                apk     
 unixodbc                        2.3.11-r2               apk     
 uritemplate                     4.1.1                   python  
-urllib3                         1.26.16                 python  
+urllib3                         1.26.17                 python  
 utmps-libs                      0.1.2.1-r1              apk     
-wheel                           0.40.0                  python  
+wheel                           0.41.2                  python  
 whois                           5.5.17-r0               apk     
 xz-libs                         5.4.3-r0                apk     
-zipp                            3.15.0                  python  
+zipp                            3.17.0                  python  
 zlib                            1.2.13-r1               apk     
-zope.interface                  6.0                     python  
+zope.interface                  6.1                     python  
 zstd-libs                       1.5.5-r4                apk     

readme-vars.yml

@@ -50,7 +50,7 @@ opt_param_usage_include_env: true
 opt_param_env_vars:
   - { env_var: "SUBDOMAINS", env_value: "www,", desc: "Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)" }
   - { env_var: "CERTPROVIDER", env_value: "", desc: "Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt." }
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `duckdns`, `dynu`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `dynu`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "PROPAGATION", env_value: "", desc: "Optionally override (in seconds) the default propagation time for the dns plugins." }
   - { env_var: "EMAIL", env_value: "", desc: "Optional e-mail address used for cert expiration notifications (Required for ZeroSSL)." }
   - { env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`" }
@@ -83,7 +83,7 @@ app_setup_block: |
   * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
     * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
     * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
-    * DuckDNS only supoprts two types of DNS validated certificates (not both at the same time):
+    * DuckDNS only supports two types of DNS validated certificates (not both at the same time):
       1. Certs that only cover your main subdomain (ie. `yoursubdomain.duckdns.org`, leave the `SUBDOMAINS` variable empty)
       2. Certs that cover sub-subdomains of your main subdomain (ie. `*.yoursubdomain.duckdns.org`, set the `SUBDOMAINS` variable to `wildcard`)
   * `--cap-add=NET_ADMIN` is required for fail2ban to modify iptables
@@ -153,6 +153,11 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "01.10.23:", desc: "Fix \"unrecognized arguments\" issue in DirectAdmin DNS plugin." }
+  - { date: "28.08.23:", desc: "Add Namecheap DNS plugin." }
+  - { date: "12.08.23:", desc: "Add FreeDNS plugin. Detect certbot DNS authenticators using CLI." }
+  - { date: "07.08.23:", desc: "Add Bunny DNS Configuration." }
+  - { date: "27.07.23:", desc: "Added support for dreamhost validation." }
   - { date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf." }
   - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." }
   - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." }

root/defaults/dns-conf/bunny.ini

@@ -0,0 +1,2 @@
+# Bunny API token used by Certbot
+dns_bunny_api_key = a65e8ebd-45ab-44d2-a542-40d4d009e3bf

root/defaults/dns-conf/dreamhost.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/goncalo-leal/certbot-dns-dreamhost#usage
+# Replace with your values
+dns_dreamhost_baseurl = "https://api.dreamhost.com/"
+dns_dreamhost_api_key = "<api_key>"

root/defaults/dns-conf/freedns.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/schleuss/certbot_dns_freedns#credentials
+# Replace with your values
+dns_freedns_username = myremoteuser
+dns_freedns_password = verysecureremoteuserpassword

root/defaults/dns-conf/namecheap.ini

@@ -0,0 +1,4 @@
+# Instructions: https://github.com/knoxell/certbot-dns-namecheap#credentials
+# Namecheap API credentials used by Certbot
+dns_namecheap_username=my-username
+dns_namecheap_api_key=my-api-key

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -24,11 +24,30 @@ for i in "${SANED_VARS[@]}"; do
 done
 
 # check to make sure DNSPLUGIN is selected if dns validation is used
-if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azure|cloudflare|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|google-domains|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
+CERTBOT_DNS_AUTHENTICATORS=$(certbot plugins --authenticators 2>/dev/null | sed -e 's/^Entry point: EntryPoint(name='\''cpanel'\''/Entry point: EntryPoint(name='\''dns-cpanel'\''/' -e '/EntryPoint(name='\''dns-/!d' -e 's/^Entry point: EntryPoint(name='\''dns-\([^ ]*\)'\'',/\1/' | sort)
-    echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
+if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | grep -q "${DNSPLUGIN}"; then
+    echo "Please set the DNSPLUGIN variable to one of the following:"
+    echo "${CERTBOT_DNS_AUTHENTICATORS}"
     sleep infinity
 fi
 
+# set_ini_value logic:
+# - if the name is not found in the file, append the name=value to the end of the file
+# - if the name is found in the file, replace the value
+# - if the name is found in the file but commented out, uncomment the line and replace the value
+# call set_ini_value with parameters: $1=name $2=value $3=file
+function set_ini_value() {
+    name=${1//\//\\/}
+    value=${2//\//\\/}
+    sed -i \
+        -e '/^#\?\(\s*'"${name}"'\s*=\s*\).*/{s//\1'"${value}"'/;:a;n;ba;q}' \
+        -e '$a'"${name}"'='"${value}" "${3}"
+}
+
+# ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
+touch /config/etc/letsencrypt/cli.ini
+grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
+
 # copy dns default configs
 cp -n /defaults/dns-conf/* /config/dns-conf/ 2> >(grep -v 'cp: not replacing')
 lsiown -R abc:abc /config/dns-conf
@@ -157,21 +176,25 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
     [[ ! "${CERTPROVIDER}" = "${ORIGCERTPROVIDER}" ]]; then
     echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
     if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
-        REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
+        REV_ACMESERVER=("https://acme.zerossl.com/v2/DV90")
-        REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
-        REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' "/config/etc/letsencrypt/renewal/${ORIGDOMAIN}.conf" | tr -d ' ')
         if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
-            echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
+            REV_ZEROSSL_EAB_KID=$(awk -F "=" '/eab-kid/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
-            sleep infinity
+            REV_ZEROSSL_EAB_HMAC_KEY=$(awk -F "=" '/eab-hmac-key/ {print $2}' /config/etc/letsencrypt/cli.ini | tr -d ' ')
+        fi
+        if [[ -n "${REV_ZEROSSL_EAB_KID}" ]] && [[ -n "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
+            REV_ACMESERVER+=("--eab-kid" "${REV_ZEROSSL_EAB_KID}" "--eab-hmac-key" "${REV_ZEROSSL_EAB_HMAC_KEY}")
         fi
-        REV_ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${REV_ZEROSSL_EAB_KID} --eab-hmac-key ${REV_ZEROSSL_EAB_HMAC_KEY}"
     elif [[ "${ORIGSTAGING}" = "true" ]]; then
-        REV_ACMESERVER="https://acme-staging-v02.api.letsencrypt.org/directory"
+        REV_ACMESERVER=("https://acme-staging-v02.api.letsencrypt.org/directory")
     else
-        REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+        REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     fi
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+    else
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -182,9 +205,11 @@ echo -e "ORIGURL=\"${URL}\" ORIGSUBDOMAINS=\"${SUBDOMAINS}\" ORIGONLY_SUBDOMAINS
 # Check if the cert is using the old LE root cert, revoke and regen if necessary
 if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "letsencrypt" ]] || [[ "${CERTPROVIDER}" == "" ]]; } && [[ "${STAGING}" != "true" ]] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
     echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
-    REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
+    REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server ${REV_ACMESERVER} || true
+        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+    else
+        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -208,52 +233,51 @@ else
     ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
 fi
 
-# figuring out url only vs url & subdomains vs subdomains only
+set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
+
+# figuring out domain only vs domain & subdomains vs subdomains only
+DOMAINS_ARRAY=()
+if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
+    DOMAINS_ARRAY+=("${URL}")
+fi
 if [[ -n "${SUBDOMAINS}" ]]; then
     echo "SUBDOMAINS entered, processing"
+    SUBDOMAINS_ARRAY=()
     if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
-        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
+        SUBDOMAINS_ARRAY+=("*.${URL}")
-            export URL_REAL="-d *.${URL}"
+        echo "Wildcard cert for ${URL} will be requested"
-            echo "Wildcard cert for only the subdomains of ${URL} will be requested"
-        else
-            export URL_REAL="-d *.${URL} -d ${URL}"
-            echo "Wildcard cert for ${URL} will be requested"
-        fi
     else
-        echo "SUBDOMAINS entered, processing"
         for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
-            export SUBDOMAINS_REAL="${SUBDOMAINS_REAL} -d ${job}.${URL}"
+            SUBDOMAINS_ARRAY+=("${job}.${URL}")
         done
-        if [[ "${ONLY_SUBDOMAINS}" = true ]]; then
+        echo "Sub-domains processed are: $(echo "${SUBDOMAINS_ARRAY[*]}" | tr " " ",")"
-            URL_REAL="${SUBDOMAINS_REAL}"
-            echo "Only subdomains, no URL in cert"
-        else
-            URL_REAL="-d ${URL}${SUBDOMAINS_REAL}"
-        fi
-        echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
     fi
-else
+    DOMAINS_ARRAY+=("${SUBDOMAINS_ARRAY[@]}")
-    echo "No subdomains defined"
-    URL_REAL="-d ${URL}"
 fi
 
 # add extra domains
 if [[ -n "${EXTRA_DOMAINS}" ]]; then
     echo "EXTRA_DOMAINS entered, processing"
+    EXTRA_DOMAINS_ARRAY=()
     for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
-        export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL} -d ${job}"
+        EXTRA_DOMAINS_ARRAY+=("${job}")
     done
-    echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}"
+    echo "Extra domains processed are: $(echo "${EXTRA_DOMAINS_ARRAY[*]}" | tr " " ",")"
-    URL_REAL="${URL_REAL} ${EXTRA_DOMAINS_REAL}"
+    DOMAINS_ARRAY+=("${EXTRA_DOMAINS_ARRAY[@]}")
 fi
 
+# setting domains in cli.ini
+set_ini_value "domains" "$(echo "${DOMAINS_ARRAY[*]}" | tr " " ",")" /config/etc/letsencrypt/cli.ini
+
 # figuring out whether to use e-mail and which
 if [[ ${EMAIL} == *@* ]]; then
     echo "E-mail address entered: ${EMAIL}"
-    EMAILPARAM="-m ${EMAIL} --no-eff-email"
+    set_ini_value "email" "${EMAIL}" /config/etc/letsencrypt/cli.ini
+    set_ini_value "no-eff-email" "true" /config/etc/letsencrypt/cli.ini
+    set_ini_value "register-unsafely-without-email" "false" /config/etc/letsencrypt/cli.ini
 else
     echo "No e-mail address entered or address invalid"
-    EMAILPARAM="--register-unsafely-without-email"
+    set_ini_value "register-unsafely-without-email" "true" /config/etc/letsencrypt/cli.ini
 fi
 
 # alter extension for error message
@@ -265,37 +289,41 @@ fi
 
 # setting the validation method to use
 if [[ "${VALIDATION}" = "dns" ]]; then
-    AUTHENTICATORPARAM="--authenticator dns-${DNSPLUGIN}"
+    set_ini_value "preferred-challenges" "dns" /config/etc/letsencrypt/cli.ini
-    DNSCREDENTIALSPARAM="--dns-${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+    set_ini_value "authenticator" "dns-${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
-    if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+    set_ini_value "dns-${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
+    if [[ -n "${PROPAGATION}" ]]; then set_ini_value "dns-${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
 
     # plugins that don't support setting credentials file
     if [[ "${DNSPLUGIN}" =~ ^(route53|standalone)$ ]]; then
-        DNSCREDENTIALSPARAM=""
+        sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
     fi
     # plugins that don't support setting propagation
     if [[ "${DNSPLUGIN}" =~ ^(azure|gandi|route53|standalone)$ ]]; then
         if [[ -n "${PROPAGATION}" ]]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
-        PROPAGATIONPARAM=""
+        sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
     fi
     # plugins that use old parameter naming convention
     if [[ "${DNSPLUGIN}" =~ ^(cpanel)$ ]]; then
-        AUTHENTICATORPARAM="--authenticator ${DNSPLUGIN}"
+        sed -i "/^dns-${DNSPLUGIN}-credentials\b/d" /config/etc/letsencrypt/cli.ini
-        DNSCREDENTIALSPARAM="--${DNSPLUGIN}-credentials ${DNSCREDENTIALFILE}"
+        sed -i "/^dns-${DNSPLUGIN}-propagation-seconds\b/d" /config/etc/letsencrypt/cli.ini
-        if [[ -n "${PROPAGATION}" ]]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
+        set_ini_value "authenticator" "${DNSPLUGIN}" /config/etc/letsencrypt/cli.ini
+        set_ini_value "${DNSPLUGIN}-credentials" "${DNSCREDENTIALFILE}" /config/etc/letsencrypt/cli.ini
+        if [[ -n "${PROPAGATION}" ]]; then set_ini_value "${DNSPLUGIN}-propagation-seconds" "${PROPAGATION}" /config/etc/letsencrypt/cli.ini; fi
     fi
     # don't restore txt records when using DuckDNS plugin
     if [[ "${DNSPLUGIN}" =~ ^(duckdns)$ ]]; then
-        AUTHENTICATORPARAM="${AUTHENTICATORPARAM} --dns-${DNSPLUGIN}-no-txt-restore"
+        set_ini_value "dns-${DNSPLUGIN}-no-txt-restore" "true" /config/etc/letsencrypt/cli.ini
     fi
 
-    PREFCHAL="${AUTHENTICATORPARAM} ${DNSCREDENTIALSPARAM} ${PROPAGATIONPARAM}"
     echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
 elif [[ "${VALIDATION}" = "tls-sni" ]]; then
-    PREFCHAL="--standalone --preferred-challenges http"
+    set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
     echo "*****tls-sni validation has been deprecated, attempting http validation instead"
 else
-    PREFCHAL="--standalone --preferred-challenges http"
+    set_ini_value "preferred-challenges" "http" /config/etc/letsencrypt/cli.ini
+    set_ini_value "authenticator" "standalone" /config/etc/letsencrypt/cli.ini
     echo "http validation is selected"
 fi
 
@@ -304,17 +332,17 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
     if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
         echo "Retrieving EAB from ZeroSSL"
         EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
-        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
+        ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | jq .eab_kid)
-        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
+        ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | jq .eab_hmac_key)
         if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
             echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
             sleep infinity
         fi
-        ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
+        set_ini_value "eab-kid" "${ZEROSSL_EAB_KID}" /config/etc/letsencrypt/cli.ini
+        set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
     fi
     echo "Generating new certificate"
-    # shellcheck disable=SC2086
+    certbot certonly --non-interactive --renew-by-default
-    certbot certonly --non-interactive --renew-by-default --server ${ACMESERVER} ${ZEROSSL_EAB} ${PREFCHAL} --rsa-key-size 4096 ${EMAILPARAM} --agree-tos ${URL_REAL}
     if [[ ! -d /config/keys/letsencrypt ]]; then
         if [[ "${VALIDATION}" = "dns" ]]; then
             echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."