Added do (domainoffensive) validation plugin for certbot. closes #262

[n00b42]

---

• I have read the contributing guideline and understand that I have made the correct modifications

---

Description:

Adding support for using DO (DomainOffensive) DNS validation.

• Add do DNS validation via certbot-dns-do to Dockerfiles.
• Added 'do' to valid dns plugin lists in 50-config and readme-vars.yml
• Added 'do.ini' config file to dns-conf directory

Benefits of this PR and context:

Allow other users with DO DNS service to utilize this container for their own environments and use cases.

How Has This Been Tested?

sudo docker build --no-cache --pull -t linuxserver/swag:latest .

compose file:

---
version: "2.1"
services:
  swag:
#    image: lscr.io/linuxserver/swag
    image: linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
#      - PUID=1000
#      - PGID=1000
      - TZ=Europe/Berlin
      - URL=domain.tld
      - SUBDOMAINS=wasub
#      - EXTRA_DOMAINS=<extradomains> #optional
      - ONLY_SUBDOMAINS=true #optional
      - VALIDATION=dns
#      - CERTPROVIDER= #optional
      - DNSPLUGIN=do
#      - EMAIL=<e-mail> #optional
      - STAGING=true #optional
    volumes:
      - ./data:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped

docker-compose up -d

Attaching to swag
swag  | [custom-init] no custom services found, skipping...
swag  | s6-rc: info: service s6rc-oneshot-runner: starting
swag  | s6-rc: info: service s6rc-oneshot-runner successfully started
swag  | s6-rc: info: service fix-attrs: starting
swag  | s6-rc: info: service 00-legacy: starting
swag  | s6-rc: info: service 00-legacy successfully started
swag  | s6-rc: info: service fix-attrs successfully started
swag  | s6-rc: info: service legacy-cont-init: starting
swag  | cont-init: info: running /etc/cont-init.d/01-envfile
swag  | cont-init: info: /etc/cont-init.d/01-envfile exited 0
swag  | cont-init: info: running /etc/cont-init.d/02-tamper-check
swag  | cont-init: info: /etc/cont-init.d/02-tamper-check exited 0
swag  | cont-init: info: running /etc/cont-init.d/10-adduser
swag  | usermod: no changes
swag  | 
swag  | -------------------------------------
swag  |           _         ()
swag  |          | |  ___   _    __
swag  |          | | / __| | |  /  \
swag  |          | | \__ \ | | | () |
swag  |          |_| |___/ |_|  \__/
swag  | 
swag  | 
swag  | Brought to you by linuxserver.io
swag  | -------------------------------------
swag  | 
swag  | To support the app dev(s) visit:
swag  | Certbot: https://supporters.eff.org/donate/support-work-on-certbot
swag  | 
swag  | To support LSIO projects visit:
swag  | https://www.linuxserver.io/donate/
swag  | -------------------------------------
swag  | GID/UID
swag  | -------------------------------------
swag  | 
swag  | User uid:    911
swag  | User gid:    911
swag  | -------------------------------------
swag  | 
swag  | cont-init: info: /etc/cont-init.d/10-adduser exited 0
swag  | cont-init: info: running /etc/cont-init.d/20-config
swag  | cont-init: info: /etc/cont-init.d/20-config exited 0
swag  | cont-init: info: running /etc/cont-init.d/30-keygen
swag  | using keys found in /config/keys
swag  | cont-init: info: /etc/cont-init.d/30-keygen exited 0
swag  | cont-init: info: running /etc/cont-init.d/50-config
swag  | Variables set:
swag  | PUID=
swag  | PGID=
swag  | TZ=Europe/Berlin
swag  | URL=domain.tld
swag  | SUBDOMAINS=wasub
swag  | EXTRA_DOMAINS=
swag  | ONLY_SUBDOMAINS=true
swag  | VALIDATION=dns
swag  | CERTPROVIDER=
swag  | DNSPLUGIN=do
swag  | EMAIL=
swag  | STAGING=true
swag  | 
swag  | NOTICE: Staging is active
swag  | Using Let's Encrypt as the cert provider
swag  | SUBDOMAINS entered, processing
swag  | SUBDOMAINS entered, processing
swag  | Only subdomains, no URL in cert
swag  | Sub-domains processed are:  -d wasub.domain.tld
swag  | No e-mail address entered or address invalid
swag  | dns validation via do plugin is selected
swag  | Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
swag  | Generating new certificate
swag  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
swag  | Account registered.
swag  | Requesting a certificate for wasub.domain.tld
swag  | Unsafe permissions on credentials configuration file: /config/dns-conf/do.ini
swag  | Waiting 10 seconds for DNS changes to propagate
swag  | 
swag  | Successfully received certificate.
swag  | Certificate is saved at: /etc/letsencrypt/live/wasub.domain.tld/fullchain.pem
swag  | Key is saved at:         /etc/letsencrypt/live/wasub.domain.tld/privkey.pem
swag  | This certificate expires on 2022-12-10.
swag  | These files will be updated when the certificate renews.
swag  | NEXT STEPS:
swag  | - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
swag  | 
swag  | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
swag  | If you like Certbot, please consider supporting our work by:
swag  |  * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
swag  |  * Donating to EFF:                    https://eff.org/donate-le
swag  | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
swag  | New certificate generated; starting nginx
swag  | cont-init: info: /etc/cont-init.d/50-config exited 0
swag  | cont-init: info: running /etc/cont-init.d/60-renew
swag  | The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
swag  | cont-init: info: /etc/cont-init.d/60-renew exited 0
swag  | cont-init: info: running /etc/cont-init.d/70-templates
swag  | cont-init: info: /etc/cont-init.d/70-templates exited 0
swag  | cont-init: info: running /etc/cont-init.d/90-custom-folders
swag  | cont-init: info: /etc/cont-init.d/90-custom-folders exited 0
swag  | cont-init: info: running /etc/cont-init.d/99-custom-files
swag  | [custom-init] no custom files found, skipping...
swag  | cont-init: info: /etc/cont-init.d/99-custom-files exited 0
swag  | s6-rc: info: service legacy-cont-init successfully started
swag  | s6-rc: info: service init-mods: starting
swag  | s6-rc: info: service init-mods successfully started
swag  | s6-rc: info: service init-mods-package-install: starting
swag  | s6-rc: info: service init-mods-package-install successfully started
swag  | s6-rc: info: service init-mods-end: starting
swag  | s6-rc: info: service init-mods-end successfully started
swag  | s6-rc: info: service init-services: starting
swag  | s6-rc: info: service init-services successfully started
swag  | s6-rc: info: service legacy-services: starting
swag  | services-up: info: copying legacy longrun cron (no readiness notification)
swag  | services-up: info: copying legacy longrun fail2ban (no readiness notification)
swag  | services-up: info: copying legacy longrun nginx (no readiness notification)
swag  | services-up: info: copying legacy longrun php-fpm (no readiness notification)
swag  | s6-rc: info: service legacy-services successfully started
swag  | s6-rc: info: service 99-ci-service-check: starting
swag  | [ls.io-init] done.
swag  | s6-rc: info: service 99-ci-service-check successfully started
swag  | Server ready

Manually inspected contents of certificate, looking correct.

Source / References:

https://github.com/georgeto/certbot-dns-do
https://pypi.org/project/certbot-dns-do/

[github-actions]

Thanks for opening this pull request! Be sure to follow the pull request template!

[LinuxServer-CI]

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/swag/1.30.0-pkg-69185835-pr-263/index.html
https://ci-tests.linuxserver.io/lspipepr/swag/1.30.0-pkg-69185835-pr-263/shellcheck-result.xml

[thespad]

All looks good, but needs to wait on #169 (you may have to rebase against it post-merge). Shoudn't have too wait too long.

[aptalca]

Please rebase (also update the changelog entry) and we'll merge.

Thanks

[n00b42]

@aptalca done.

[LinuxServer-CI]

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/swag/1.30.0-pkg-f50ec6c1-pr-263/index.html
https://ci-tests.linuxserver.io/lspipepr/swag/1.30.0-pkg-f50ec6c1-pr-263/shellcheck-result.xml