[BUG] Edited cloudflare.ini file isn't mapped and prevents the container from starting

[sidneyelagib]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When you start the docker container it fails with "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.", it used to work fine but after enabling watchtower and updating to newer version, this issue started appearing.
When I log in the container and check the value of the /config/dns-conf/cloudflare.ini it's different than the mapped one.

The file on the host machine

cat cloudflare.ini
# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py#L20
# Replace with your values

# With global api key:
#dns_cloudflare_email = [email protected]
#dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567

# With token (comment out both lines above and uncomment below):
#dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
dns_cloudflare_api_token = **********

The file from the container

cat /config/dns-conf/cloudflare.ini
# Instructions: https://github.com/certbot/certbot/blob/master/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py#L20
# Replace with your values

# With global api key:
dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567

# With token (comment out both lines above and uncomment below):
#dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

Expected Behavior

The mapped file to match to one in the container and the container starts successfully.

Steps To Reproduce

1. Create a docker container with the following configuration (docker-compose.yml)

---
services:
  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    hostname: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris
      - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-uptime-kuma|linuxserver/mods:swag-cloudflare-real-ip|linuxserver/mods:swag-geoip2influx|linuxserver/mods:swag-maxmind
      - INSTALL_PIP_PACKAGES=certbot-dns-cloudflare
      - URL=example.com
      - SUBDOMAINS=wildcard
      - EXTRA_DOMAINS=example2.com,*.example2.com
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - EMAIL=****
      - STAGING=*****
      - MAXMINDDB_LICENSE_KEY=*****
      - DOCKER_HOST=tcp://socket-proxy:2375
      - UPTIME_KUMA_URL=http://uptime-kuma:3001
      - UPTIME_KUMA_USERNAME=*****
      - UPTIME_KUMA_PASSWORD=****
      - INFLUX_HOST=swag-influx
      - INFLUX_USER=****
      - INFLUX_PASS=****
    volumes:
      - ./swag/app:/config"
    ports:
      - 443:443
      - 80:80

  swag-influx:
    container_name: swag-influx
    image: influxdb:1.8
    hostname: swag-influx
    volumes:
      - ./swag/influxdb/data:/var/lib/influxdb2
      - ./swag/influxdb/config:/etc/influxdb2
    environment:
      - DOCKER_INFLUXDB_INIT_MODE=setup
      - DOCKER_INFLUXDB_INIT_USERNAME=******
      - DOCKER_INFLUXDB_INIT_PASSWORD=******
      - DOCKER_INFLUXDB_INIT_BUCKET=geoip2influx
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris
    

2. Run docker compose up
3. Compare the files from
   cat ./swag/app/dns-conf/cloudflare.ini and docker exec -it swag cat /config/cloudflare.ini

Environment

- OS: Debian12.7
- How docker service was installed: Via official docker repository

CPU architecture

x86-64

Docker creation

docker compose up
The docker-compose.yml file is below
---
services:
  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    hostname: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris
      - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-uptime-kuma|linuxserver/mods:swag-cloudflare-real-ip|linuxserver/mods:swag-geoip2influx|linuxserver/mods:swag-maxmind
      - INSTALL_PIP_PACKAGES=certbot-dns-cloudflare
      - URL=example.com
      - SUBDOMAINS=wildcard
      - EXTRA_DOMAINS=example2.com,*.example2.com
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - EMAIL=****
      - STAGING=*****
      - MAXMINDDB_LICENSE_KEY=*****
      - DOCKER_HOST=tcp://socket-proxy:2375
      - UPTIME_KUMA_URL=http://uptime-kuma:3001
      - UPTIME_KUMA_USERNAME=*****
      - UPTIME_KUMA_PASSWORD=****
      - INFLUX_HOST=swag-influx
      - INFLUX_USER=****
      - INFLUX_PASS=****
    volumes:
      - ./swag/app:/config"
    ports:
      - 443:443
      - 80:80

  swag-influx:
    container_name: swag-influx
    image: influxdb:1.8
    hostname: swag-influx
    volumes:
      - ./swag/influxdb/data:/var/lib/influxdb2
      - ./swag/influxdb/config:/etc/influxdb2
    environment:
      - DOCKER_INFLUXDB_INIT_MODE=setup
      - DOCKER_INFLUXDB_INIT_USERNAME=******
      - DOCKER_INFLUXDB_INIT_PASSWORD=******
      - DOCKER_INFLUXDB_INIT_BUCKET=geoip2influx
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris

Container logs

✔ Container socket-proxy  Running                                                                                                                                                    0.0s
 ✔ Container watchtower    Running                                                                                                                                                    0.0s
 ✔ Container uptime-kuma   Running                                                                                                                                                    0.0s
 ✔ Container swag-influx   Running                                                                                                                                                    0.0s
 ✔ Container swag          Created                                                                                                                                                    0.0s
Attaching to swag
swag  | [mod-init] Running Docker Modification Logic
swag  | [mod-init] Adding linuxserver/mods:universal-docker to container
swag  | [mod-init] linuxserver/mods:universal-docker at sha256:830ed079c9dc0b6ba0ffa7046135e0b10d175f658dd207692208851f2bcce392 has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-dashboard to container
swag  | [mod-init] linuxserver/mods:swag-dashboard at sha256:7923509263d7e4a92b693ed23c60d8d35e8e24a97bf06ea549be910c99256d7d has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-auto-proxy to container
swag  | [mod-init] linuxserver/mods:swag-auto-proxy at sha256:328593e64d6e0150cbe17472fa017fa2b06893149f8a363b0604a42581c251e0 has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-auto-reload to container
swag  | [mod-init] linuxserver/mods:swag-auto-reload at sha256:9dbae5d11b0dab3c5825a700ea1933a606a81df6312186da0f167e6ed8b6039e has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-auto-uptime-kuma to container
swag  | [mod-init] linuxserver/mods:swag-auto-uptime-kuma at sha256:81ea70dd581ec76ce249a6416e88f0e3426968ad07f3eb83d830a33a9e5c0227 has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-cloudflare-real-ip to container
swag  | [mod-init] linuxserver/mods:swag-cloudflare-real-ip at sha256:21aa292df04e2eddad2acfe90c81ec0e3254d4cf87535c72ef7b517be5428cef has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-geoip2influx to container
swag  | [mod-init] linuxserver/mods:swag-geoip2influx at sha256:1161809ed4c90db6fb051f9ff09b7a40ab9cc780d59ccb97826d6c4170741a26 has been previously applied skipping
swag  | [mod-init] Adding linuxserver/mods:swag-maxmind to container
swag  | [mod-init] linuxserver/mods:swag-maxmind at sha256:4f920f4949af13674bd0fdcb6010af441b51577e4096a28887e3fce10915415c has been previously applied skipping
swag  | [migrations] started
swag  | [migrations] 01-nginx-site-confs-default: skipped
swag  | [migrations] done
swag  | usermod: no changes
swag  | ───────────────────────────────────────
swag  |
swag  |       ██╗     ███████╗██╗ ██████╗
swag  |       ██║     ██╔════╝██║██╔═══██╗
swag  |       ██║     ███████╗██║██║   ██║
swag  |       ██║     ╚════██║██║██║   ██║
swag  |       ███████╗███████║██║╚██████╔╝
swag  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
swag  |
swag  |    Brought to you by linuxserver.io
swag  | ───────────────────────────────────────
swag  |
swag  | To support the app dev(s) visit:
swag  | Certbot: https://supporters.eff.org/donate/support-work-on-certbot
swag  |
swag  | To support LSIO projects visit:
swag  | https://www.linuxserver.io/donate/
swag  |
swag  | ───────────────────────────────────────
swag  | GID/UID
swag  | ───────────────────────────────────────
swag  |
swag  | User UID:    1000
swag  | User GID:    1000
swag  | ───────────────────────────────────────
swag  | Linuxserver.io version: 2.11.0-ls325
swag  | Build-date: 2024-09-21T03:22:27+00:00
swag  | ───────────────────────────────────────
swag  |
swag  | using keys found in /config/keys
swag  | Variables set:
swag  | PUID=1000
swag  | PGID=1000
swag  | TZ=Europe/Sofia
swag  | URL=graylock.eu
swag  | SUBDOMAINS=wildcard
swag  | EXTRA_DOMAINS=sidney.bg, *.sidney.bg
swag  | ONLY_SUBDOMAINS=false
swag  | VALIDATION=dns
swag  | CERTPROVIDER=
swag  | DNSPLUGIN=cloudflare
swag  | [email protected]
swag  | STAGING=false
swag  |
swag  | Using Let's Encrypt as the cert provider
swag  | SUBDOMAINS entered, processing
swag  | Wildcard cert for graylock.eu will be requested
swag  | EXTRA_DOMAINS entered, processing
swag  | Extra domains processed are: sidney.bg,*.sidney.bg
swag  | E-mail address entered: [email protected]
swag  | dns validation via cloudflare plugin is selected
swag  | Generating new certificate
swag  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
swag  | Requesting a certificate for graylock.eu and 3 more domains
swag  | Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini
swag  | Error determining zone_id: 9103 Unknown X-Auth-Key or X-Auth-Email. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter the correct email address and Global key?)
swag  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
swag  | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[sidneyelagib]

One workaround for the time being is log into the container and manually update the /config/dns-conf/cloudflare.ini and restart the container if anyone stumbles on the same issue.

[sidneyelagib]

Looking into the details, the error is with my docker-compose file with one " at the end of the volume mapping.
Closing the issue.