Is there an existing issue for this?
Current Behavior
This behavior is an existing bug in the acme.sh script. While it isn't your job to fix that script, I'd hope that for the meantime, a log warning on emails containing a plus be added to help mitigate this issue. I confirmed that using my base email with no plus immediately fixes the problem.
Expected Behavior
A certificate generated with ZeroSSL using an email containing a + should properly parse and generate the certificate.
Steps To Reproduce
- Use the
Create container via dns validation with a wildcard cert instructions and switch to ZeroSSL.
- Create a ZeroSSL account with an email that contains a
+.
- It should produce an error along the lines of
The request message was malformed :: [External Account Binding] The Key Identifier was not recognized
Environment
- OS: Ubuntu 24.10
- How docker service was installed: apt package manager
CPU architecture
x86-64
Docker creation
services:
swag:
image: lscr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- URL=<my domain>
- SUBDOMAINS=wildcard
- VALIDATION=dns
- DNSPLUGIN=Porkbun
- DOCKER_MODS=linuxserver/mods:swag-dashboard
- CERTPROVIDER=zerossl
- EMAIL=<my email with a +>@example.com
volumes:
-<swag dir>:/config
ports:
- 443:443
- 80:80
- 81:81
restart: unless-stoppedContainer logs
[mod-init] Running Docker Modification Logic
[mod-init] Adding linuxserver/mods:swag-dashboard to container
[mod-init] Downloading linuxserver/mods:swag-dashboard from lscr.io
[mod-init] Installing linuxserver/mods:swag-dashboard
[mod-init] linuxserver/mods:swag-dashboard applied to container
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] 02-swag-old-certbot-paths: skipped
[migrations] done
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 3.3.0-ls373
Build-date: 2025-03-29T03:33:22+00:00
───────────────────────────────────────
using keys found in /config/keys
Variables set:
PUID=1000
PGID=1000
TZ=America/New_York
URL=<domain>
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=dns
CERTPROVIDER=zerossl
DNSPLUGIN=Porkbun
EMAIL=<email>
STAGING=
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Saving debug log to /config/log/letsencrypt/letsencrypt.log
Deleted all files relating to certificate <domain>.
Congratulations! You have successfully revoked the certificate that was located at /config/etc/letsencrypt/live/<domain>/fullchain.pem.
ZeroSSL is selected as the cert provider, registering cert with <email>
SUBDOMAINS entered, processing
Wildcard cert for <domain> will be requested
E-mail address entered: <email>
dns validation via porkbun plugin is selected
Retrieving EAB from ZeroSSL
Generating new certificate
Saving debug log to /config/log/letsencrypt/letsencrypt.log
Unable to register an account with ACME server. Error returned by the ACME server: [External Account Binding] The Key Identifier was not recognized
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /config/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/porkbun.ini file.
Is there an existing issue for this?
Current Behavior
This behavior is an existing bug in the
acme.shscript. While it isn't your job to fix that script, I'd hope that for the meantime, a log warning on emails containing a plus be added to help mitigate this issue. I confirmed that using my base email with no plus immediately fixes the problem.Expected Behavior
A certificate generated with ZeroSSL using an email containing a
+should properly parse and generate the certificate.Steps To Reproduce
Create container via dns validation with a wildcard certinstructions and switch to ZeroSSL.+.The request message was malformed :: [External Account Binding] The Key Identifier was not recognizedEnvironment
CPU architecture
x86-64
Docker creation
services: swag: image: lscr.io/linuxserver/swag container_name: swag cap_add: - NET_ADMIN environment: - PUID=1000 - PGID=1000 - TZ=America/New_York - URL=<my domain> - SUBDOMAINS=wildcard - VALIDATION=dns - DNSPLUGIN=Porkbun - DOCKER_MODS=linuxserver/mods:swag-dashboard - CERTPROVIDER=zerossl - EMAIL=<my email with a +>@example.com volumes: -<swag dir>:/config ports: - 443:443 - 80:80 - 81:81 restart: unless-stoppedContainer logs