did it…
and reinstalled a domain.
the dnsmasq Error is not anymore displayed
but still can´t install Let’s Encrypt for the domain
Yes, that’s because it had nothing to do with recreating the domain.
I mistaken your issue for a renewal issue instead of an initial install. So instead you should :
yunohost domain cert-install your.domain.tld --no-checks
now i tried this for the new domian i just created
root@my:~# yunohost domain cert-install kalender.xyz.de --no-checks
Info: Now attempting install of certificate for domain kalender.xyz.de!
Success! The SSOwat configuration has been generated
Info: Parsing account key...
Info: Parsing CSR...
Info: Found domains: kalender.xyz.de
Info: Getting directory...
Info: Directory found!
Info: Registering account...
Info: Already registered!
Info: Creating new order...
Info: Order created!
Info: Verifying kalender.xyz.de...
Error: Challenge did not pass for kalender.xyz.de: {u'status': u'invalid', u'challenges': [{u'status': u'i
nvalid', u'validationRecord': [{u'url': u'http://kalender.xyz.de/.well-known/acme-challenge/iqi7vksgtQmzU2
zHK72lRUD8qI9-wp2652nVtq7oB3g', u'hostname': u'kalender.xyz.de', u'addressUsed': u'45.67.69.51', u'port':
u'80', u'addressesResolved': [u'45.67.69.51']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/
1293611920/ropeWg', u'token': u'iqi7vksgtQmzU2zHK72lRUD8qI9-wp2652nVtq7oB3g', u'error': {u'status': 403, u'typ
e': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'Invalid response from http://kalender.xyz.de/
.well-known/acme-challenge/iqi7vksgtQmzU2zHK72lRUD8qI9-wp2652nVtq7oB3g [45.67.69.51]: "<html>\\r\\n<head><titl
e>404 Not Found</title></head>\\r\\n<body bgcolor=\\"white\\">\\r\\n<center><h1>404 Not Found</h1></center>\\r
\\n<hr><center>"'}, u'type': u'http-01'}, {u'status': u'invalid', u'url': u'https://acme-v02.api.letsencrypt.o
rg/acme/chall-v3/1293611920/nMUrtw', u'token': u'iqi7vksgtQmzU2zHK72lRUD8qI9-wp2652nVtq7oB3g', u'type': u'dns-
01'}, {u'status': u'invalid', u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/1293611920/8ApEag',
u'token': u'iqi7vksgtQmzU2zHK72lRUD8qI9-wp2652nVtq7oB3g', u'type': u'tls-alpn-01'}], u'identifier': {u'type':
u'dns', u'value': u'kalender.xyz.de'}, u'expires': u'2019-11-25T11:59:45Z'}
Warning: Debug information:
- domain ip from DNS 45.67.69.51
- domain ip from local DNS 2.244.67.206
- public ip of the server 2.244.67.206
Warning: Debug information:
- domain ip from DNS 45.67.69.51
- domain ip from local DNS 2.244.67.206
- public ip of the server 2.244.67.206
Error: Certificate installation for kalender.xyz.de failed !
Exception: Signing the new certificate failed
Info: The operation 'Install Let's encrypt certificate on 'kalender.xyz.de' domain' has failed! To get hel
p, please share the full log of this operation using the command 'yunohost log display 20191118-115907-letsenc
rypt_cert_install-kalender.xyz.de --share'
root@my:~#Well then, it was not a false negative, there is an issue in your DNS, since the IP to which the domain points is not the public IP of the server …
it used to work and still does with all my old domains,
I´m not aware of that I changed any DNS setting…
I´m running a small homeserver,
just have a dynamic IP
useing a service to update this IP all the time
where can i look for errors?
I don’t know, it all depends of how you interact with your registrar, which is not something handled for YunoHost (except for the nohost.me / noho.st domains…)
But what the message says is pretty explicit :
Warning: Debug information:
- domain ip from DNS 45.67.69.51
- domain ip from local DNS 2.244.67.206
- public ip of the server 2.244.67.206
i.e. the IP from the DNS does not match the public IP of the server …
hmmm
2.244.67.206 is the current IP of my connection
45.67.69.51 is the IP for the main domain, of my registrar
yunohost is installed on a sub.domain
for this sub.domain i use a dynDNS service to point to my current IP and this works very well.
for other sub.domains I set up an CNAME record at the registrar which points also to my current IP. Than in Yunohost i create this sub.domains as well and in the past i could also create a Let’s Encrypt certificate for those…
Now i noticed that the self-signed certificate for new sub.domains is not from the same sub.domian i installed yunohost on…
How could I correct this?
How is in yunohost the domain defined which is used to create self-signed certificates ?
Basically it’s the very first domain you chose during the postinstall … But I don’t see why you would care so much about self-signed certificates. They are pointless except for your very own use and if you know what you’re doing, in which case you don’t care so much about what’s the issue name anyway. Just aim to install Let’s Encrypt certificate …
Ok - I just don´t understand why eveything is working fine for the sub.domain I installed yunohost on and not for new Let’s Encrypt certificates . I think that is because when a new sub.domain is created with a self-signed certificat is uses a doman for which the DNS is not working… if yunohost would use the same domain as it is installed on than it DNS should work… thats why i ask…
still have not solved my problem but I learned again a lot…
I want to say thank your once again for your help - your are one of my heros - I mean it… yunohost is just amazing
1 Like
my registrar solved the DNS problem and Let´s Encrypt can be installed 
so it was NOT a yunohost problem
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.