I did go through all previous discussions on this issue and could not find a valid solution
Hardware: Pi 4
YunoHost version: 4.1.x (currently upgraded to 4.2 wherein the issue still persists)
I have access to my server : SSH + Webmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
I tried to create a new domain for zeronet and then tried to issue a lets encrypt certificate from the web interface wherein it failed. Then I tried to renew my main domain (pi4.navan.dev) which happened successfully. So, I tried renewing my homeassistant domain but it failed, so I converted it into self-signed and trying creating a new one.
args: force: false no_checks: false staging: false ended_at: 2021-04-24 09:23:37.466222 error: 'Certificate installation for homeassistant.domain2.tld failed ! Exception: Could not sign the new certificate' interface: api operation: letsencrypt_cert_install parent: null related_to: - - domain - homeassistant.domain2.tld started_at: 2021-04-24 09:23:20.302254 success: false yunohost_version: 4.1.8 ============ 2021-04-24 10:23:20,326: DEBUG - Making sure tmp folders exists... 2021-04-24 10:23:20,327: DEBUG - Reusing IPv4 from cache: xx.xx.xx.xx 2021-04-24 10:23:20,328: DEBUG - Reusing IPv6 from cache: None 2021-04-24 10:23:20,329: DEBUG - Prepare key and certificate signing request (CSR) for homeassistant.domain2.tld... 2021-04-24 10:23:22,794: DEBUG - Saving to /tmp/acme-challenge-private/homeassistant.domain2.tld.csr. 2021-04-24 10:23:22,795: DEBUG - Now using ACME Tiny to sign the certificate... 2021-04-24 10:23:22,796: INFO - Parsing account key... 2021-04-24 10:23:22,824: INFO - Parsing CSR... 2021-04-24 10:23:22,852: INFO - Found domains: homeassistant.domain2.tld 2021-04-24 10:23:22,854: INFO - Getting directory... 2021-04-24 10:23:24,280: INFO - Directory found! 2021-04-24 10:23:24,282: INFO - Registering account... 2021-04-24 10:23:31,947: INFO - Already registered! 2021-04-24 10:23:31,949: INFO - Creating new order... 2021-04-24 10:23:34,599: INFO - Order created! 2021-04-24 10:23:37,209: INFO - Verifying homeassistant.domain2.tld... 2021-04-24 10:23:37,461: ERROR - Wrote file to /tmp/acme-challenge-public/eVtpKzhWIpTVJ33_qQH23fvUbukMB_N7flhtdB-utBA, but couldn't download http://homeassistant.domain2.tld/.well-known/acme-challenge/eVtpKzhWIpTVJ33_qQH23fvUbukMB_N7flhtdB-utBA: Error: Url: http://homeassistant.domain2.tld/.well-known/acme-challenge/eVtpKzhWIpTVJ33_qQH23fvUbukMB_N7flhtdB-utBA Data: None Response Code: None Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)> 2021-04-24 10:23:37,464: ERROR - Certificate installation for homeassistant.domain2.tld failed ! Exception: Could not sign the new certificate
For some reason the folder is only accessible on the main domain:
root@pi4:/home/admin# echo "hello world!" >> /tmp/acme-challenge-public/hello root@pi4:/home/admin# curl pi4.navan.dev/.well-known/acme-challenge/hello hello world! root@pi4:/home/admin# curl homeassistant.navan.dev/.well-known/acme-challenge/hello
root@pi4:/home/admin# curl -v pi4.navan.dev/.well-known/acme-challenge/hello * Expire in 0 ms for 6 (transfer 0x13778b0) ... * Expire in 1 ms for 1 (transfer 0x13778b0) * Trying 127.0.0.1... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x13778b0) * Connected to pi4.navan.dev (127.0.0.1) port 80 (#0) > GET /.well-known/acme-challenge/hello HTTP/1.1 > Host: pi4.navan.dev > User-Agent: curl/7.64.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Sat, 24 Apr 2021 10:33:34 GMT < Content-Type: text/plain < Content-Length: 13 < Last-Modified: Sat, 24 Apr 2021 10:31:09 GMT < Connection: keep-alive < X-SSO-WAT: You've just been SSOed < ETag: "6083f36d-d" < Accept-Ranges: bytes < hello world! * Connection #0 to host pi4.navan.dev left intact root@pi4:/home/admin# curl -v homeassistant.navan.dev/.well-known/acme-challenge/hello * Expire in 0 ms for 6 (transfer 0x176a8b0) ... * Expire in 50 ms for 1 (transfer 0x176a8b0) * Trying 18.104.22.168... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x176a8b0) * Connected to homeassistant.navan.dev (22.214.171.124) port 80 (#0) > GET /.well-known/acme-challenge/hello HTTP/1.1 > Host: homeassistant.navan.dev > User-Agent: curl/7.64.0 > Accept: */* > < HTTP/1.1 307 < LOCATION: https://homeassistant.navan.dev/.well-known/acme-challenge/hello < X-Download-Options: noopen < X-Frame-Options: SAMEORIGIN < X-XSS-Protection: 1; mode=block < Content-Length: 0 < * Connection #0 to host homeassistant.navan.dev left intact root@pi4:/home/admin#
At this point, I tried pinging the domains and found that pi4 is redirected to 127.0.0.1 whereas all the other are being redirected to the global IP. A quick fix was adding all the domains to
/etc/hosts (pi4 was already there).
Is this patch of adding individually to the domain list needed or is there something else wrong?