Can't create Let's Encrypt cert because xmpp-upload fails

Pfhortune · June 8, 2020, 7:51am

My YunoHost server

Hardware: Intel NUC
YunoHost version: 3.8.4.8 (Installed via 3.6 ISO)
I have access to my server : Webadmin + SSH + Direct
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: Had to tweak the /etc/network/interfaces to point at my local DNS, because my ISP Router doesn’t support hairpinning

Description of my issue

Hello! I installed a fresh copy of Yunohost today on my Intel NUC. I’m running into issues installing a Let’s Encrypt certificate. I am using one of the provided noho.st subdomains. The main subdomain now works fine during the Let’s Encrypt process, but the xmpp-upload portion fails.

I did have to add a custom DNS record so that I could connect to my box from within my network, and also had to tweak the /etc/network/interfaces to point at my local DNS server (pi-hole on a different box).

I tried with and without a custom DNS record for the xmpp-upload subdomain.

I am at a loss as to what the issue could be. I don’t actually need xmpp at all. I don’t plan on using it. So if I can just add Let’s Encrypt to the main subdomain, that would be fine, if there’s a way.

Any help is appreciated!

Here’s my yunopaste log:

args:
  force: false
  no_checks: false
  staging: false
ended_at: 2020-06-08 07:30:22.940216
error: 'Certificate installation for maindomain.tld failed !

  Exception: Could not sign the new certificate'
operation: letsencrypt_cert_install
related_to:
- - domain
  - maindomain.tld
started_at: 2020-06-08 07:28:09.610468
success: false

============

2020-06-08 00:28:09,618: DEBUG - Making sure tmp folders exists...
2020-06-08 00:28:09,623: DEBUG - Reusing IPv4 from cache: xx.xx.xx.xx
2020-06-08 00:28:09,623: DEBUG - Reusing IPv6 from cache: None
2020-06-08 00:28:09,625: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2020-06-08 00:28:10,090: DEBUG - Saving to /tmp/acme-challenge-private/maindomain.tld.csr.
2020-06-08 00:28:10,091: DEBUG - Now using ACME Tiny to sign the certificate...
2020-06-08 00:28:10,091: INFO - Parsing account key...
2020-06-08 00:28:10,100: INFO - Parsing CSR...
2020-06-08 00:28:10,108: INFO - Found domains: xmpp-upload.maindomain.tld, maindomain.tld
2020-06-08 00:28:10,108: INFO - Getting directory...
2020-06-08 00:28:10,430: INFO - Directory found!
2020-06-08 00:28:10,432: INFO - Registering account...
2020-06-08 00:28:10,857: INFO - Already registered!
2020-06-08 00:28:10,860: INFO - Creating new order...
2020-06-08 00:28:11,265: INFO - Order created!
2020-06-08 00:28:11,458: INFO - Verifying maindomain.tld...
2020-06-08 00:28:12,063: INFO - maindomain.tld verified!
2020-06-08 00:28:12,255: INFO - Verifying xmpp-upload.maindomain.tld...
2020-06-08 00:30:22,936: ERROR - Wrote file to /tmp/acme-challenge-public/<random characters>, but couldn't download http://xmpp-upload.maindomain.tld/.well-known/acme-challenge/<random characters>: Error:
Url: http://xmpp-upload.maindomain.tld/.well-known/acme-challenge/<random characters>
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
2020-06-08 00:30:22,938: ERROR - Certificate installation for maindomain.tld failed !
Exception: Could not sign the new certificate

Aleks · June 8, 2020, 12:16pm

Hmf… if I understand correctly what’s happening, I would try to add a line with

127.0.01   xmpp-upload.yourdomain.tld

in your /etc/hosts on your server (assuming you know how to use nano etc…)

Should try to fix this directly in yunohost though

Pfhortune · June 9, 2020, 8:02am

I didn’t even think of using /etc/hosts! That’s exactly what I needed. Thank you!

system · June 24, 2020, 8:02am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.