Can't sign first certificate

Trying to configure my Yunohost on a Raspberry, got several things on the network, but it doesn’t seem to be able to create the files necessary to Let’s Encrypt as it returns a 404 in the logs, anyone could help?

**Info:** Now attempting install of certificate for domain barach.at!

**Info:** Parsing account key...

**Info:** Parsing CSR...

**Info:** Found domains: xmpp-upload.barach.at, barach.at

**Info:** Getting directory...

**Info:** Directory found!

**Info:** Registering account...

**Info:** Already registered!

**Info:** Creating new order...

**Info:** Order created!

**Info:** Verifying barach.at...

**Error:** Challenge did not pass for barach.at: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://barach.at/.well-known/acme-challenge/eg29qwVDuE6eYiqSTLPyKMjiMWTvAKUrvGwfeMIsyxo', u'hostname': u'barach.at', u'addressUsed': u'213.245.169.79', u'port': u'80', u'addressesResolved': [u'213.245.169.79']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/173874136267/ryKvsQ', u'token': u'eg29qwVDuE6eYiqSTLPyKMjiMWTvAKUrvGwfeMIsyxo', u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'213.245.169.79: Invalid response from http://barach.at/.well-known/acme-challenge/eg29qwVDuE6eYiqSTLPyKMjiMWTvAKUrvGwfeMIsyxo: 404'}, u'validated': u'2022-11-08T16:36:08Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'barach.at'}, u'expires': u'2022-11-15T16:31:19Z'}

**Error:** Certificate installation for barach.at failed !

Exception: Could not sign the new certificate

**Info:** The operation 'Install a Let's Encrypt certificate on 'barach.at' domain' could not be completed. Please share the full log of this operation using the command 'yunohost log display 20221108-163552-letsencrypt_cert_install-barach.at --share' to get help

**Error:** Please consider checking the 'DNS records' (basic) and 'Web' categories of the diagnosis to check for possible issues that may prevent installing a Let's Encrypt certificate on domain barach.at.

Seems my Synology reverse proxy is bothering Let’s Encrypt in a way or the other, but I don’t get why as it forwards the ports 80 & 443 from this domain to the Raspberry : https://paste.yunohost.org/raw/akoboropaq

Sounds like your reverse proxy maybe forwards domain.tld, but not xmpp-upload.domain.tld ?

2 Likes

Seems like even redirecting 80 & 443 through the Synology was blocked I don’t know why :slight_smile: I solved it by temporary redirecting them to the Pi hosting Yunohost, then switched back, everything works fine!

1 Like