Certificate for my.domain is empty/not found

srohde · March 28, 2025, 9:17pm

What type of hardware are you using: Old laptop or computer
What YunoHost version are you running: 12.0.12
How are you able to access your server: SSH
Direct access via physical keyboard/screen

Describe your issue

Hello all
I realised I had an issue with my domain certificate, after not being able to access my server, and running diagnosis run showed that the ports were the issue, and looking at the output of the diagnosis showed the issue came from the certificates. Running yunohost domain cert renew brought up the following error: Something wrong happened when trying to open current certificate for domain my-domain.noho.st (file: /etc/yunohost/certs/domain.noho.st/crt.pem), reason: [('PEM routines', '', 'no start line')]. I then tried to run cat on the mentioned file and saw the file was empty. After looking around, I bumped into this topic on the forum, and decided to try to remove the above mentioned crt.pem file, then run yunohost tools regen-conf ssl. This did not help unfortunately and now I get the following error: Could not read the certificate file for the domain....
Does anyone have an idea what can I do, or try to do, to get out of this mess? I’d truly appreciate any help

Share relevant logs or error messages

Original diagnosis error:

Diagnosis failed for category ‘dnsrecords’:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 642, in _get_status
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(cert_file).read())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 2022, in load_certificate
_raise_current_error()
File “/usr/lib/python3/dist-packages/OpenSSL/_util.py”, line 57, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.crypto.Error: [(‘PEM routines’, ‘’, ‘no start line’)]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/diagnosis.py”, line 185, in diagnosis_run
code, report = diagnoser.diagnose(force=force)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/diagnosis.py”, line 433, in diagnose
items = list(self.run())
^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/diagnosers/12-dnsrecords.py”, line 59, in run
for report in self.check_domain(
File “/usr/lib/python3/dist-packages/yunohost/diagnosers/12-dnsrecords.py”, line 92, in check_domain
expected_configuration = _build_dns_conf(
^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/dns.py”, line 151, in _build_dns_conf
domains_settings = {
^
File “/usr/lib/python3/dist-packages/yunohost/dns.py”, line 152, in
domain: domain_config_get(domain, export=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/domain.py”, line 698, in domain_config_get
return config.get(key, mode)
^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py”, line 478, in get
self.config, self.form = self._get_config_panel(prevalidate=False)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py”, line 804, in _get_config_panel
raw_config = self._get_partial_raw_config()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py”, line 729, in _get_partial_raw_config
raw_config = self._get_raw_config()
^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/domain.py”, line 753, in _get_raw_config
status = certificate_status([self.entity], full=True)[“certificates”][
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 90, in certificate_status
status = _get_status(domain)
^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 647, in _get_status
raise YunohostError(
yunohost.utils.error.YunohostError: Something wrong happened when trying to open current certificate for domain my-domain.noho.st (file: /etc/yunohost/certs/my-domain.noho.st/crt.pem), reason: [(‘PEM routines’, ‘’, ‘no start line’)]

srohde · March 29, 2025, 5:29pm

Ok, so I’m really happy to report back to tell you all that I got this fixed!!
Turns out the answer was there all along in the yunohost certificates documentation.
Reading throuhg it, I understood al I had to do was to run yunohost domain cert install your.domain.tld --self-signed --force as the docs say, followed by yunohost domain cert install your.domain.tld and that sorted out the cert issue I had. I also removed all the files under the /etc/yunohost/certs/my-domain.noho.st dir before running these commands (but I don’t know how important that was).
Eventually, I also had a couple of services to start (mainly nginx) et voila!

Hopefully this will help someone in the future. I know it will help me as a reminder to always go back to read the docs

Thanks a lot for this amazing community and for the great docs you have produced