Certificate problem

djsets · August 22, 2019, 5:58pm

Maybe any know how to fix it?

root@tube ~ # sudo yunohost domain cert-install --no-checks
Info: Now attempting install of certificate for domain YOURmama.nohost.me!
Success! The SSOwat configuration has been generated
Success! The configuration has been updated for category ‘dnsmasq’
Info: Parsing account key…
Info: Parsing CSR…
Info: Found domains: YOUR.nohost.me
Info: Getting directory…
Info: Directory found!
Info: Registering account…
Info: Already registered!
Info: Creating new order…
Info: Order created!
Info: Verifying YOUR.nohost.me…
Error: Challenge did not pass for YOURmama.nohost.me: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/challenge/eoash87wQ3dvhi6VQi0fNr0g5_m7kZLX2nskGtkyNbo/19877715453’, u’token’: u’5T1LLtAfOLF1lp4zPFrMQWskSJRhZRrmuGowTtTKYnk’, u’type’: u’dns-01’}, {u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://YOURmama.nohost.me/.well-known/acme-challenge/H4i_JiQbtQBsg1yT1oFGhXB1cSKq_8zAJxyA3tipCyg’, u’hostname’: u’YOURmama.nohost.me’, u’addressUsed’: u’2001:41d0:800:557::’, u’port’: u’80’, u’addressesResolved’: [u’145.239.255.XX’, u’2001:41d0:800:557::’]}], u’url’: u’https://acme-v02.api.letsencrypt.org/acme/challenge/eoash87wQ3dvhi6VQi0fNr0g5_m7kZLX2nskGtkyNbo/19877715454’, u’token’: u’H4i_JiQbtQBsg1yT1oFGhXB1cSKq_8zAJxyA3tipCyg’, u’error’: {u’status’: 403, u’type’: u’urn:ietf:params:acme:error:unauthorized’, u’detail’: u’Invalid response from http://YOUR.nohost.me/.well-known/acme-challenge/H4i_JiQbtQBsg1yT1oFGhXB1cSKq_8zAJxyA3tipCyg [2001:41d0:800:557::]: “\n\n404 Not Found\n\n

Not Found

\n<p”’}, u’type’: u’http-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/challenge/eoash87wQ3dvhi6VQi0fNr0g5_m7kZLX2nskGtkyNbo/19877715455’, u’token’: u’82DkHiSYSmhOGZQb40tr2BPmOF6aSo-QbCUgmeOGfIg’, u’type’: u’tls-alpn-01’}], u’identifier’: {u’type’: u’dns’, u’value’: u’YOUR.nohost.me’}, u’expires’: u’2019-08-29T17:41:29Z’}
Warning: Debug information:

domain ip from DNS 145.239.255.XX
domain ip from local DNS 95.216.112.XXX
public ip of the server 95.216.112.XXX

Warning: Debug information:

domain ip from DNS 145.239.255.XX
domain ip from local DNS 95.216.112.XXX
public ip of the server 95.216.112.XXX

Error: Certificate installation for YOUR.nohost.me failed !
Exception: Signing the new certificate failed
Info: The operation ‘Install Let’s encrypt certificate on ‘YOURmama.nohost.me’ domain’ has failed! To get help, please share the full log of this operation using the command ‘yunohost log display 20190822-174118-letsencrypt_cert_install-YOURmama.nohost.me --share’

anonyme18 · August 22, 2019, 6:41pm

Bonjour,

domain ip from DNS 145.239.255.XX
domain ip from local DNS 95.216.112.XXX
public ip of the server 95.216.112.XXX

C’est ta configuration DNS qui est fautive, reste à savoir pourquoi !

djsets · August 22, 2019, 6:42pm

how to do that?

anonyme18 · August 22, 2019, 6:43pm

Public IP # from DNS

djsets · August 22, 2019, 6:48pm

Im little bit noob of that so that certi… from yunohost I didt use like cloudflare or somethink like that can you give me short instruction where I have to go? ant what to change cheers

yunohost domain dns-conf https://YOUR.nohost.me
Info: This command shows you what is the recommended configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.
; Basic ipv4/ipv6 records
@ 3600 IN A 95.216.112.xxx

3600 IN A 95.216.112.xxx
@ 3600 IN AAAA 2a01:4f9:2b:16ee::2
3600 IN AAAA 2a01:4f9:2b:16ee::2

; XMPP
_xmpp-client._tcp 3600 IN SRV 0 5 5222 https://YOUR.nohost.me.
_xmpp-server._tcp 3600 IN SRV 0 5 5269 https://YOUR.nohost.me.
muc 3600 IN CNAME @
pubsub 3600 IN CNAME @
vjud 3600 IN CNAME @

; Mail
@ 3600 IN MX 10 https://YOUR.nohost.me.
@ 3600 IN TXT “v=spf1 a mx ip4:95.216.112.xxx ip6:2a01:4f9:2b:16ee::2 -all”

; Extra
@ 3600 IN CAA 128 issue “letsencrypt.org”

anonyme18 · August 22, 2019, 6:59pm

Ton enregistrement DNS est différent de l’adresse IP publique de ton installation. Pour que tu puisses installer un certificat il faut que ton enregistrement DNS corresponde à ton IP.
Pourquoi ce n’est pas le cas : mauvais enregistrement, changement IP publique du serveur, IP dynamique, temps de propagation de l’enregistrement DNS.
Il existe plusieurs cas.
De plus pourquoi apparaissent 2 domaines différents YOUR.nohost.me et YOURmama.nohost.me. Là je ne comprends plus…

system · September 6, 2019, 7:01pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.