Certificate renewing attempt failed

My YunoHost server

Hardware: Raspberry Pi4 at home …
YunoHost version: 11.1.22
I have access to my server : Through SSH and through the webadmin …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: I’ve rent a VPS and used WireGuard to route traffic to my server at home as explained here

Description of my issue

I got a message from certmanager@mydomain.tld and from cron complaining that an attempt for renewing the certificate for my domain failed.
Here follows the log. How can I fix it?
Thanks for helping

  email: true
  force: false
  no_checks: false
ended_at: 2023-07-18 05:25:18.911084
error: Certificate renewing for maindomain.tld failed!
interface: cli
operation: letsencrypt_cert_renew
parent: null
- - domain
  - maindomain.tld
started_at: 2023-07-18 05:25:02.634309
success: false
yunohost_version: 11.1.22


2023-07-18 06:25:02,650: DEBUG - Making sure tmp folders exists...
2023-07-18 06:25:02,670: DEBUG - Fetching IP from https://ip.yunohost.org 
2023-07-18 06:25:03,251: DEBUG - IP fetched: xx.xx.xx.xx
2023-07-18 06:25:03,266: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
2023-07-18 06:25:03,266: DEBUG - IP fetched: None
2023-07-18 06:25:03,268: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2023-07-18 06:25:05,013: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/maindomain.tld.csr.
2023-07-18 06:25:05,014: DEBUG - Now using ACME Tiny to sign the certificate...
2023-07-18 06:25:05,014: INFO - Parsing account key...
2023-07-18 06:25:05,033: INFO - Parsing CSR...
2023-07-18 06:25:05,052: INFO - Found domains: maindomain.tld, xmpp-upload.maindomain.tld, muc.maindomain.tld
2023-07-18 06:25:05,053: INFO - Getting directory...
2023-07-18 06:25:05,885: INFO - Directory found!
2023-07-18 06:25:05,885: INFO - Registering account...
2023-07-18 06:25:07,322: INFO - Already registered!
2023-07-18 06:25:07,322: INFO - Creating new order...
2023-07-18 06:25:09,069: INFO - Order created!
2023-07-18 06:25:10,691: INFO - Verifying maindomain.tld...
2023-07-18 06:25:17,173: INFO - maindomain.tld verified!
2023-07-18 06:25:18,706: INFO - Verifying muc.maindomain.tld...
2023-07-18 06:25:18,904: ERROR - Wrote file to /var/www/.well-known/acme-challenge-public/tK6LX1sUmuZ2XS2xVEWaR_bsxCN92lJVSJiJU_BQ9Gg, but couldn't download http://muc.maindomain.tld/.well-known/acme-challenge/tK6LX1sUmuZ2XS2xVEWaR_bsxCN92lJVSJiJU_BQ9Gg: Error:
Url: http://muc.maindomain.tld/.well-known/acme-challenge/tK6LX1sUmuZ2XS2xVEWaR_bsxCN92lJVSJiJU_BQ9Gg
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>
2023-07-18 06:25:18,910: ERROR - Certificate renewing for maindomain.tld failed!

Hmpf usually disabling XMPP for that domain fixes the issue x_x

But having my personal XMPP server is the main reason why I’ve installed Yunohost!

In that case can you confirm that your (sub)domain muc.domain.tld is indeed correctly pointing to your server

Could you tell me how to perform the check please? I can say that I’m using xmpp clients connected to my Yunohost server and that currently they work fine.

Edit: I’m using a nohost.me domain, so everything should be automagically configured properly

Edit2: I’ve connected my Yunohost server to a VPS with Wireguard (following a tutorial I’ve found here on the forum), it looks like I’m on the situation described here: YunoHost constantly fails to renew MUC subdomain · Issue #2175 · YunoHost/issues · GitHub (I apologize for not having highlighted that before, I didn’t think it was relevant)

Try to add

::1    muc.maindomain.tld

to the hosts file of your YH server before trying to renew the certificate

Thanks. Following @rungeard (and @Aleks here) suggestions I’ve added

::1         muc.maindomain.tld   muc.maindomain.tld   xmpp-upload.maindomain.tld

then run

yunohost domain cert-renew

(not sure it’s the right command, since i got the following: "Warning: 'yunohost domain cert-renew' is deprecated and will be removed in the future")

the final output is:

Success! Let's Encrypt certificate renewed for the domain 'maindomain.tld'

So I’d say I’ve solved my issue right?
Thanks everyone

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.