Certificate renewing attempt failed

bionick · July 18, 2023, 4:39pm

My YunoHost server

Hardware: Raspberry Pi4 at home …
YunoHost version: 11.1.22
I have access to my server : Through SSH and through the webadmin …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: I’ve rent a VPS and used WireGuard to route traffic to my server at home as explained here

Description of my issue

Hello,
I got a message from certmanager@mydomain.tld and from cron complaining that an attempt for renewing the certificate for my domain failed.
Here follows the log. How can I fix it?
Thanks for helping

args:
  email: true
  force: false
  no_checks: false
ended_at: 2023-07-18 05:25:18.911084
error: Certificate renewing for maindomain.tld failed!
interface: cli
operation: letsencrypt_cert_renew
parent: null
related_to:
- - domain
  - maindomain.tld
started_at: 2023-07-18 05:25:02.634309
success: false
yunohost_version: 11.1.22

============

2023-07-18 06:25:02,650: DEBUG - Making sure tmp folders exists...
2023-07-18 06:25:02,670: DEBUG - Fetching IP from https://ip.yunohost.org 
2023-07-18 06:25:03,251: DEBUG - IP fetched: xx.xx.xx.xx
2023-07-18 06:25:03,266: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
2023-07-18 06:25:03,266: DEBUG - IP fetched: None
2023-07-18 06:25:03,268: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2023-07-18 06:25:05,013: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/maindomain.tld.csr.
2023-07-18 06:25:05,014: DEBUG - Now using ACME Tiny to sign the certificate...
2023-07-18 06:25:05,014: INFO - Parsing account key...
2023-07-18 06:25:05,033: INFO - Parsing CSR...
2023-07-18 06:25:05,052: INFO - Found domains: maindomain.tld, xmpp-upload.maindomain.tld, muc.maindomain.tld
2023-07-18 06:25:05,053: INFO - Getting directory...
2023-07-18 06:25:05,885: INFO - Directory found!
2023-07-18 06:25:05,885: INFO - Registering account...
2023-07-18 06:25:07,322: INFO - Already registered!
2023-07-18 06:25:07,322: INFO - Creating new order...
2023-07-18 06:25:09,069: INFO - Order created!
2023-07-18 06:25:10,691: INFO - Verifying maindomain.tld...
2023-07-18 06:25:17,173: INFO - maindomain.tld verified!
2023-07-18 06:25:18,706: INFO - Verifying muc.maindomain.tld...
2023-07-18 06:25:18,904: ERROR - Wrote file to /var/www/.well-known/acme-challenge-public/tK6LX1sUmuZ2XS2xVEWaR_bsxCN92lJVSJiJU_BQ9Gg, but couldn't download http://muc.maindomain.tld/.well-known/acme-challenge/tK6LX1sUmuZ2XS2xVEWaR_bsxCN92lJVSJiJU_BQ9Gg: Error:
Url: http://muc.maindomain.tld/.well-known/acme-challenge/tK6LX1sUmuZ2XS2xVEWaR_bsxCN92lJVSJiJU_BQ9Gg
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>
2023-07-18 06:25:18,910: ERROR - Certificate renewing for maindomain.tld failed!

Aleks · July 19, 2023, 12:55am

Hmpf usually disabling XMPP for that domain fixes the issue x_x

bionick · July 19, 2023, 12:08pm

But having my personal XMPP server is the main reason why I’ve installed Yunohost!

Aleks · July 19, 2023, 12:28pm

In that case can you confirm that your (sub)domain muc.domain.tld is indeed correctly pointing to your server

bionick · July 19, 2023, 12:44pm

Could you tell me how to perform the check please? I can say that I’m using xmpp clients connected to my Yunohost server and that currently they work fine.

Edit: I’m using a nohost.me domain, so everything should be automagically configured properly

Edit2: I’ve connected my Yunohost server to a VPS with Wireguard (following a tutorial I’ve found here on the forum), it looks like I’m on the situation described here: YunoHost constantly fails to renew MUC subdomain · Issue #2175 · YunoHost/issues · GitHub (I apologize for not having highlighted that before, I didn’t think it was relevant)

rungeard · July 19, 2023, 1:39pm

Try to add

::1    muc.maindomain.tld

to the hosts file of your YH server before trying to renew the certificate

bionick · July 19, 2023, 2:02pm

Thanks. Following @rungeard (and @Aleks here) suggestions I’ve added

::1         muc.maindomain.tld
127.0.0.1   muc.maindomain.tld
127.0.0.1   xmpp-upload.maindomain.tld

then run

yunohost domain cert-renew

(not sure it’s the right command, since i got the following: "Warning: 'yunohost domain cert-renew' is deprecated and will be removed in the future")

the final output is:

Success! Let's Encrypt certificate renewed for the domain 'maindomain.tld'

So I’d say I’ve solved my issue right?
Thanks everyone

system · August 18, 2023, 2:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.