Certificate renewing attempt for domain.org failed!

My YunoHost server

Hardware: Raspberry Pi4 at home
YunoHost version: 11.1.18
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I have this message from diagnosis mails from some days:



Here's the tail of /var/log/yunohost/yunohost-cli.log, which might help to
investigate :

2023-04-17 06:25:37,010 INFO     yunohost.certmanager (unknown function) - [23856.1] Directory found!
2023-04-17 06:25:37,011 INFO     yunohost.certmanager (unknown function) - [23856.1] Registering account...
2023-04-17 06:25:37,968 INFO     yunohost.certmanager (unknown function) - [23856.1] Already registered!
2023-04-17 06:25:37,969 INFO     yunohost.certmanager (unknown function) - [23856.1] Creating new order...
2023-04-17 06:25:39,123 INFO     yunohost.certmanager (unknown function) - [23856.1] Order created!
2023-04-17 06:25:40,188 INFO     yunohost.certmanager (unknown function) - [23856.1] Verifying domain.org...
2023-04-17 06:25:42,441 INFO     yunohost.certmanager (unknown function) - [23856.1] domain.org verified!
2023-04-17 06:25:43,534 INFO     yunohost.certmanager (unknown function) - [23856.1] Verifying muc.domain.org...
2023-04-17 06:25:44,845 ERROR    yunohost.certmanager (unknown function) - [23856.1] Wrote file to /tmp/acme-challenge-public/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg, but couldn't download http://muc.domain.org/.well-known/acme-challenge/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg: Error:
Url: http://muc.domain.org/.well-known/acme-challenge/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>
2023-04-17 06:25:44,955 ERROR    yunohost.certmanager (unknown function) - [23856.1] Certificate renewing for domain.org failed!
2023-04-17 06:25:44,956 INFO     yunohost.log (unknown function) - [23856.1] The operation 'Renew 'domain.org' Let's Encrypt certificate' could not be completed. Please share the full log of this operation using the command 'yunohost log share 20230417-042519-letsencrypt_cert_renew-domain.org' to get help
2023-04-17 06:25:44,975 ERROR    yunohost.certmanager (unknown function) - [23856.1] Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 214, in get_crt
    assert disable_check or _do_request(wellknown_url)[0] == keyauthorization
  File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 76, in _do_request
    raise ValueError(
ValueError: Error:
Url: http://muc.domain.org/.well-known/acme-challenge/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 502, in _fetch_and_enable_new_certificate
    signed_certificate = sign_certificate(
  File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 216, in get_crt
    raise ValueError(
ValueError: Wrote file to /tmp/acme-challenge-public/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg, but couldn't download http://muc.domain.org/.well-known/acme-challenge/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg: Error:
Url: http://muc.domain.org/.well-known/acme-challenge/LMSHtHeyG6JCDGqRhT7Pr9vm0A9bUr19dtSRTKVVHIg
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 390, in certificate_renew
    _fetch_and_enable_new_certificate(domain, no_checks=no_checks)
  File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 515, in _fetch_and_enable_new_certificate
    raise YunohostError("certmanager_cert_signing_failed")
yunohost.utils.error.YunohostError: Could not sign the new certificate

2023-04-17 06:25:44,976 ERROR    yunohost.certmanager (unknown function) - [23856.1] Could not sign the new certificate
2023-04-17 06:25:44,976 ERROR    yunohost.certmanager (unknown function) - [23856.1] Sending email with details to root ...

-- Certificate Manager


The diagnosis tool from cli gives all correct for the domain in xmpp section.

I managed to renew the certificate forcing with the --no-check option in the command line but I cannot understand what is happening and my fear is to lose the automation of the next renews.
Any help?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.