Certificate renewing attempt for my.domain failed

,

Hello,

Te certificate renewing failed with the following error.

Info: Now attempting renewing of certificate for domain.tld !
Info: Parsing account key...
Error: OpenSSL Error: Can't open /etc/yunohost/letsencrypt_account.pem for reading, No such file or directory
1991860224:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('/etc/yunohost/letsencrypt_account.pem','r')
1991860224:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
unable to load Private Key

Error: Certificate renewing for domain.tld failed !
Info: The operation 'Renew 'domain.tld' Let's encrypt certificate' has failed! To get help, please share the full log of this operation using the command 'yunohost log display 20190324-080837-letsencrypt_cert_renew-domain.tld --share'
Error: Traceback (most recent call last):
  File "/usr/lib/moulinette/yunohost/certificate.py", line 383, in certificate_renew
    _fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
  File "/usr/lib/moulinette/yunohost/certificate.py", line 581, in _fetch_and_enable_new_certificate
    raise YunohostError('certmanager_cert_signing_failed')
YunohostError: Signing the new certificate failed

Error: Signing the new certificate failed

Do you know why this file is missing and how I can restore/generate it ?

Hmm, do you happen to have backup and restored your system on another machine ? (Now that I think about it, we probably don’t backup/restore this file)

Anyway, maybe you can try something like

yunohost domain cert-install yourdomain.tld --force

(or maybe we’ll have to go back to a self-signed certificate before doing that if it doesnt work)

First, thanks for your help.

Yes the system has been restored from a backup (on the same machine). But before restoring the backup, some file might have been lost on the disk (not on the backup).

I’m pretty sure I have already tried the domain command line. I’ll try again tonight when I have access to the server.

If it doesn’t work, you suggest I switch to a self-signed certificate, and the back to a regular certificate ? Is that your point ?

Yes

So something like :

# Back to a self-signed certificate
yunohost domain cert-install yourdomain.tld --self-signed --force
# Now reinstall a Lets Encrypt cert
yunohost domain cert-install yourdomain.tld

It works with this command :smiley: Thanks @Aleks ! The certificate was renewed before expiration date.

yunohost domain cert-install yourdomain.tld --force

1 Like

I have an error on one domain only (other ones, Let’s Encrypt install work !) :

Info : Verifying domain.ltd
Erreur : Wrote file to /tmp/acme-challenge-public/pYyMAV2GKqUz_120mAUoiXPPbZYd2EOM0S9GB-DLP38, but couldn't download http://domain.ltd/.well-known/acme-challenge/pYyMAV2GKqUz_120mAUoiXPPbZYd2EOM0S9GB-DLP38: 
Attention : Debug information:
 - domain ip from DNS        xx.yy.zz.aa
 - domain ip from local DNS  xx.yy.zz.aa
 - public ip of the server   xx.yy.zz.aa

Attention : Debug information:
 - domain ip from DNS       xx.yy.zz.aa
 - domain ip from local DNS  xx.yy.zz.aa
 - public ip of the server   xx.yy.zz.aa

Erreur : Certificate installation for domain.ltd failed !
Exception: La signature du nouveau certificat a échoué

I don’t know what to do…

I had the same trouble when migrating last week. Is there a ticket we can open or follow, regarding letsencrypt_account.pem ?