Certificate renewing attempt for mydomain failed!

indibart · July 22, 2020, 8:56pm

My YunoHost server

Hardware: Old laptop
YunoHost version: 3.8.4.9 (stable)
I have access to my server : Through SSH and through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi all!

At the beginning of this month I started to get some error messages about the certificate not being able to renew: https://paste.yunohost.org/sadahowabe.http. The diagnosis module is showing that:

Ports exposure
 Port 80 is not reachable from outside in IPv6. 
 Port 443 is not reachable from outside in IPv6. 

Web
 Domain razupaltuf.nohost.me appears unreachable through HTTP from outside the local network in IPv6, though it works in IPv4.

As far as I understand it’s about not being able to connect to the server via HTTP over IPv6.

I have opened ports 80 and 443 for IPv4 and IPv6 on my router.

The yunohost firewall also says that they are open:

sudo yunohost firewall list -r
ipv4: 
  TCP: 
    - 22
    - 80
    - 443
    - 587
    - 993
    - 5222
    - 5269
    - 25
  UDP: 25
ipv6: 
  TCP: 
    - 22
    - 80
    - 443
    - 587
    - 993
    - 5222
    - 5269
    - 25
  UDP: 25
uPnP: 
  TCP: 80
  UDP: 
  enabled: False

I don’t know what I’m doing wrong. Did I forget something?

Aleks · July 23, 2020, 12:06am

Eh are these warnings/errors the only one you get about IPv6 ? (Nothing in the Internet connectivity section or DNS records section ?)

indibart · July 23, 2020, 7:20am

In the diagnosis tool I only get some other port errors for IPv6 not being open. But that makes sense as I didn’t open them on my router. Then there are some email errors. Besides that everything looks good.

Ports exposure
 Port 22 is not reachable from outside in IPv6.
 Port 25 is not reachable from outside in IPv6.
 Port 80 is not reachable from outside in IPv6.
 Port 443 is not reachable from outside in IPv6.
 Port 587 is not reachable from outside in IPv6.
 Port 993 is not reachable from outside in IPv6.
 Port 5222 is not reachable from outside in IPv6.
 Port 5269 is not reachable from outside in IPv6.

Email
 The SMTP mail server is able to send emails (outgoing port 25 is not blocked).
 The SMTP mail server is unreachable from the outside on IPv6. It won't be able to receive emails.
 The reverse DNS is not correctly configured in IPv4. Some emails may fail to get delivered or may get flagged as spam.
 No reverse DNS is defined in IPv6. Some emails may fail to get delivered or may get flagged as spam.
 Your IP or domain my.ip.v4.xx is blacklisted on SPFBL.net RBL
 0 pending emails in the mail queues

Internet connectivity
 Domain name resolution is working!
 The server is connected to the Internet through IPv4 ! 
 The server is connected to the Internet through IPv6 !

DNS records
 DNS records are correctly configured for domain my.domain (category basic)
 DNS records are correctly configured for domain my.domain (category mail)
 DNS records are correctly configured for domain my.domain (category xmpp)
 DNS records are correctly configured for domain my.domain (category extra)

Aleks · July 23, 2020, 10:49am

Then from there it just looks like your ports are not properly forwarded in IPv6 and/or there’s a firewall blocking them …

system · August 7, 2020, 10:57am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.