Mon serveur YunoHost
Matériel: Olinuxino LIME 1
Version de YunoHost: 3.5.2.2
J’ai accès à mon serveur : Total
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non
Description du problème
Hello,
Je reçois régulièrement des mails deq mon serveur me disant qu’il ne parvient pas à renouveler le certificat à cause d’une erreur que je ne comprends pas. Voici le contenu:
An attempt for renewing the certificate for domain stemy.me failed with the following
error :
La signature du nouveau certificat a échoué
Traceback (most recent call last):
File "/usr/lib/moulinette/yunohost/certificate.py", line 383, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
File "/usr/lib/moulinette/yunohost/certificate.py", line 576, in _fetch_and_enable_new_certificate
raise YunohostError('certmanager_cert_signing_failed')
YunohostError: La signature du nouveau certificat a échoué
Here's the tail of /var/log/yunohost/yunohost-cli.log, which might help to
investigate :
2019-05-24 06:25:29,073 DEBUG moulinette.actionsmap __init__ - extra parameter classes loaded: ['comment', 'ask', 'password', 'required', 'pattern']
2019-05-24 06:25:29,074 DEBUG moulinette.interface __init__ - initializing base actions map parser for cli
2019-05-24 06:25:29,085 DEBUG moulinette.interface __init__ - registering new callback action 'yunohost.utils.packages.ynh_packages_version' to ['-v', '--version']
2019-05-24 06:25:29,976 DEBUG moulinette.authenticator.ldap __init__ - initialize authenticator 'ldap-anonymous' with: uri='ldap://localhost:389', base_dn='dc=yunohost,dc=org', user_rdn='None'
2019-05-24 06:25:30,018 DEBUG moulinette.core acquire - lock has been acquired
2019-05-24 06:25:30,645 DEBUG moulinette.actionsmap process - loading python module yunohost.domain took 0.626s
2019-05-24 06:25:30,646 INFO moulinette.actionsmap process - processing action [24852.1]: yunohost.domain.cert-renew with args={'no_checks': False, 'force': False, 'domain_list': [], 'auth': <moulinette.authenticators.ldap.Authenticator object at 0xb6566a50>, 'staging': False, 'email': True}
2019-05-24 06:25:33,541 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTPS connection (1): ip.yunohost.org
2019-05-24 06:25:33,908 DEBUG requests.packages.urllib3.connectionpool _make_request - https://ip.yunohost.org:443 "GET / HTTP/1.1" 200 13
2019-05-24 06:25:34,004 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTP connection (1): 80.67.181.213
2019-05-24 06:25:34,023 DEBUG requests.packages.urllib3.connectionpool _make_request - http://80.67.181.213:80 "HEAD / HTTP/1.1" 302 0
2019-05-24 06:25:34,038 INFO yunohost.certmanager certificate_renew - [24852.1] Now attempting renewing of certificate for domain stemy.me !
2019-05-24 06:25:34,053 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTPS connection (1): ip.yunohost.org
2019-05-24 06:25:34,384 DEBUG requests.packages.urllib3.connectionpool _make_request - https://ip.yunohost.org:443 "GET / HTTP/1.1" 200 13
2019-05-24 06:25:34,462 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTP connection (1): 80.67.181.213
2019-05-24 06:25:34,472 DEBUG requests.packages.urllib3.connectionpool _make_request - http://80.67.181.213:80 "HEAD / HTTP/1.1" 302 0
2019-05-24 06:25:34,534 DEBUG yunohost.certmanager _fetch_and_enable_new_certificate - [24852.1] Making sure tmp folders exists...
2019-05-24 06:25:34,578 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTPS connection (1): ip.yunohost.org
2019-05-24 06:25:34,890 DEBUG requests.packages.urllib3.connectionpool _make_request - https://ip.yunohost.org:443 "GET / HTTP/1.1" 200 13
2019-05-24 06:25:34,930 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTPS connection (1): ip6.yunohost.org
2019-05-24 06:26:04,995 DEBUG yunohost.utils.network get_public_ip - Could not get public IPv6 : URL https://ip6.yunohost.org invalide : ce site existe-t-il ?
2019-05-24 06:26:05,005 DEBUG yunohost.certmanager _fetch_and_enable_new_certificate - [24852.1] Prepare key and certificate signing request (CSR) for stemy.me...
2019-05-24 06:26:08,833 DEBUG yunohost.certmanager _prepare_certificate_signing_request - [24852.1] Saving to /tmp/acme-challenge-private/stemy.me.csr.
2019-05-24 06:26:08,837 DEBUG yunohost.certmanager _fetch_and_enable_new_certificate - [24852.1] Now using ACME Tiny to sign the certificate...
2019-05-24 06:26:08,839 INFO yunohost.certmanager get_crt - [24852.1] Parsing account key...
2019-05-24 06:26:08,920 INFO yunohost.certmanager get_crt - [24852.1] Parsing CSR...
2019-05-24 06:26:08,990 INFO yunohost.certmanager get_crt - [24852.1] Registering account...
2019-05-24 06:39:27,947 ERROR yunohost.certmanager _fetch_and_enable_new_certificate - [24852.1] Error registering: 400 {
"type": "urn:acme:error:badNonce",
"detail": "JWS has invalid anti-replay nonce kkUg0MmIZ_AVCowuBS6HXKSXHAl7FJEkfEZLAZ6oA0U",
"status": 400
}
2019-05-24 06:39:28,047 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTPS connection (1): ip.yunohost.org
2019-05-24 06:39:28,391 DEBUG requests.packages.urllib3.connectionpool _make_request - https://ip.yunohost.org:443 "GET / HTTP/1.1" 200 13
2019-05-24 06:39:28,419 WARNING yunohost.certmanager _display_debug_information - [24852.1] Debug information:
- domain ip from DNS 80.67.181.213
- domain ip from local DNS 127.0.0.1
- public ip of the server 80.67.181.213
2019-05-24 06:39:28,435 ERROR yunohost.certmanager certificate_renew - [24852.1] Certificate renewing for stemy.me failed !
2019-05-24 06:39:28,450 INFO yunohost.log close - [24852.1] L’opération 'Renouveler le certificat Let’s Encrypt de 'stemy.me'' a échouée ! Pour avoir de l’aide, merci de partager le journal historisé de cette opération en utilisant la commande 'yunohost log display 20190524-042534-letsencrypt_cert_renew-stemy.me --share'
2019-05-24 06:39:28,477 ERROR yunohost.certmanager certificate_renew - [24852.1] Traceback (most recent call last):
File "/usr/lib/moulinette/yunohost/certificate.py", line 383, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
File "/usr/lib/moulinette/yunohost/certificate.py", line 576, in _fetch_and_enable_new_certificate
raise YunohostError('certmanager_cert_signing_failed')
YunohostError: La signature du nouveau certificat a échoué
2019-05-24 06:39:28,478 ERROR yunohost.certmanager certificate_renew - [24852.1] La signature du nouveau certificat a échoué
2019-05-24 06:39:28,480 ERROR yunohost.certmanager certificate_renew - [24852.1] Sending email with details to root ...
-- Certificate Manager
Il est accompagné d’un deuxième mail qui contient ceci:
/etc/cron.daily/yunohost-certificate-renew:
Now attempting renewing of certificate for domain stemy.me !
Parsing account key...
Parsing CSR...
Registering account...
Error registering: 400 {
"type": "urn:acme:error:badNonce",
"detail": "JWS has invalid anti-replay nonce kkUg0MmIZ_AVCowuBS6HXKSXHAl7FJEkfEZLAZ6oA0U",
"status": 400
}
Debug information:
- domain ip from DNS 80.67.181.213
- domain ip from local DNS 127.0.0.1
- public ip of the server 80.67.181.213
Certificate renewing for stemy.me failed !
L’opération 'Renouveler le certificat Let’s Encrypt de 'stemy.me'' a échouée ! Pour avoir de l’aide, merci de partager le journal historisé de cette opération en utilisant la commande 'yunohost log display 20190524-042534-letsencrypt_cert_renew-stemy.me --share'
Traceback (most recent call last):
File "/usr/lib/moulinette/yunohost/certificate.py", line 383, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
File "/usr/lib/moulinette/yunohost/certificate.py", line 576, in _fetch_and_enable_new_certificate
raise YunohostError('certmanager_cert_signing_failed')
YunohostError: La signature du nouveau certificat a échoué
La signature du nouveau certificat a échoué
Sending email with details to root ...