Certificate renewing failed and can't send email

brunov · July 8, 2020, 7:34am

My YunoHost server

Hardware: VM in a datacenter
YunoHost version: 3.8.4.8
I have access to my server: Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: no

Description of my issue

I have two issues:

there is an error when I try to renew my certificate;
the command cert-renew can’t send email.

I would like to fix at least the certificate renewing because my certificate is expired.

sudo yunohost domain cert-status mydomain.tld
certificates: 
  mydomain.tld: 
    CA_type: Let's Encrypt
    summary: CRITICAL
    validity: -4

When I try to renew, there is the error “Error: Certificate renewing for mydomain.tld failed !” without details.

sudo yunohost domain cert-renew mydomain.tld --debug --email
283  DEBUG loading actions map namespace 'yunohost'
321  DEBUG extra parameter classes loaded: ['comment', 'ask', 'password', 'required', 'pattern']
321  DEBUG initializing base actions map parser for cli
325  DEBUG registering new callback action 'yunohost.utils.packages.ynh_packages_version' to ['-v', '--version']
434  DEBUG acquiring lock...
455  DEBUG lock has been acquired
508  DEBUG loading python module yunohost.domain took 0.052s
509  INFO processing action [15905.1]: yunohost.domain.cert-renew with args={'no_checks': False, 'force': False, 'domain_list': ['mydomain.tld'], 'staging': False, 'email': True}
534  DEBUG initialize authenticator 'as-root' with: uri='ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', base_dn='dc=yunohost,dc=org', user_rdn='gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'
990  ERROR Certificate renewing for mydomain.tld failed !
990  ERROR Sending email with details to root ...
1165 DEBUG action [15905.1] executed in 0.655s
1166 DEBUG lock has been released
Traceback (most recent call last):
  File "/usr/bin/yunohost", line 218, in <module>
    timeout=opts.timeout,
  File "/usr/lib/python2.7/dist-packages/moulinette/__init__.py", line 150, in cli
    moulinette.run(args, output_as=output_as, password=password, timeout=timeout)
  File "/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py", line 469, in run
    ret = self.actionsmap.process(args, timeout=timeout)
  File "/usr/lib/python2.7/dist-packages/moulinette/actionsmap.py", line 588, in process
    return func(**arguments)
  File "/usr/lib/moulinette/yunohost/domain.py", line 345, in domain_cert_renew
    return yunohost.certificate.certificate_renew(domain_list, force, no_checks, email, staging)
  File "/usr/lib/moulinette/yunohost/certificate.py", line 377, in certificate_renew
    _email_renewing_failed(domain, msg)
  File "/usr/lib/moulinette/yunohost/certificate.py", line 472, in _email_renewing_failed
    smtp.sendmail(from_, [to_], message)
  File "/usr/lib/python2.7/smtplib.py", line 747, in sendmail
    raise SMTPRecipientsRefused(senderrs)
smtplib.SMTPRecipientsRefused: {'root': (550, '5.1.1 <root>: Recipient address rejected: User unknown in virtual mailbox table')}

Where can I find the log of this error?
How can I know and configure the recipient of this email? I think I no longer receive email since I changed the main domain name of my yunohost instance (~one year ago).

Thank you in advance!

Aleks · July 8, 2020, 10:19am

There’s some more debugging if you upgrade to 3.8.4.9 and/or you can also check the diagnosis interface to see if it’s happy about basic DNS records and web exposure of the corresponding domain

brunov · July 8, 2020, 12:42pm

I upgraded Yunohost to 3.8.4.9 with the command below.

sudo yunohost tools upgrade --system

Then I retried to renew the certificate and I had the error:

ERROR The DNS records for domain 'mydomain.tld' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)

The IP seems to be good. I will investigate my DNS configuration later. Now I have to go.

Thanks for the help.

brunov · July 9, 2020, 9:15pm

I fixed an issue on my DNS records. I deleted IP v6 record (AAAA) and then after the TTL, the certificate renewing works! There is no error but I keep receiving no mail from cert-renew command. Next, I found in /var/log/mail.log the mail “bounced (user unknown)”. I don’t have alias for root@ynh.mydomain.tld. So I added it and I will see if I receive email from cron.

system · July 24, 2020, 9:15pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.