Certmanager: Certificate renewing attempt for DOMAIN.TLD failed!

My YunoHost server

Hardware: VPS bought online / Old laptop or computer
YunoHost version:
yunohost:
repo: stable
version: 4.2.5.3
yunohost-admin:
repo: stable
version: 4.2.3.2
moulinette:
repo: stable
version: 4.2.3.3
ssowat:
repo: stable
version: 4.2.3

I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

My Yunohost is unable to renew it’s SSL certificate by itself anymore. This just started the past few weeks or so. I haven’t made any changes to my domain name that I am aware of.

How do I debug this?

Email from certmanager@domain.tld

An attempt for renewing the certificate for domain arkadi.one failed with the following
error :

The DNS records for domain 'arkadi.one' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)


Here's the tail of /var/log/yunohost/yunohost-cli.log, which might help to
investigate :

2021-06-08 23:03:37,541 DEBUG    yunohost.hook (unknown function) - [19756.1] + do_not_backup_data=
2021-06-08 23:03:37,542 DEBUG    yunohost.hook (unknown function) - [19756.1] + '[' 1 -eq 1 ']'
2021-06-08 23:03:37,542 DEBUG    yunohost.hook (unknown function) - [19756.1] + '[' 0 -eq 1 ']'
2021-06-08 23:03:37,543 DEBUG    yunohost.hook (unknown function) - [19756.1] + '[' 1 -eq 1 ']'
2021-06-08 23:03:37,544 DEBUG    yunohost.hook (unknown function) - [19756.1] + '[' 1 -eq 1 ']'
2021-06-08 23:03:37,544 DEBUG    yunohost.hook (unknown function) - [19756.1] + ynh_print_info '--message=/home/yunohost.app/nextcloud/data will not be saved, because '\''BACKUP_CORE_ONLY'\'' is set.'
2021-06-08 23:03:37,544 DEBUG    yunohost.hook (unknown function) - [19756.1] + local legacy_args=m
2021-06-08 23:03:37,545 DEBUG    yunohost.hook (unknown function) - [19756.1] + args_array=([m]=message=)
2021-06-08 23:03:37,545 DEBUG    yunohost.hook (unknown function) - [19756.1] + local -A args_array
2021-06-08 23:03:37,545 DEBUG    yunohost.hook (unknown function) - [19756.1] + local message
2021-06-08 23:03:37,545 DEBUG    yunohost.hook (unknown function) - [19756.1] + ynh_handle_getopts_args '--message=/home/yunohost.app/nextcloud/data will not be saved, because '\''BACKUP_CORE_ONLY'\'' is set.'
2021-06-08 23:03:37,546 DEBUG    yunohost.hook (unknown function) - [19756.1] + set +o xtrace
2021-06-08 23:03:37,562 DEBUG    yunohost.hook (unknown function) - [19756.1] + echo '/home/yunohost.app/nextcloud/data will not be saved, because '\''BACKUP_CORE_ONLY'\'' is set.'
2021-06-08 23:03:37,563 DEBUG    yunohost.hook (unknown function) - [19756.1] + return 0
2021-06-08 23:03:37,564 INFO     yunohost.hook (unknown function) - [19756.1] /home/yunohost.app/nextcloud/data will not be saved, because 'BACKUP_CORE_ONLY' is set.
2021-06-08 23:03:37,564 DEBUG    yunohost.hook (unknown function) - [19756.1] + ynh_print_info '--message=Backup script completed for nextcloud. (YunoHost will then actually copy those files to the archive).'
2021-06-08 23:03:37,565 DEBUG    yunohost.hook (unknown function) - [19756.1] + local legacy_args=m
2021-06-08 23:03:37,565 DEBUG    yunohost.hook (unknown function) - [19756.1] + args_array=([m]=message=)
2021-06-08 23:03:37,565 DEBUG    yunohost.hook (unknown function) - [19756.1] + local -A args_array
2021-06-08 23:03:37,566 DEBUG    yunohost.hook (unknown function) - [19756.1] + local message
2021-06-08 23:03:37,566 DEBUG    yunohost.hook (unknown function) - [19756.1] + ynh_handle_getopts_args '--message=Backup script completed for nextcloud. (YunoHost will then actually copy those files to the archive).'
2021-06-08 23:03:37,566 DEBUG    yunohost.hook (unknown function) - [19756.1] + set +o xtrace
2021-06-08 23:03:37,588 DEBUG    yunohost.hook (unknown function) - [19756.1] + echo 'Backup script completed for nextcloud. (YunoHost will then actually copy those files to the archive).'
2021-06-08 23:03:37,589 DEBUG    yunohost.hook (unknown function) - [19756.1] + ynh_exit_properly
2021-06-08 23:03:37,589 DEBUG    yunohost.hook (unknown function) - [19756.1] + local exit_code=0
2021-06-08 23:03:37,590 DEBUG    yunohost.hook (unknown function) - [19756.1] + rm -rf /var/cache/yunohost/download/
2021-06-08 23:03:37,590 INFO     yunohost.hook (unknown function) - [19756.1] Backup script completed for nextcloud. (YunoHost will then actually copy those files to the archive).
2021-06-08 23:03:37,591 DEBUG    yunohost.hook (unknown function) - [19756.1] + '[' 0 -eq 0 ']'
2021-06-08 23:03:37,591 DEBUG    yunohost.hook (unknown function) - [19756.1] + exit 0
2021-06-08 23:03:38,595 DEBUG    yunohost.backup (unknown function) - [19756.1] Backup permission for nextcloud
2021-06-08 23:03:38,793 DEBUG    moulinette.authenticator.ldap (unknown function) - initialize authenticator 'as-root' with: uri='ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', base_dn='dc=yunohost,dc=org', user_rdn='gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'
2021-06-08 23:03:45,562 INFO     yunohost.backup (unknown function) - [19756.1] Creating a backup archive from the collected files...
2021-06-08 23:03:45,563 INFO     yunohost.backup (unknown function) - [19756.1] The archive will contain about 529.4MiB of data.
2021-06-08 23:03:45,563 DEBUG    yunohost.backup (unknown function) - [19756.1] Creating the backup TAR archive...
2021-06-08 23:04:57,691 DEBUG    yunohost.backup (unknown function) - [19756.1] TAR backup archive created
2021-06-08 23:04:57,692 SUCCESS  yunohost.backup (unknown function) - [19756.1] Backup created
2021-06-08 23:04:57,706 DEBUG    yunohost.log (unknown function) - [19756.1] To view the log of the operation 'Create a backup archive', use the command 'yunohost log show 20210608-150317-backup_create20210608-150317-backup_create'
2021-06-08 23:04:57,732 DEBUG    moulinette.actionsmap process - action [19756.1] executed in 99.980s
2021-06-08 23:04:57,733 DEBUG    moulinette.core release - lock has been released
2021-06-09 06:25:06,203 DEBUG    moulinette.interface __init__ - initializing base actions map parser for cli
2021-06-09 06:25:06,224 DEBUG    moulinette.actionsmap __init__ - loading actions map namespace 'yunohost'
2021-06-09 06:25:06,229 DEBUG    moulinette.actionsmap _construct_parser - building parser...
2021-06-09 06:25:06,242 DEBUG    moulinette.actionsmap _construct_parser - building parser took 0.013s
2021-06-09 06:25:06,244 DEBUG    moulinette.core acquire - acquiring lock...
2021-06-09 06:25:06,288 DEBUG    moulinette.core acquire - lock has been acquired
2021-06-09 06:25:06,618 DEBUG    moulinette.actionsmap process - loading python module yunohost.domain took 0.330s
2021-06-09 06:25:06,618 DEBUG    moulinette.actionsmap process - processing action [30538.1]: yunohost.domain.cert-renew with args={'domain_list': [], 'force': False, 'email': True, 'no_checks': False, 'staging': False}
2021-06-09 06:25:06,810 DEBUG    moulinette.authenticator.ldap (unknown function) - initialize authenticator 'as-root' with: uri='ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi', base_dn='dc=yunohost,dc=org', user_rdn='gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'
2021-06-09 06:25:07,326 ERROR    yunohost.certmanager (unknown function) - [30538.1] The DNS records for domain 'arkadi.one' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)
2021-06-09 06:25:07,327 ERROR    yunohost.certmanager (unknown function) - [30538.1] Sending email with details to root ...

-- Certificate Manager```

c.f. the error message:

The DNS records for domain ‘arkadi.one’ is different from this server’s IP. Please check the ‘DNS records’ (basic) category in the diagnosis for more info.

1 Like

Hmm. Ok, now the error in diagnosis is gone.

I had a /etc/hosts file on my OpenWRT router defining the domain.tld to the local IP address. I guess it didn’ tlike that. I’m not getting warnings in diagnosis right now. Hopefully the cert will renew itself in the morning.

EDIT: The cert renewed itself. So having a /etc/hosts file on my router is bad.