Mon serveur YunoHost
Matériel: VPS acheté en ligne
Version de YunoHost: 11.2.20.2
J’ai accès à mon serveur : En SSH
Êtes-vous dans un contexte particulier ou avez-vous effectué des modifications particulières sur votre instance ? : non
Description du problème
Les 3 dernières mise à jour de Yunohost ont corrompu le certificat de mon domaine.
Avant mise à jour :
$ sudo yunohost domain cert-status
certificates:
mondomaine.tld:
CA_type: letsencrypt
style: success
summary: letsencrypt
validity: 88
Après mise à jour :
$ sudo yunohost domain cert-status
mondomaine.tld:
CA_type: other
style: success
summary: ok
validity: 3649
$ ls -l /etc/yunohost/certs/mondomaine.tld/
-rw-r----- 1 root ssl-cert 1229 Jul 6 12:45 crt.pem
-rw-r----- 1 root ssl-cert 2484 Jul 4 16:26 key.pem
On voit que le fichier crt.pem
a été mis à jour. Ceci casse, entre autre, postfix qui ne peut plus se connecter avec les autres serveurs mails. C’est maintenant un certificat autosigné (vérifié avec openssl x509).
Je l’ai corrigé par la commande suivante :
$ sudo yunohost domain cert install --force mondomaine.tld
Mais j’aimerais ne plus avoir à corriger cela après chaque mise à jour de Yunohost.
Pour info, les logs de la dernière mise à jour :
Setting up yunohost (11.2.20.2) ...
Regenerating configuration, this might take a while...
Success! Configuration updated for 'dnsmasq'
Launching migrations...
Info: No migrations to run
Re-diagnosing server health...
Success! Everything looks OK for Base system!
Success! Everything looks OK for Internet connectivity! (+ 2 ignored issue(s))
Success! Everything looks OK for DNS records!
Success! Everything looks OK for Ports exposure!
Success! Everything looks OK for Web!
Success! Everything looks OK for Email!
Warning: unable to retrieve string to translate with key 'nginx: [emerg] SSL_CTX_use_PrivateKey("/etc/yu
nohost/certs/mondomaine.tld/key.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_
key:key values mismatch)' for default locale 'locales/en.json' file (don't panic this is just a warning)
Warning: unable to retrieve string to translate with key 'nginx: configuration file /etc/nginx/nginx.con
f test failed' for default locale 'locales/en.json' file (don't panic this is just a warning)
Warning: Found 1 item(s) that could be improved for Services status check.
Success! Everything looks OK for System resources!
Success! Everything looks OK for System configurations!
Success! Everything looks OK for Applications!
Warning: To see the issues found, you can go to the Diagnosis section of the webadmin, or run 'yunohost
diagnosis show --issues --human-readable' from the command-line.
Refreshing app catalog...
Info: Updating application catalog…
Success! The application catalog has been updated!
et l’erreur indiquée est celle que j’ai corrigée à la main
$ sudo yunohost diagnosis show --issues --human-readable
Warning: unable to retrieve string to translate with key 'nginx: [emerg] SSL_CTX_use_PrivateKey("/etc/yunohost/certs/mondomaine.tld/key.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)' for default locale 'locales/en.json' file (don't panic this is just a warning)
Warning: unable to retrieve string to translate with key 'nginx: configuration file /etc/nginx/nginx.conf test failed' for default locale 'locales/en.json' file (don't panic this is just a warning)
=================================
Services status check (services)
=================================
[WARNING] Configuration is broken for service nginx!
- nginx: [emerg] SSL_CTX_use_PrivateKey("/etc/yunohost/certs/mondomaine.tld/key.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
- nginx: configuration file /etc/nginx/nginx.conf test failed