Cryptpad being deleted by update. How can I recover?

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.9.2
What app is this about: Cryptpad

Describe your issue

I had a working YNH Cryptpad, but the last Update removed it.

  1. I updated Cryptpad to 2024.12.0~ynh1 and ran in the sandbox-cryptpad → sandbox.cryptpad problem.
  2. I updated my DNS and regenerated the letsencrypt certificate [1]
  3. Then I updated YNH from 12.0.9.1 to 12.0.9.2
  4. Then I updated my DNS-Entries (and removed the now unused sandbox-cryptpad entry)
  5. I Updated Cryptpad again (from 2024.12.0~ynh1 to 2024.12.0~ynh2)
    5.1. Backup went fine [2]
    5.2. Cryptpad Update failed [3], saying: ERROR Domain ‘sandbox.cryptpad.maindomain.tld’ unknown
    (But there is a CNAME entry in DNS and host shows it correctly)
    5.3. CryptPad App has been removed automatically successfully [4]
    5.4. automatic Recovery of CryptPad from archive failed [5]

Now I don’t have cryptpad installed any more, and I don’t want to make mistakes, because there has been important documents in cryptpad.

How can I restore Cryptpad and my documents?

Thanks a lot
Christian

Share relevant logs or error messages

[1] https://paste.yunohost.org/raw/igifogudif
[2] https://paste.yunohost.org/raw/fufinunate
[3] https://paste.yunohost.org/raw/cejilowovu
[4] https://paste.yunohost.org/raw/ezopawiced
[5] https://paste.yunohost.org/raw/egovikuwuv

look here, Sandbox domain Certproblem
main problem is, how to do the sandbox c-name.

No, I think, it’s different.
I did exactly, what the updatescript told me to do. I created a CNAME entry for sandbox.cryptpad (with dot) and then force regenerated the certificate for it.
So this is, what @rodinux told you:

Yunohost just thinks, that “ERROR Domain ‘sandbox.cryptpad.maindomain.tld’ unknown”.

But it already IS there (okay, it has been there).
Certificate regeneration said before:

2025-01-06 14:29:43,625: DEBUG - + sandboxdomain=sandbox.cryptpad.maindomain.tld
...
2025-01-06 14:29:44,238: INFO - Found domains: cryptpad.maindomain.tld, sandbox.cryptpad.maindomain.tld
...
2025-01-06 14:29:51,224: INFO - Verifying sandbox.cryptpad.maindomain.tld...
2025-01-06 14:30:18,460: INFO - sandbox.cryptpad.maindomain.tld verified!
...
2025-01-06 14:32:34,021: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/nginx/etc/nginx/conf.d/sandbox.cryptpad.maindomain.tld.conf' to system conf '/etc/nginx/conf.d/sandbox.cryptpad.maindomain.tld.conf'
2025-01-06 14:32:34,032: DEBUG - > system conf is not managed yet
2025-01-06 14:32:34,032: INFO - The configuration file '/etc/nginx/conf.d/sandbox.cryptpad.maindomain.tld.conf' is expected to be deleted by regen-conf (category nginx) but was kept back.
...
SUCCESS - Let's Encrypt certificate renewed for the domain 'cryptpad.maindomain.tld'

so sandbox.cryptpad.maindomain.tld already IS verified!.

And when I do an:

$ host sandbox.cryptpad.maindomain.tld
sandbox.cryptpad.maindomain.tld is an alias for cryptpad.maindomain.tld.
cryptpad.maindomain.tld has address 213.xx.xx.xx
cryptpad.maindomain.tld has IPv6 address 2a03:xxxx:xx:xxx:xxxx:xx:xxxx:xxxx
cryptpad.maindomain.tld mail is handled by 10 cryptpad.maindomain.tld.

$ host cryptpad.maindomain.tld
cryptpad.maindomain.tld has address 213.xx.xx.xx
cryptpad.maindomain.tld has IPv6 address 2a03:xxxx:xx:xxx:xxxx:xx:xxxx:xxxx
cryptpad.maindomain.tld mail is handled by 10 cryptpad.maindomain.tld.

So before I did this update things should be all right. Subdomain (with dot) is correctly, and in CryptPad update log there is no word about the dash-subdomain sandbox-cryptpad, so it really seems that it isn’t needed anymore.

I just wonder, why CryptPad update first removes the sandbox.cryptpad by itself and then complains about it:

2025-01-06 20:46:12,854: DEBUG - + grep -q sandbox.cryptpad.maindomain.tld
2025-01-06 20:46:12,854: DEBUG - + yunohost domain list --output-as plain
2025-01-06 20:46:23,071: DEBUG - + yunohost domain remove sandbox.cryptpad.maindomain.tld
2025-01-06 20:46:28,046: WARNING - ERROR Domain 'sandbox.cryptpad.maindomain.tld' unknown

Okay, today I see, @rodinux also told you to change CNAME to A / AAAA, so this should be the first step for me to get a proper CryptPad again…

But this only is half of the story.
After that recovery from backup failed, because:

Domain 'sandbox-cryptpad.maindomain.tld' unknown\n"

so, here it fails because the old sandbox-cryptpad isn’t there any more.

Of course I could set an A / AAAA entry for sandbox-cryptpad.maindomain.tld again and reinstall cryptpad from scratch, but here comes concern number three: I don’t want to loose my backup, so I don’t want to do too many experimental things.

And I don’t see how a
cp -a /etc/nginx/conf.d/pad.mydomain.de.d/cryptpad.conf /etc/nginx/conf.d/sandbox-pad.mydomain.de.d/
could help with the new sandbox.cryptpad subdomain. :thinking:

I think the domain sandbox-cryptpad.maindomain.tld should be removed !
I think O also understand the problem with you update… The problem is more because of some scripts… I am correcting them…

So the error was because in the remove, the script remove I see an error in the line
sandboxdomain=sandbox-cryptpad.maindomain.tld,

this is a key in the settings for the app and it should be sandboxdomain=sandbox.cryptpad.maindomain.tld !

So tell me first if you still have these files ? /etc/nginx/conf.d/sandbox.pad.domain.tld.conf and /etc/nginx/conf.d/cryptpad-shared.conf.inc

Next I see other problems about your DNS… But first tell me that… ( I saw your sandbox.pad.domain.tld is not a CNAME but a IN A )

In your case, I think we need change a line in your backup, change the key to have the correct ine sandboxdomain=sandbox.cryptpad.maindomain.tld in the file /apps/cryptpad/settings/settings.yml, I tell you after how…

No, there is no
/etc/nginx/conf.d/sandbox.pad.domain.tld.conf and /etc/nginx/conf.d/cryptpad-shared.conf.inc

I have /etc/nginx/conf.d/cryptpad.domain.tld.conf and an empty /etc/nginx/conf.d/cryptpad.domain.tld.d/.
In this directory there is nothing with sandbox in its name and no inc-file with some name about cryptpad.

But there are files in the archive:

/home/yunohost.backup/archives/cryptpad-pre-upgrade2.info.json
/home/yunohost.backup/archives/cryptpad-pre-upgrade2.tar

For DNS I guess that I have to remove the MX entry. :thinking:

Thank you for your help.

Here is a mistake !
from this script: cryptpad_ynh/scripts/upgrade at 3e349feb475dc8eb25c5c27d053a97ef9caf515d · YunoHost-Apps/cryptpad_ynh · GitHub
It should be corrected here
cryptpad_ynh/scripts/upgrade at bdf099a261a900217bb064689fa23168016c8dbf · YunoHost-Apps/cryptpad_ynh · GitHub

No ! this was for the oldest version 5 only !

First:
I recently changed sandbox.cryptpad from CNAME to A and AAAA, but I think during the update it has been a CNAME.

Second:
I did a tar --extract -f cryptpad-pre-upgrade2.tar apps/cryptpad/settings/settings.yml and it already looks like: sandboxdomain: sandbox.cryptpad.mydomain.tld

The only place where sandbox-cryptpad appears in this file is checksum__etc_nginx_conf.d_sandbox-cryptpad.mydomain.tld.d_cryptpad.conf.

well, this is normal, the old checksum from the oldest version… it can be removed. but is not the problem…

It must be a CNAME for cryptpad…

I am confused, trying understand why the restore backup, in the log restore there is a log

2025-01-06 20:59:38,658: INFO - <strong>Could not complete the operation 'Create permission 'cryptpad''. Please provide the full log of this operation by <a href="#/tools/logs/20250106-195935-permission_create-cryptpad">clicking here</a> to get help</strong>

Can you fond this log ?

yunohost log list |grep cryptpad

Also you can perhaps try verify in the folder extracted if there is somewhere a line with sandbox-cryptpad.maindomain.tld

grep -ir sandbox-cryptpad.maindomain.tld /folder-extract/*

Ok, we can try this if you are OK…

  • create the domain temporally sandbox-cryptpad.maindomain.tld
  • restore the backup

If it works, wait the fix cryptpad~ynh3 to upgrade or upgrade from testing

Okay, so many good ideas. :+1:
I will try.

1.No, there is no log with this name.
It has been a long list, so I grep’ed a bit more

$ sudo yunohost log list | grep cryptpad | grep 20250106-19
    name: 20250106-194507-app_upgrade-cryptpad
    path: /var/log/yunohost/operations/20250106-194507-app_upgrade-cryptpad.yml
    name: 20250106-194628-app_remove-cryptpad
    path: /var/log/yunohost/operations/20250106-194628-app_remove-cryptpad.yml
    name: 20250106-195933-backup_restore_app-cryptpad
    path: /var/log/yunohost/operations/20250106-195933-backup_restore_app-cryptpad.yml

2.I did grep -ir sandbox-cryptpad in my untar’ed backup (took a really long time) and this is what I got:

$ sudo grep -ir sandbox-cryptpad
apps/cryptpad/settings/permissions.yml:  - sandbox-cryptpad.my-domain.tld/
apps/cryptpad/settings/settings.yml:checksum__etc_nginx_conf.d_sandbox-cryptpad.my-domain.tld.d_cryptpad.conf: 220ac35b07bd083d194400ee51748eec

so beside the checksum (you said this isn’t important, and anyway the file doesn’t exist in backup) it’s just this single file:

$ sudo head -3 apps/cryptpad/settings/permissions.yml
cryptpad.main:
  additional_urls:
  - sandbox-cryptpad.my-domain.tld/

3.Earlier (in your first answer above) you asked for the two files /etc/nginx/conf.d/sandbox.pad.domain.tld.conf and /etc/nginx/conf.d/cryptpad-shared.conf.inc, and I found them in the backup:

apps/cryptpad/backup/etc/nginx/conf.d/sandbox.cryptpad.my-domain.tld.conf
apps/cryptpad/backup/etc/nginx/conf.d/cryptpad-shared.conf.inc

Are they still usefull for you? I didn’t find any sandbox-cryptpad in it. Everything is sandbox.cryptpad.

4.Where should I create sandbox-cryptpad.maindomain.tld?
In my DNS nameserver or in Yunohost (under Domains - add domain)?
Or both?

Or wouldn’t it better to change the additional_url in permissions.yml to sandbox.cryptpad.my-domain.tld/ ?

well… why this folder apps/cryptpad/settings/permissions.yml ?? I haven’t such folder… I think this one should be the problem… I am downloading a backup to see what I have… well I have also this !! why ??

I will said on Yunohost

Okay, here I go:

  • took a deep breath
  • added subdomain sandbox-cryptpad to mymaindomain.tld in YNH
  • installed Cryptpad to the cryptpad.mymaindomain.tld subdomain
  • restore … ah, okay, that has not been neccessary: uninstall Cryptpad
  • sandbox-cryptpad still is an subdomain, even when uninstall said something different.
  • oh no, YNH says Error 400: “Domain ‘sandbox-cryptpad.mymaindomain.tld’ unknown”, but it still is listed in the domain list. :thinking:
  • don’t care, re-add sandbox-cryptpad as new subdomain to mymaindomain.tld with an letsencrypt certificate
  • restore backup: cryptpad-pre-upgrade2 (2024.12.0~ynh1)
    • Found domains: sandbox-cryptpad.mymaindomain.tld :thinking:
    • Verifying sandbox-cryptpad.mymaindomain.tld … :thinking:
    • sandbox-cryptpad.mymaindomain.tld verified! :thinking:
    • Signing certificate…
    • Certificate signed!
    • restauration successfull

When I open cryptpad.mydomain.tld it looks great.
But when I log in with my username all I see is an (big) error message:

Blocked page
An error occurred when connecting to sandbox.cryptpad.mydomain.tld.

This page has an valid letsencrypt certificate for sandbox.cryptpad.mydomain.tld and cryptpad.mydomain.tld, but it is from yesterday (when I ordered it manually).

When I only want to open a new document the same error page appears.

  • Update to 2024.12.0~ynh3, but there are some warnings and errors:
    • WARNING ./15-nginx: line 39: ynh_render_template: command not found
    • ERROR Could not run script: /usr/share/yunohost/hooks/conf_regen/15-nginx
    • WARNING ./19-postfix: line 81: ynh_render_template: command not found
    • ERROR Could not run script: /usr/share/yunohost/hooks/conf_regen/19-postfix
    • WARNING ./43-dnsmasq: line 43: ynh_validate_ip4: command not found
    • WARNING ./43-dnsmasq: line 45: ynh_validate_ip6: command not found
    • WARNING ./43-dnsmasq: line 56: ynh_render_template: command not found
    • ERROR Could not run script: /usr/share/yunohost/hooks/conf_regen/43-dnsmasq
    • Since some changes was done on the sandbox domain, you will need to regenerate the certificate for cryptpad.mydomain.tld and update your DNS config accordingly.
  • oh, and I saw you introduced Please, be sure the CNAME is correctly added on your registar and wait for the DNS propagation with commit 6e2ca41ff97faf125c65e883f1d9a44c525df534
    Didn’t you prefer A and AAAA records over CNAME?

So in the end with ynh~3 I’m still at this point with:

Blocked page
An error occurred when connecting to sandbox.cryptpad.mydomain.tld.

Ok your on the good way, now the problem is withe the cname

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.