Error 500 when renewing cert

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 11.2.9.1
I have access to my server : through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

My verry first time to renew my certs.
I have a domain at Cloudflare with proxy. And a nohost domain.
Both will not renew, and give more or less the same erros.

I’ll focus on the nohost domain:

Renewing I gett this error:
Error: "500"

Action: "PUT" /yunohost/api/domain/my.nohost.me/actions/cert.cert.cert_renew

Logs here: https://paste.yunohost.org/raw/riyokocilu

I don’t recall any trouble installing the certs.

cf the yellow message on your screenshot advising to look at the diagnosis …

Diagnosis gives me these errors. Can they be the problem?
Port’s are forwarded on the the router.

IP v4 and v6 for both 80 and 443 ports are open in the yunohost firewall.
Router forwards to local ip of yunohost server.


I get this on both domains:

Could be good to clarify the situation with IPv6, yes, considering that Lets Encrypt is likely to contact your server using IPv6 if it is enabled/configured on the DNS …

On the other hand, the log of the cert install contains:

'port': '80', 'addressesResolved': ['xx.xx.xx.xx', 'xx:xx:xx:xx:xx:xx'], 'addressUsed': 'xx.xx.xx.xx'

which indicates it tried to use the IPv4 (not sure why), but got:

 Timeout during connect (likely firewall problem)', 'status': 400

Which is not clear to me, but my guess would be that it’s related to Cloudflare interfering…

(Actually nevermind, I didnt read the log carefully, the IPv4 test of Lets Encrypt seems to be working, the issue is only about the IPv6 being misconfigured)

1 Like

Ok. Thanks. I’ll try to dig into that…

(I focused on the nohost domain without cloudflare just to rule that out.)

@Aleks On thin ice with this, but configuring ipv6 in this case, is all that done on the yunohost server?

No, this is something between your server and your internet router. The issue could lie either in one, or both at the same time, it’s always hard to tell, debugging network is a pain in the ass, there’s no magic methodology, and dual-stack with both IPv4 and IPv6 is even more of a pain in the ass when one works but the other doesn’t …

2 Likes

I turned off ip v6 in the web admin. And certs for both domains are now renewed.

Did a test with https://test-ipv6.com/ and werything was perfect on that end.
Something on my server then I guess.

I’ll dig further for that issue.

I consider this one is solved.
Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.