Getting a let's encrypt certificate failing


#1

I’m running yunohost in a virtual machine, the main machine is redirecting all http traffic with caddy and enabling automatic encryption, so I didn’t have to bother about creating let’s encrypt certificates with yunohost.

But to have access IMAP and SMTP access, since the traffic doesn’t pass by caddy, I get the alert about the self-signed certificate.
So I tried to create a let’s encrypt certificate with yunohost, but I get the following error:

Info: Now attempting install of certificate for domain mysite.org!
Info: Parsing account key...
Info: Parsing CSR...
Info: Registering account...
Info: Already registered!
Info: Verifying mysite.org...
Error: Wrote file to /tmp/acme-challenge-public/averrrrryyyylloooonnngggstringggg, but couldn't download http://mysite.org/.well-known/acme-challenge/averrrrryyyylloooonnngggstringggg
Warning: Debug information:
 - domain ip from DNS        myIP
 - domain ip from local DNS  myIp
 - public ip of the server   myIp

Warning: Debug information:
 - domain ip from DNS        myIp
 - domain ip from local DNS  myIp
 - public ip of the server   myIp

Error: Certificate installation for mysite.org failed !
Exception: [Errno 22] Signing the new certificate failed
Info: The operation 'Install Let's encrypt certificate on 'mysite.org' domain' has failed ! To get help, please share the full log of this operation using the command 'yunohost log display date-letsencrypt_cert_install-mysite.org --share'

It seems that the file /tmp/acme-challenge-public/averrrrryyyylloooonnngggstringggg needs to be accessible from the outside to maybe sign the certificate, I guess. Should I do this? Is it enough to make a temporary redirection from caddy to the yunohost vm with this url to have it working? Or is it more than a one time action?
Is there any better way to solve this issue?


#2

Maybe in relation with that : https://status.io/pages/incident/55957a99e800baa4470002da/5c0822769ed95204b4ab7d27


#3

In the end I tried the solution I mention in my question and made the file temporarily accessible. The certificate could be signed and everything works now. And then I removed the forwarding by caddy of the route to the acme-challenge file.