I can't renew a yunohost domain let's encrypt

jwqos · August 31, 2023, 10:53am

I can’t renew let’s encrypt due to some error on muc.mydomain. XMPP is essential on this server and i can’t deactivate it.

My YunoHost server

**Hardware: Raspberry Pi 4

Here are the logs:

args:
  email: false
  force: true
  no_checks: false
ended_at: 2023-08-31 10:51:05.228745
error: Certificate renewing for domain2.tld failed!
interface: api
operation: letsencrypt_cert_renew
parent: null
related_to:
- - domain
  - domain2.tld
started_at: 2023-08-31 10:50:55.968533
success: false
yunohost_version: 11.2.3

============

2023-08-31 11:50:55,987: DEBUG - Making sure tmp folders exists...
2023-08-31 11:50:55,989: DEBUG - Reusing IPv4 from cache: xx.xx.xx.xx
2023-08-31 11:50:55,989: DEBUG - Reusing IPv6 from cache: None
2023-08-31 11:50:55,990: DEBUG - Prepare key and certificate signing request (CSR) for domain2.tld...
2023-08-31 11:50:57,150: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/domain2.tld.csr.
2023-08-31 11:50:57,151: DEBUG - Now using ACME Tiny to sign the certificate...
2023-08-31 11:50:57,152: INFO - Parsing account key...
2023-08-31 11:50:57,173: INFO - Parsing CSR...
2023-08-31 11:50:57,195: INFO - Found domains: domain2.tld, muc.domain2.tld, xmpp-upload.domain2.tld
2023-08-31 11:50:57,197: INFO - Getting directory...
2023-08-31 11:50:58,000: INFO - Directory found!
2023-08-31 11:50:58,001: INFO - Registering account...
2023-08-31 11:50:59,160: INFO - Already registered!
2023-08-31 11:50:59,165: INFO - Creating new order...
2023-08-31 11:51:00,313: INFO - Order created!
2023-08-31 11:51:01,489: INFO - Verifying domain2.tld...
2023-08-31 11:51:03,790: INFO - domain2.tld verified!
2023-08-31 11:51:04,964: INFO - Verifying muc.domain2.tld...
2023-08-31 11:51:05,221: ERROR - Wrote file to /var/www/.well-known/acme-challenge-public/LREfZFdaW0GOlwNlMSjhKZzpyOj8QtlBM_lViQAxti0, but couldn't download http://muc.domain2.tld/.well-known/acme-challenge/LREfZFdaW0GOlwNlMSjhKZzpyOj8QtlBM_lViQAxti0: Error:
Url: http://muc.domain2.tld/.well-known/acme-challenge/LREfZFdaW0GOlwNlMSjhKZzpyOj8QtlBM_lViQAxti0
Data: None
Response Code: 404
Response: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>
File not found.
<HR>
<ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS>
</BODY></HTML>

2023-08-31 11:51:05,226: ERROR - Certificate renewing for domain2.tld failed!

Aleks · August 31, 2023, 2:17pm

Let’s try to add a line muc.domain.tld 127.0.0.1 inside /etc/hosts on the server

jwqos · August 31, 2023, 6:06pm

Got the same error

Aleks · August 31, 2023, 6:31pm

My bad, the order is reversed, it should be : 127.0.0.1 muc.domain.tld

jwqos · August 31, 2023, 8:26pm

No problem, thanks for the help so far, but still got errors a different error though, something relared to SSL:

args:
  force: true
  no_checks: false
ended_at: 2023-08-31 20:24:45.705379
error: 'Certificate installation for domain2.tld failed !

  Exception: Could not sign the new certificate'
interface: cli
operation: letsencrypt_cert_install
parent: null
related_to:
- - domain
  - domain2.tld
started_at: 2023-08-31 20:24:35.650517
success: false
yunohost_version: 11.2.4

============

2023-08-31 21:24:35,666: DEBUG - Making sure tmp folders exists...
2023-08-31 21:24:35,681: DEBUG - Fetching IP from https://ip.yunohost.org 
2023-08-31 21:24:36,786: DEBUG - IP fetched: xx.xx.xx.xx
2023-08-31 21:24:36,801: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
2023-08-31 21:24:36,802: DEBUG - IP fetched: None
2023-08-31 21:24:36,804: DEBUG - Prepare key and certificate signing request (CSR) for domain2.tld...
2023-08-31 21:24:37,863: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/domain2.tld.csr.
2023-08-31 21:24:37,865: DEBUG - Now using ACME Tiny to sign the certificate...
2023-08-31 21:24:37,865: INFO - Parsing account key...
2023-08-31 21:24:37,884: INFO - Parsing CSR...
2023-08-31 21:24:37,902: INFO - Found domains: muc.domain2.tld, xmpp-upload.domain2.tld, domain2.tld
2023-08-31 21:24:37,903: INFO - Getting directory...
2023-08-31 21:24:38,488: INFO - Directory found!
2023-08-31 21:24:38,488: INFO - Registering account...
2023-08-31 21:24:39,656: INFO - Already registered!
2023-08-31 21:24:39,657: INFO - Creating new order...
2023-08-31 21:24:40,786: INFO - Order created!
2023-08-31 21:24:41,956: INFO - Verifying domain2.tld...
2023-08-31 21:24:44,461: INFO - domain2.tld verified!
2023-08-31 21:24:45,691: INFO - Verifying muc.domain2.tld...
2023-08-31 21:24:45,704: ERROR - Wrote file to /var/www/.well-known/acme-challenge-public/LREfZFdaW0GOlwNlMSjhKZzpyOj8QtlBM_lViQAxti0, but couldn't download http://muc.domain2.tld/.well-known/acme-challenge/LREfZFdaW0GOlwNlMSjhKZzpyOj8QtlBM_lViQAxti0: Error:
Url: http://muc.domain2.tld/.well-known/acme-challenge/LREfZFdaW0GOlwNlMSjhKZzpyOj8QtlBM_lViQAxti0
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)>
2023-08-31 21:24:45,705: ERROR - Certificate installation for domain2.tld failed !
Exception: Could not sign the new certificate

jwqos · September 3, 2023, 6:57pm

Just tried again and it worked…