My YunoHost server
Hardware: LXC container, self-hosted, Debian Stretch hypervisor
YunoHost version: 3.6.4.3
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : not realy (regen-conf is clean except for resolvconf and some dnsmasq, which does not seem relevant here at first glance)
Description of my issue
My ynh server is yelling at my mailbox since several days because it cannot renew a cert on one domain (others are fine). Let’s call it mail.internet.boss
This domain hosts only a roundcube instance, at domain root.
So I tried to tackle the issue, found this topic, and tried to re-install the cert (with or without temporary going through a self-signed and then back to LE).
The installation of new cert fails the same way as cert renewing :
2019-10-02 22:42:05,932: DEBUG - Now using ACME Tiny to sign the certificate...
2019-10-02 22:42:05,932: INFO - Parsing account key...
2019-10-02 22:42:05,942: INFO - Parsing CSR...
2019-10-02 22:42:05,953: INFO - Found domains: mail.internet.boss
2019-10-02 22:42:05,953: INFO - Getting directory...
2019-10-02 22:42:06,766: INFO - Directory found!
2019-10-02 22:42:06,767: INFO - Registering account...
2019-10-02 22:42:08,411: INFO - Already registered!
2019-10-02 22:42:08,412: INFO - Creating new order...
2019-10-02 22:42:10,067: INFO - Order created!
2019-10-02 22:42:10,869: INFO - Verifying mail.internet.boss...
2019-10-02 22:42:10,873: ERROR - Wrote file to /tmp/acme-challenge-public/X3ccdxfnXdBU28rZxpKgi6hQnW4Z6zDnhvKAlOtpI4, but couldn't download http://mail.internet.boss/.well-known/acme-challenge/X3ccdxfnXdBU28rZxpKgi6hQnW4Z6zDnhvKAlOtpI4: Error:
Url: http://mail.internet.boss/.well-known/acme-challenge/X3ccdxfnXdBU28rZxpKgi6hQnW4Z6zDnhvKAlOtpI4
Data: None
Response Code: 403
Response: <html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
2019-10-02 22:42:11,143: WARNING - Debug information:
- domain ip from DNS 89.X.Y.Z
- domain ip from local DNS 192.168.ZZ.TT
- public ip of the server 89.X.Y.Z
2019-10-02 22:42:11,406: WARNING - Debug information:
- domain ip from DNS 89.X.Y.Z
- domain ip from local DNS 192.168.ZZ.TT
- public ip of the server 89.X.Y.Z
2019-10-02 22:42:11,407: ERROR - Certificate installation for mail.internet.boss failed !
Exception: La signature du nouveau certificat a échoué
A workaround I found :
mv /etc/nginx/mail.internet.boss.d/roundcube.conf /tmp/roundcube.conf
systemctl restart nginx
yunohost domain cert-install mail.internet.boss --force
mv /tmp/roundcube.conf /etc/nginx/mail.internet.boss.d/roundcube.conf
systemctl restart nginx
But i’d need to do it every two months :-(.
Any ideas to help me solve it properly ?
<3 by now and by advance.