Installation neuve sur la brique internet non fonctionnelle

Ah OK ! :hugs: Mais alors quelle image doit-on prendre pour la brique internet ?
Sur ce lien : Installer YunoHost | Yunohost Documentation et https://build.yunohost.org/, je n’ai pas trouvé d’autres références.

À vrai dire, sur le lien ci-après : Images | Yunohost Documentation, la référence à la brique internet est absente. Que doit-on choisir comme matériel à ce niveau ?

Entre temps, j’ai trouvé sur l’aide Neutrinet ce que nous devons faire ici : fr:cube:install []

Et j’ai téléchargé l’image indiquée sur le Nextcloud de Neutrinet :+1:
Du coup, je vais devoir à nouveau avoir le domaine libéré. J’ai fait la demande ici : Nohost domain recovery - Suppression de domaine en nohost.me, noho.st et ynh.fr

Du coup voilà le point d’avancement :

  • j’ai utilisé l’image présente ici : Neutrinet
  • utiliser etcher pour flasher la carte ne semble pas avoir fonctionné car impossible de trouver la brique internet sur le réseau et donc de lancer l’installation : impossible de s’y connecter via la webadmin ou avec un écran/clavier
  • du coup, pour installer l’image j’ai utilisé la commande suivante : sudo dd if=internetcube_11.1.19_lime2-20230519.img of=/dev/mmcblk0 status=progress
  • la brique internet démarre bien :slight_smile:
  • mais au niveau de l’installation j’ai une erreur au niveau du Wifi Hotspot qui dit :
    Command 'yunohost app install hotspot --force --args '&wifi_ssid=XXX&wifi_passphrase=[REDACTED]&firmware_nonfree=no' &>> ./data/install_hotspot.logs' returned non-zero exit status 1.

Que dois-je faire à ce niveau désormais ? :thinking:

Mouarf il faudrait activer le “mode debug” en bas à droite et partager le bout de log juste avant que ça crash, en enlevant les infos privées/secrètes si il y en a …

vas-y je fais ça :wink:

sinon pour information : entre temps, j’ai redémarré la brique et l’application Wifi Hotspot semble inexistante de la liste…

Voilà le texte en activant “Debug mode” :

============================
Running: yunohost app install hotspot --force --args '&wifi_ssid=XXX&wifi_passphrase=[REDACTED]&firmware_nonfree=no'
Command '['git', 'ls-remote', '--symref', 'https://github.com/labriqueinternet/hotspot_ynh', 'HEAD']' returned non-zero exit status 128.
Could not fetch source files, is the URL correct?
Command 'yunohost app install hotspot --force --args '&wifi_ssid=XXX&wifi_passphrase=[REDACTED]&firmware_nonfree=no' &>> ./data/install_hotspot.logs' returned non-zero exit status 1.

je remarque du coup que : ‘GitHub - YunoHost-Apps/hotspot_ynh: Wifi Hotspot app for YunoHost’ redirige (via un navigateur) vers “GitHub - YunoHost-Apps/hotspot_ynh: Wifi Hotspot app for YunoHost” (le lien n’étant pas le même).
L’erreur peut-elle être là ?

Bon, j’ai essayé de faire McGyver en tentant dans le terminal (via le clavier + écran) la commande suivante :
yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh --force --args '&wifi_ssid=XXX&wifi_passphrase=mot_de_passe&firmware_nonfree=no'
et j’obtiens alors la réponse suivante :

Error: Command '['git', 'ls-remote', '--symref', 'https://github.com/YunoHost-Apps/hotspot_ynh', 'HEAD']' returned non-zero exit status 128.
Could not fetch source files, is the URL correct?

Est-ce logique, normal selon vous ?

Je ne connais pas trop le projet « la brique internet » mais vu comme c’est partit je serais de toi je réinstallerais avec une nouvelle image.

Tu as quoi comme matériel ? Ton pc / serveur ?

Si tu as quelque chose qui d’assez petit, je serais prêt à parier que l’image suivante fonctionnera mieux : Installer YunoHost | Yunohost Documentation

C’est la merde, on a arrêté de faire la promo des images ARM / la brique car elles étaient super vieille et c’est super relou et long à maintenir, du coup il faut utiliser une image Armbian puis installer YunoHost par dessus … Sauf que le projet Armbian est déjà passé à Bookworm et c’est super galère de trouver un image d’Olinuxino ou autre buildé pour Bullseye

1 Like

Bonjour. J’aurais moi aussi besoin de réinstaller yunohost sur ma brique. Quelle est la meilleure image que je peux utiliser ? Il n’y a plus de liens sur cette page https://yunohost.org/fr/install/hardware:internetcube :cry:

Du coup, je ne suis plus sûr de l’image qu’il faut choisir lorsque nous utilisons la brique internet. @Aleks , peux-tu m’en dire plus ? (je ne suis pas sûr d’avoir compris) :

1 Like

ce que j’ai c’est une brique internet : La Brique Internet

1 Like

Pour certaine définition de “bonne”, oui. Mais les images sont en 4.1.x, a.k.a un peu l’antiquité à l’échelle de l’histoire de YunoHost … Peut-être que ça marche, mais bonne chance pour faire toutes les montées de version, surtout depuis une carte ARM…

C’est flou aussi, peut-être que tu peux trouver des images de brique chez Neutrinet ou d’autres FAI associatif, mais comme dit déjà pleins de fois, les builds d’image ARM c’est compliqué et super long à faire / tester / publier, et de-facto on les maintenait pas, donc plutôt que de faire la promo d’images antédiluviennes, on les a enlever de la doc.

Mais en vrai tu peux aussi juste installer Armbian puis YunoHost par dessus avec les apps VPN client et Hotspot, il n’y a pas de maxi différence, si ce n’est que le processus d’install est moins simple puisqu’il faut faire les étapes “à la main”. Et la blague c’est que Armbian ne fournit plus officiellement d’image Bullseye, seulement Bookworm, pas encore supporté par YunoHost. Bref, c’est la merde.

devons-nous les faire monter de version, où pouvons-nous les garder avec la version installée ?

J’ai pris une image de Neutrinet en fait, celle-ci : Neutrinet (internetcube_11.1.19_lime2-20230519.img.gz) mais ça bloque au niveau de l’application Wifi Hotspot → https://forum.yunohost.org/uploads/default/original/2X/6/6809839e27c34eed908518583c25cb9e8bfb403d.jpeg (l’erreur indique :

============================
Running: yunohost app install hotspot --force --args '&wifi_ssid=XXX&wifi_passphrase=[REDACTED]&firmware_nonfree=no'
Command '['git', 'ls-remote', '--symref', 'https://github.com/labriqueinternet/hotspot_ynh', 'HEAD']' returned non-zero exit status 128.
Could not fetch source files, is the URL correct?
Command 'yunohost app install hotspot --force --args '&wifi_ssid=XXX&wifi_passphrase=[REDACTED]&firmware_nonfree=no' &>> ./data/install_hotspot.logs' returned non-zero exit status 1.

)

Peut-être une question bête, mais est-ce que Installer YunoHost | Yunohost Documentation marche pour la brique internet ? Je ne sais pas si la brique internet et ARM c’est différent. D’après ce que tu as pu écrire, oui, cela sembe être différent mais cela marcherait, c’est juste que le process d’installation est moins simple… si j’ai bien compris.
Mais vu que l’image Armbian version Bullseye n’est plus disponible, cela n’est pas possible (si j’ai bien compris)

Du coup, peut-être que la meilleure solution est une image en 4.1.x, hormis le fait qu’elles sont vieilles, est-ce que cela pose problème ?

Si j’ai bien compris, le sous-entendu c’est que dans le futur une fois que la version Bookworm de Armbian sera prise en charge par Yunohost, il suffira de suivre la procédure indiquée ici : Installer YunoHost | Yunohost Documentation. Correct ? :flushed:

ou alors comment bien installer manuellement l’application Wifi Hotspot ?
Est-ce que la commande :

yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh --force --args '&wifi_ssid=XXX&wifi_passphrase=mot_de_passe&firmware_nonfree=no'

devrait installer l’application ?
Car en fait j’obtiens l’erreur suivante en faisant ça :

Error: Command '['git', 'ls-remote', '--symref', 'https://github.com/YunoHost-Apps/hotspot_ynh', 'HEAD']' returned non-zero exit status 128.
Could not fetch source files, is the URL correct?

Théoriquement parlant tu peux continuer à utiliser Windows 95 sur ton vieux pentium 2 mais à un moment tu vas finir par vouloir faire des trucs qui seront pas possible … Enfin j’exagère bien sur, mais c’est l’idée

Après c’est pas tellement que la mise à niveau est impossible, mais c’est juste super long

Oui, c’est sans doute la bonne approche pour résoudre la situation actuelle …

Dans ce cas il faut qu’on creuse car il n’y a pas de raison que la brique ne trouve pas cette URL …

Est-ce que tu peux tenter de faire tourner manuellement la commande suivante :

git ls-remote --symref https://github.com/YunoHost-Apps/hotspot_ynh HEAD

qui devrait afficher un truc du genre (on s’en fout de la valeur exacte, c’est surtout que c’est pas un message d’erreur) :

ref: refs/heads/master	HEAD
b9d264811f15279fb744e417adb6a09f97f0bdad	HEAD

En tout cas ça ressemble furieusement à un problème de connectivité internet, qui peut être du à une mauvaise configuration du VPN …

genre que raconte curl ip.yunohost.org ? (Là aussi, osef de la valeur retournée, c’est surtout pour tester si ça renvoie une erreur ou pas)

ouai exact…

Dans le terminal via SSH, cela ressemble bien à un problème de connectivité du coup :

$ git ls-remote --symref https://github.com/YunoHost-Apps/hotspot_ynh HEAD
fatal: unable to access 'https://github.com/YunoHost-Apps/hotspot_ynh/': Failed to connect to github.com port 443: Connection timed out

$ curl ip.yunohost.org
curl: (28) Failed to connect to ip.yunohost.org port 80: Connection timed out

Peut-être que cela est dû à une mauvaise configuration du VPN. Je désactive donc le VPN et je lance la commande :
$ sudo yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh --force --args '&wifi_ssid=nom_du_wifi&wifi_passphrase=mot_de_passe&firmware_nonfree=no'

Cela semble bien fonctionner mais ça bloque sur la dernière ligne :

Info: After installation, you will be able to configure the application from YunoHost's webadmin in Applications > Hotspot > Configuration.
Info: Installing hotspot...
Info: [+...................] > Validating installation parameters...
Info: [#++.................] > Storing installation settings...
Info: [###+................] > Configuring firewall...
Info: [####++..............] > Installing firmware...
Info: [######+.............] > Installing dependencies...
Info: [#######++...........] > Configuring system user...
Info: [#########+..........] > Configuring hotspot...
Warning: Try to reload driver for usb 1-1
Info: [##########++........] > Copying configuration files...
Info: [############+.......] > Configuring hostapd...
Info: [#############++.....] > Configuring a systemd service...
Info: [###############+....] > Integrating service in YunoHost...
Info: [################++..] > Starting a systemd service...

Néanmoins, je vois désormais sur la web admin bien l’application Wifi Hotspot dans les listes des applications (ce qui n’était pas le cas auparavant). Mais avec des erreurs :

Your Hotspot is down ! Here are errors logged in the last 5 minutes

Started LSB: Advanced IEEE 802.11 management daemon.
Stopping LSB: Advanced IEEE 802.11 management daemon...
hostapd.service: Succeeded.
Stopped LSB: Advanced IEEE 802.11 management daemon.
Starting LSB: Advanced IEEE 802.11 management daemon...
Started LSB: Advanced IEEE 802.11 management daemon.
Stopping LSB: Advanced IEEE 802.11 management daemon...
Stopping advanced IEEE 802.11 management: hostapd.
hostapd.service: Succeeded.
Stopped LSB: Advanced IEEE 802.11 management daemon.

Je vais arrêter la commande “yunohost install” en SSH et j’essaie de redémarrer la brique internet et voir ce que ça dit…

Mince en essayant de stopper la commande j’ai :

Info: [################++..] > Starting a systemd service...
^CError: Unable to install hotspot: The operation was manually interrupted?
Info: The operation 'Install the 'hotspot' app' could not be completed. Please share the full log of this operation using the command 'yunohost log share date-app_install-hotspot' to get help
Warning: Removing the app after installation failure...
Info: [++..................] > Loading installation settings...
Info: [##++................] > Removing hotspot service
Info: [####++..............] > Stopping and removing the systemd service...
Info: [######++............] > Removing dependencies...
Info: [########+++.........] > Removing app main directory...
Info: [###########++.......] > Closing port 547
Info: [#############++.....] > Closing port 67
Info: [###############++...] > Removing the dedicated system user...
Info: [#################+++] > Removal of hotspot completed
Error: The operation 'Install the 'hotspot' app' could not be completed. Please share the full log of this operation using the command 'yunohost log share date-app_install-hotspot' to get help

L’application a été retirée.
Du coup, je relance la commande ci-dessus (sans l’arrêter) et fais un systemctl shutdown (afin d’avoir l’application Wifi Hotspot installée :wink: ).

En redémarrant la brique internet, j’ai bien les applications VPN et Wifi. Néanmoins, je n’arrive pas à me connecter à internet avec le Wifi de la brique…
Je désactive donc le VPN et dans le terminal curl ip.yunohost.org me retourne bien mon IP.

Mais chose étrange, via Mozilla Firefox l’URL ip.yunohost.org ne retourne rien… je n’ai pas internet. Pourquoi ? le VPN étant arrêté via l’interface Web admin.

Est-ce un problème de la configuration VPN même en étant désactivé ?

Après quelques minutes, le VPN semble se réactiver automatiquement (ce qui me semble normal).

Pour information, si cela peut être utile, j’ai lancé un diagnostic et il est disponible ci-après :

=================================
Base system (basesystem)
=================================

[INFO] Server hardware architecture is bare-metal armhf
  - Server model is Olimex A20-OLinuXino-LIME2-eMMC

[INFO] Server is running Linux kernel 5.15.93-sunxi

[INFO] Server is running Debian 11.7

[INFO] Server is running YunoHost 11.1.21.4 (stable)
  - yunohost version: 11.1.21.4 (stable)
  - yunohost-admin version: 11.1.10 (stable)
  - moulinette version: 11.1.4 (stable)
  - ssowat version: 11.1.4 (stable)



=================================
Internet connectivity (ip)
=================================

[SUCCESS] Domain name resolution is working!

[ERROR] The server does not have working IPv4.

[SUCCESS] The server is connected to the Internet through IPv6!
  - Global IP: xx:xx:xx:xx:xx:xx
  - Local IP: fe80::42:acab



=================================
DNS records (dnsrecords)
=================================



=================================
Ports exposure (ports)
=================================



=================================
Web (web)
=================================



=================================
Email (mail)
=================================



=================================
Services status check (services)
=================================

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service metronome is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service php7.4-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service redis-server is running!

[SUCCESS] Service rspamd is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service ynh-hotspot is running!

[SUCCESS] Service ynh-vpnclient is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!

[SUCCESS] Service yunomdns is running!



=================================
System resources (systemresources)
=================================

[SUCCESS] The system still has 713 MiB (74%) RAM available out of 967 MiB.

[INFO] The system has no swap at all. You should consider adding at least 512 MiB of swap to avoid situations where the system runs out of memory.
  - Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.

[SUCCESS] Storage / (on device /dev/mmcblk0p1) still has 27 GiB (94.4%) space left (out of 28 GiB)!



=================================
System configurations (regenconf)
=================================

[WARNING] Configuration file /etc/resolv.dnsmasq.conf appears to have been manually modified.
  - This is probably OK if you know what you're doing! YunoHost will stop updating this file automatically... But beware that YunoHost upgrades could contain important recommended changes. If you want to, you can inspect the differences with 'yunohost tools regen-conf dnsmasq --dry-run --with-diff' and force the reset to the recommended configuration with 'yunohost tools regen-conf dnsmasq --force'



=================================
Applications (apps)
=================================

[SUCCESS] All installed apps respect basic packaging practices

Entre temps, j’ai lancé un “System update” depuis la web admin et désormais le diagnostic me donne :

=================================
Base system (basesystem)
=================================

[INFO] Server hardware architecture is bare-metal armhf
  - Server model is Olimex A20-OLinuXino-LIME2-eMMC

[INFO] Server is running Linux kernel 5.15.93-sunxi

[INFO] Server is running Debian 11.7

[INFO] Server is running YunoHost 11.1.22 (stable)
  - yunohost version: 11.1.22 (stable)
  - yunohost-admin version: 11.1.10 (stable)
  - moulinette version: 11.1.5 (stable)
  - ssowat version: 11.1.4 (stable)



=================================
Internet connectivity (ip)
=================================

[SUCCESS] Domain name resolution is working!

[ERROR] The server does not have working IPv4.

[SUCCESS] The server is connected to the Internet through IPv6!
  - Global IP: xx:xx:xx:xx:xx:xx
  - Local IP: fe80::42:acab



=================================
DNS records (dnsrecords)
=================================

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category xmpp)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)



=================================
Ports exposure (ports)
=================================

[ERROR] Port 22 is not reachable from the outside.
  - Exposing this port is needed for admin features (service ssh)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 25 is not reachable from the outside.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 80 is not reachable from the outside.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 443 is not reachable from the outside.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 587 is not reachable from the outside.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 993 is not reachable from the outside.
  - Exposing this port is needed for email features (service dovecot)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5222 is not reachable from the outside.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5269 is not reachable from the outside.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config



=================================
Web (web)
=================================

[ERROR] Domain maindomain.tld appears unreachable through HTTP from outside the local network.
  - Timed-out while trying to contact your server from the outside. It appears to be unreachable.
    1. The most common cause for this issue is that port 80 (and 443) are not correctly forwarded to your server.
    2. You should also make sure that the service nginx is running
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.



=================================
Email (mail)
=================================

[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).

[ERROR] The SMTP mail server is unreachable from the outside on IPv4. It won't be able to receive emails.
  - Could not open a connection on port 25 to your server in IPv4. It appears to be unreachable.
    1. The most common cause for this issue is that port 25 is not correctly forwarded to your server.
    2. You should also make sure that service postfix is running.
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.

[ERROR] No reverse DNS is defined in IPv4. Some emails may fail to get delivered or be flagged as spam.
  - You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
  - Some providers won't let you configure your reverse DNS (or their feature might be broken...). If you are experiencing issues because of this, consider the following solutions:
     - Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
    - A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
    - Or it's possible to switch to a different provider

[ERROR] Your IP or domain x.x.x.x is blacklisted on Spamhaus ZEN
  - The blacklist reason is: "https://www.spamhaus.org/query/ip/x.x.x.x"
  - After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/

[SUCCESS] 0 pending emails in the mail queues



=================================
Services status check (services)
=================================

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service metronome is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service php7.4-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service redis-server is running!

[SUCCESS] Service rspamd is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service ynh-hotspot is running!

[SUCCESS] Service ynh-vpnclient is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!

[SUCCESS] Service yunomdns is running!



=================================
System resources (systemresources)
=================================

[SUCCESS] The system still has 705 MiB (73%) RAM available out of 967 MiB.

[INFO] The system has no swap at all. You should consider adding at least 512 MiB of swap to avoid situations where the system runs out of memory.
  - Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.

[SUCCESS] Storage / (on device /dev/mmcblk0p1) still has 27 GiB (94.3%) space left (out of 28 GiB)!



=================================
System configurations (regenconf)
=================================

[WARNING] Configuration file /etc/resolv.dnsmasq.conf appears to have been manually modified.
  - This is probably OK if you know what you're doing! YunoHost will stop updating this file automatically... But beware that YunoHost upgrades could contain important recommended changes. If you want to, you can inspect the differences with 'yunohost tools regen-conf dnsmasq --dry-run --with-diff' and force the reset to the recommended configuration with 'yunohost tools regen-conf dnsmasq --force'



=================================
Applications (apps)
=================================

[SUCCESS] All installed apps respect basic packaging practices

Puis aussi sur la page du Firewall j’ai l’écran suivant :

La section UPnP doit rester désactivée, correct ? (je n’y connais rien :innocent:)

Après quelques recherches voilà quelques informations complémentaires. Je pense que cela peut être utile pour d’autres qui comprendre le truc (j’avoue que je ne compreds pas comment cela fonctionne).

Alors j’ai lu la publication ici :

J’ai donc essayé même si je ne suis pas sûr que les serveurs DNS sont les mêmes chez moi… et voilà ce que j’obtiens (avec VPN stoppé) :

$ dig yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8

; <<>> DiG 9.16.42-Debian <<>> yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41457
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;yunohost.org.			IN	A

;; ANSWER SECTION:
yunohost.org.		2729	IN	A	80.67.172.144

;; Query time: 16 msec
;; SERVER: 89.234.141.66#53(89.234.141.66)
;; WHEN: Wed Jul 12 15:51:09 UTC 2023
;; MSG SIZE  rcvd: 57

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61325
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;et.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:51:09 UTC 2023
;; MSG SIZE  rcvd: 31

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 274
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dig.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:51:09 UTC 2023
;; MSG SIZE  rcvd: 32

;; connection timed out; no servers could be reached

Par contre en ayant le VPN activé, j’obtiens :

$ dig yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8

; <<>> DiG 9.16.42-Debian <<>> yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8
;; global options: +cmd
;; connection timed out; no servers could be reached

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;et.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:59:04 UTC 2023
;; MSG SIZE  rcvd: 31

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41658
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dig.				IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:59:04 UTC 2023
;; MSG SIZE  rcvd: 32

;; connection timed out; no servers could be reached

Ce qui est étrange, c’est que le service VPN est vert (quand il est ON) mais sur la page https://[IP_locale]/yunohost/admin/#/apps/vpnclient/main, on obtient :

Dois-je inclure des logs du service VPN ?
Quelle est l’IPv6 que l’on doit indiquer dans le fichier /etc/dnsmasq.dhcpd/dhcpdv6-ssid0.conf (si cela doit être modifié) ?

$ cat /etc/dnsmasq.dhcpd/dhcpdv6-ssid0.conf
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
dhcp-range=interface:wlx18a6f716086d,2a00:5881:8118:3400::,slaac,64,4h

# Send DHCPv6 option. Note [] around IPv6 addresses.
dhcp-option=option6:dns-server,

Est-ce qu’il est possible que mon fichier .cube soit incorrect ?

Pour information si cela peut être utile :

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

La liste sous Default app ne contient que “—” :

La section DNS donne :

La section Certificate donne :

J’ai quand même essayer d’installer le certificat car ça pouvait résoudre des cas dans ce que j’ai pu lire sur le forum mais j’obtiens l’erreur indiquée ici (“Challenge did not pass for [mon_domaine].nohost.me”) :

args:
  force: true
  no_checks: true
ended_at: 2023-07-12 15:45:02.611175
error: 'Certificate installation for maindomain.tld failed !

  Exception: Could not sign the new certificate'
interface: api
operation: letsencrypt_cert_install
parent: null
related_to:
- - domain
  - maindomain.tld
started_at: 2023-07-12 15:43:47.228909
success: false
yunohost_version: 11.1.22

============

2023-07-12 15:43:47,304: DEBUG - Making sure tmp folders exists...
2023-07-12 15:43:47,355: DEBUG - Fetching IP from https://ip.yunohost.org 
2023-07-12 15:44:17,408: DEBUG - Could not get public IPv4 : Failed to connect to https://ip.yunohost.org ... maybe the service is down, or you are not properly connected to the Internet in IPv4/IPv6.
2023-07-12 15:44:17,410: DEBUG - IP fetched: None
2023-07-12 15:44:17,454: DEBUG - Fetching IP from https://ip6.yunohost.org 
2023-07-12 15:44:17,908: DEBUG - IP fetched: xx:xx:xx:xx:xx:xx
2023-07-12 15:44:18,042: DEBUG - Executing command '['sh', '-c', '/bin/bash -x "./43-dnsmasq" pre \'\' \'\' /var/cache/yunohost/regenconf/pending/dnsmasq 7>&1']'
2023-07-12 15:44:18,112: DEBUG - + set -e
2023-07-12 15:44:18,118: DEBUG - + . /usr/share/yunohost/helpers
2023-07-12 15:44:18,129: DEBUG - +++ set +o
2023-07-12 15:44:18,139: DEBUG - +++ grep xtrace
2023-07-12 15:44:18,159: DEBUG - ++ readonly 'XTRACE_ENABLE=set -o xtrace'
2023-07-12 15:44:18,163: DEBUG - ++ XTRACE_ENABLE='set -o xtrace'
2023-07-12 15:44:18,401: DEBUG - + do_pre_regen /var/cache/yunohost/regenconf/pending/dnsmasq
2023-07-12 15:44:18,405: DEBUG - + pending_dir=/var/cache/yunohost/regenconf/pending/dnsmasq
2023-07-12 15:44:18,408: DEBUG - + cd /usr/share/yunohost/conf/dnsmasq
2023-07-12 15:44:18,412: DEBUG - + dnsmasq_dir=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d
2023-07-12 15:44:18,415: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d
2023-07-12 15:44:18,419: DEBUG - + etcdefault_dir=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/default
2023-07-12 15:44:18,423: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc/default
2023-07-12 15:44:18,431: DEBUG - + cp plain/etcdefault /var/cache/yunohost/regenconf/pending/dnsmasq/etc/default/dnsmasq
2023-07-12 15:44:18,447: DEBUG - + cat plain/resolv.dnsmasq.conf
2023-07-12 15:44:18,451: DEBUG - + shuf
2023-07-12 15:44:18,460: DEBUG - + grep '^nameserver'
2023-07-12 15:44:18,478: DEBUG - ++ curl --max-time 10 -s -4 https://ip.yunohost.org
2023-07-12 15:44:28,550: DEBUG - ++ true
2023-07-12 15:44:28,554: DEBUG - + ipv4=
2023-07-12 15:44:28,558: DEBUG - + ynh_validate_ip4 ''
2023-07-12 15:44:28,627: DEBUG - + ynh_validate_ip --family=4 --ip_address=
2023-07-12 15:44:28,868: DEBUG - + '[' 4 == 4 ']'
2023-07-12 15:44:28,871: DEBUG - + python3 /dev/stdin
2023-07-12 15:44:29,254: DEBUG - + ipv4=127.0.0.1
2023-07-12 15:44:29,258: DEBUG - ++ curl --max-time 10 -s -6 https://ip6.yunohost.org
2023-07-12 15:44:29,737: DEBUG - + ipv6=xx:xx:xx:xx:xx:xx
2023-07-12 15:44:29,740: DEBUG - + ynh_validate_ip6 xx:xx:xx:xx:xx:xx
2023-07-12 15:44:29,833: DEBUG - + ynh_validate_ip --family=6 --ip_address=xx:xx:xx:xx:xx:xx
2023-07-12 15:44:30,063: DEBUG - + '[' 6 == 4 ']'
2023-07-12 15:44:30,066: DEBUG - + '[' 6 == 6 ']'
2023-07-12 15:44:30,070: DEBUG - + python3 /dev/stdin
2023-07-12 15:44:30,609: DEBUG - ++ ip -j addr show
2023-07-12 15:44:30,614: DEBUG - ++ jq -r '[.[].ifname]|join(" ")'
2023-07-12 15:44:31,328: DEBUG - + interfaces='lo eth0 wlx18a6f716086d tun0'
2023-07-12 15:44:31,332: DEBUG - + wireless_interfaces=lo
2023-07-12 15:44:31,335: DEBUG - ++ ls /sys/class/net
2023-07-12 15:44:31,345: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,350: DEBUG - + '[' -d /sys/class/net/eth0/wireless ']'
2023-07-12 15:44:31,353: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,357: DEBUG - + '[' -d /sys/class/net/lo/wireless ']'
2023-07-12 15:44:31,360: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,364: DEBUG - + '[' -d /sys/class/net/tun0/wireless ']'
2023-07-12 15:44:31,369: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,372: DEBUG - + '[' -d /sys/class/net/wlx18a6f716086d/wireless ']'
2023-07-12 15:44:31,375: DEBUG - + grep -q up /sys/class/net/wlx18a6f716086d/operstate
2023-07-12 15:44:31,379: DEBUG - + wireless_interfaces+=' wlx18a6f716086d'
2023-07-12 15:44:31,384: DEBUG - + export wireless_interfaces
2023-07-12 15:44:31,387: DEBUG - + ynh_render_template dnsmasq.conf.tpl /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf
2023-07-12 15:44:31,391: DEBUG - + local template_path=dnsmasq.conf.tpl
2023-07-12 15:44:31,394: DEBUG - + local output_path=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf
2023-07-12 15:44:31,397: DEBUG - ++ dirname /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf
2023-07-12 15:44:31,401: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc
2023-07-12 15:44:31,404: DEBUG - + python3 -c 'import os, sys, jinja2; sys.stdout.write(
2023-07-12 15:44:31,407: DEBUG -                     jinja2.Template(sys.stdin.read()
2023-07-12 15:44:31,410: DEBUG -                     ).render(os.environ));'
2023-07-12 15:44:32,398: DEBUG - + export interfaces
2023-07-12 15:44:32,401: DEBUG - + export ipv4
2023-07-12 15:44:32,405: DEBUG - + export ipv6
2023-07-12 15:44:32,409: DEBUG - + for domain in $YNH_DOMAINS
2023-07-12 15:44:32,413: DEBUG - + [[ ! maindomain.tld =~ \.local$ ]]
2023-07-12 15:44:32,417: DEBUG - + export domain
2023-07-12 15:44:32,420: DEBUG - + ynh_render_template domain.tpl /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld
2023-07-12 15:44:32,424: DEBUG - + local template_path=domain.tpl
2023-07-12 15:44:32,428: DEBUG - + local output_path=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld
2023-07-12 15:44:32,432: DEBUG - ++ dirname /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld
2023-07-12 15:44:32,436: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d
2023-07-12 15:44:32,439: DEBUG - + python3 -c 'import os, sys, jinja2; sys.stdout.write(
2023-07-12 15:44:32,442: DEBUG -                     jinja2.Template(sys.stdin.read()
2023-07-12 15:44:32,446: DEBUG -                     ).render(os.environ));'
2023-07-12 15:44:33,397: DEBUG - ++ ls -1 /etc/dnsmasq.d
2023-07-12 15:44:33,404: DEBUG - ++ awk '/^[^\.]+\.[^\.]+.*$/ { print $1 }'
2023-07-12 15:44:33,429: DEBUG - + conf_files=maindomain.tld
2023-07-12 15:44:33,432: DEBUG - + for domain in $conf_files
2023-07-12 15:44:33,434: DEBUG - + [[ ! maindomain.tld =~ maindomain.tld ]]
2023-07-12 15:44:34,443: DEBUG - Checking pending configuration which would have been applied for category 'dnsmasq'...
2023-07-12 15:44:34,612: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf' to system conf '/etc/dnsmasq.conf'
2023-07-12 15:44:34,617: DEBUG - > system conf is already up-to-date
2023-07-12 15:44:34,619: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/resolv.dnsmasq.conf' to system conf '/etc/resolv.dnsmasq.conf'
2023-07-12 15:44:34,626: DEBUG - Configuration file '/etc/resolv.dnsmasq.conf' backed up to '/var/cache/yunohost/regenconf/backup/etc/resolv.dnsmasq.conf-20230712.154434'
2023-07-12 15:44:34,631: DEBUG - Configuration file '/etc/resolv.dnsmasq.conf' updated
2023-07-12 15:44:34,635: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld' to system conf '/etc/dnsmasq.d/maindomain.tld'
2023-07-12 15:44:34,640: DEBUG - > system conf is already up-to-date
2023-07-12 15:44:34,643: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/default/dnsmasq' to system conf '/etc/default/dnsmasq'
2023-07-12 15:44:34,648: DEBUG - > system conf is already up-to-date
2023-07-12 15:44:34,652: SUCCESS - Configuration updated for 'dnsmasq'
2023-07-12 15:44:34,660: DEBUG - updating conf hashes for 'dnsmasq' with: {'/etc/default/dnsmasq': 'ff5c2923b4d5e1e51ffd8d226c26fe2b', '/etc/dnsmasq.conf': 'b0656bea91d6cf92c0cfc7185c892e28', '/etc/dnsmasq.d/maindomain.tld': 'ee8ca89033c89ee42384aed3fe69312d', '/etc/resolv.dnsmasq.conf': 'e65f4880e18ca1bebf0b4027e41f6cf2'}
2023-07-12 15:44:34,968: DEBUG - Executing command '['sh', '-c', '/bin/bash -x "./43-dnsmasq" post \'\' \'\' /etc/resolv.dnsmasq.conf 7>&1']'
2023-07-12 15:44:35,011: DEBUG - + set -e
2023-07-12 15:44:35,016: DEBUG - + . /usr/share/yunohost/helpers
2023-07-12 15:44:35,020: DEBUG - +++ set +o
2023-07-12 15:44:35,024: DEBUG - +++ grep xtrace
2023-07-12 15:44:35,036: DEBUG - ++ readonly 'XTRACE_ENABLE=set -o xtrace'
2023-07-12 15:44:35,039: DEBUG - ++ XTRACE_ENABLE='set -o xtrace'
2023-07-12 15:44:35,212: DEBUG - + do_post_regen /etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,215: DEBUG - + regen_conf_files=/etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,218: DEBUG - + chown root /etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,224: DEBUG - + chmod 644 /etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,232: DEBUG - + grep -q -E '^ *(domain|search)' /run/resolvconf/resolv.conf
2023-07-12 15:44:35,247: DEBUG - ++ hostname -s
2023-07-12 15:44:35,254: DEBUG - + short_hostname=[mon_domaine]
2023-07-12 15:44:35,258: DEBUG - + grep -q '127.0.0.1.*[mon_domaine]' /etc/hosts
2023-07-12 15:44:35,268: DEBUG - + [[ -n /etc/resolv.dnsmasq.conf ]]
2023-07-12 15:44:35,271: DEBUG - + for SERVICE in systemd-resolved bind9
2023-07-12 15:44:35,275: DEBUG - + systemctl is-enabled systemd-resolved
2023-07-12 15:44:35,347: DEBUG - + systemctl is-active systemd-resolved
2023-07-12 15:44:35,409: DEBUG - + for SERVICE in systemd-resolved bind9
2023-07-12 15:44:35,412: DEBUG - + systemctl is-enabled bind9
2023-07-12 15:44:35,480: DEBUG - + systemctl is-active bind9
2023-07-12 15:44:35,520: DEBUG - + systemctl restart dnsmasq
2023-07-12 15:44:37,542: DEBUG - Full log of this operation: '<a href="#/tools/logs/20230712-154417-regen_conf-dnsmasq" style="text-decoration:underline">Regenerate system configurations 'dnsmasq'</a>'
2023-07-12 15:44:37,638: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2023-07-12 15:44:42,387: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/maindomain.tld.csr.
2023-07-12 15:44:42,392: DEBUG - Now using ACME Tiny to sign the certificate...
2023-07-12 15:44:42,394: INFO - Parsing account key...
2023-07-12 15:44:42,492: INFO - Parsing CSR...
2023-07-12 15:44:42,562: INFO - Found domains: muc.maindomain.tld, xmpp-upload.maindomain.tld, maindomain.tld
2023-07-12 15:44:42,567: INFO - Getting directory...
2023-07-12 15:44:43,154: INFO - Directory found!
2023-07-12 15:44:43,161: INFO - Registering account...
2023-07-12 15:44:44,378: INFO - Registered!
2023-07-12 15:44:44,385: INFO - Creating new order...
2023-07-12 15:44:45,715: INFO - Order created!
2023-07-12 15:44:47,207: INFO - Verifying maindomain.tld...
2023-07-12 15:45:02,599: ERROR - Challenge did not pass for maindomain.tld: {'identifier': {'type': 'dns', 'value': 'maindomain.tld'}, 'status': 'invalid', 'expires': '2023-07-19T15:44:45Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:connection', 'detail': '213.55.240.46: Fetching http://maindomain.tld/.well-known/acme-challenge/KzoIBZGd1PrQrh8v12zjsK-OfhGk-ixHSMgFZanEX3M: Timeout during connect (likely firewall problem)', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/244976007507/4s6Naw', 'token': 'KzoIBZGd1PrQrh8v12zjsK-OfhGk-ixHSMgFZanEX3M', 'validationRecord': [{'url': 'http://maindomain.tld/.well-known/acme-challenge/KzoIBZGd1PrQrh8v12zjsK-OfhGk-ixHSMgFZanEX3M', 'hostname': 'maindomain.tld', 'port': '80', 'addressesResolved': ['213.55.240.46'], 'addressUsed': '213.55.240.46'}], 'validated': '2023-07-12T15:44:48Z'}]}
2023-07-12 15:45:02,606: ERROR - Certificate installation for maindomain.tld failed !
Exception: Could not sign the new certificate

A plus

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.