Installation neuve sur la brique internet non fonctionnelle

Après quelques recherches voilà quelques informations complémentaires. Je pense que cela peut être utile pour d’autres qui comprendre le truc (j’avoue que je ne compreds pas comment cela fonctionne).

Alors j’ai lu la publication ici :

J’ai donc essayé même si je ne suis pas sûr que les serveurs DNS sont les mêmes chez moi… et voilà ce que j’obtiens (avec VPN stoppé) :

$ dig yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8

; <<>> DiG 9.16.42-Debian <<>> yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41457
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;yunohost.org.			IN	A

;; ANSWER SECTION:
yunohost.org.		2729	IN	A	80.67.172.144

;; Query time: 16 msec
;; SERVER: 89.234.141.66#53(89.234.141.66)
;; WHEN: Wed Jul 12 15:51:09 UTC 2023
;; MSG SIZE  rcvd: 57

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61325
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;et.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:51:09 UTC 2023
;; MSG SIZE  rcvd: 31

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 274
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dig.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:51:09 UTC 2023
;; MSG SIZE  rcvd: 32

;; connection timed out; no servers could be reached

Par contre en ayant le VPN activé, j’obtiens :

$ dig yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8

; <<>> DiG 9.16.42-Debian <<>> yunohost.org @89.234.141.66 et dig yunohost.org @2001:913::8
;; global options: +cmd
;; connection timed out; no servers could be reached

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;et.				IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:59:04 UTC 2023
;; MSG SIZE  rcvd: 31

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41658
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dig.				IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 12 15:59:04 UTC 2023
;; MSG SIZE  rcvd: 32

;; connection timed out; no servers could be reached

Ce qui est étrange, c’est que le service VPN est vert (quand il est ON) mais sur la page https://[IP_locale]/yunohost/admin/#/apps/vpnclient/main, on obtient :

image1611×874 127 KB

Dois-je inclure des logs du service VPN ?
Quelle est l’IPv6 que l’on doit indiquer dans le fichier /etc/dnsmasq.dhcpd/dhcpdv6-ssid0.conf (si cela doit être modifié) ?

$ cat /etc/dnsmasq.dhcpd/dhcpdv6-ssid0.conf
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
dhcp-range=interface:wlx18a6f716086d,2a00:5881:8118:3400::,slaac,64,4h

# Send DHCPv6 option. Note [] around IPv6 addresses.
dhcp-option=option6:dns-server,

Est-ce qu’il est possible que mon fichier .cube soit incorrect ?

Pour information si cela peut être utile :

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

La liste sous Default app ne contient que “—” :

image1391×875 68.4 KB

La section DNS donne :

image1365×865 88.5 KB

La section Certificate donne :

image1403×690 69.7 KB

J’ai quand même essayer d’installer le certificat car ça pouvait résoudre des cas dans ce que j’ai pu lire sur le forum mais j’obtiens l’erreur indiquée ici (“Challenge did not pass for [mon_domaine].nohost.me”) :

args:
  force: true
  no_checks: true
ended_at: 2023-07-12 15:45:02.611175
error: 'Certificate installation for maindomain.tld failed !

  Exception: Could not sign the new certificate'
interface: api
operation: letsencrypt_cert_install
parent: null
related_to:
- - domain
  - maindomain.tld
started_at: 2023-07-12 15:43:47.228909
success: false
yunohost_version: 11.1.22

============

2023-07-12 15:43:47,304: DEBUG - Making sure tmp folders exists...
2023-07-12 15:43:47,355: DEBUG - Fetching IP from https://ip.yunohost.org 
2023-07-12 15:44:17,408: DEBUG - Could not get public IPv4 : Failed to connect to https://ip.yunohost.org ... maybe the service is down, or you are not properly connected to the Internet in IPv4/IPv6.
2023-07-12 15:44:17,410: DEBUG - IP fetched: None
2023-07-12 15:44:17,454: DEBUG - Fetching IP from https://ip6.yunohost.org 
2023-07-12 15:44:17,908: DEBUG - IP fetched: xx:xx:xx:xx:xx:xx
2023-07-12 15:44:18,042: DEBUG - Executing command '['sh', '-c', '/bin/bash -x "./43-dnsmasq" pre \'\' \'\' /var/cache/yunohost/regenconf/pending/dnsmasq 7>&1']'
2023-07-12 15:44:18,112: DEBUG - + set -e
2023-07-12 15:44:18,118: DEBUG - + . /usr/share/yunohost/helpers
2023-07-12 15:44:18,129: DEBUG - +++ set +o
2023-07-12 15:44:18,139: DEBUG - +++ grep xtrace
2023-07-12 15:44:18,159: DEBUG - ++ readonly 'XTRACE_ENABLE=set -o xtrace'
2023-07-12 15:44:18,163: DEBUG - ++ XTRACE_ENABLE='set -o xtrace'
2023-07-12 15:44:18,401: DEBUG - + do_pre_regen /var/cache/yunohost/regenconf/pending/dnsmasq
2023-07-12 15:44:18,405: DEBUG - + pending_dir=/var/cache/yunohost/regenconf/pending/dnsmasq
2023-07-12 15:44:18,408: DEBUG - + cd /usr/share/yunohost/conf/dnsmasq
2023-07-12 15:44:18,412: DEBUG - + dnsmasq_dir=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d
2023-07-12 15:44:18,415: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d
2023-07-12 15:44:18,419: DEBUG - + etcdefault_dir=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/default
2023-07-12 15:44:18,423: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc/default
2023-07-12 15:44:18,431: DEBUG - + cp plain/etcdefault /var/cache/yunohost/regenconf/pending/dnsmasq/etc/default/dnsmasq
2023-07-12 15:44:18,447: DEBUG - + cat plain/resolv.dnsmasq.conf
2023-07-12 15:44:18,451: DEBUG - + shuf
2023-07-12 15:44:18,460: DEBUG - + grep '^nameserver'
2023-07-12 15:44:18,478: DEBUG - ++ curl --max-time 10 -s -4 https://ip.yunohost.org
2023-07-12 15:44:28,550: DEBUG - ++ true
2023-07-12 15:44:28,554: DEBUG - + ipv4=
2023-07-12 15:44:28,558: DEBUG - + ynh_validate_ip4 ''
2023-07-12 15:44:28,627: DEBUG - + ynh_validate_ip --family=4 --ip_address=
2023-07-12 15:44:28,868: DEBUG - + '[' 4 == 4 ']'
2023-07-12 15:44:28,871: DEBUG - + python3 /dev/stdin
2023-07-12 15:44:29,254: DEBUG - + ipv4=127.0.0.1
2023-07-12 15:44:29,258: DEBUG - ++ curl --max-time 10 -s -6 https://ip6.yunohost.org
2023-07-12 15:44:29,737: DEBUG - + ipv6=xx:xx:xx:xx:xx:xx
2023-07-12 15:44:29,740: DEBUG - + ynh_validate_ip6 xx:xx:xx:xx:xx:xx
2023-07-12 15:44:29,833: DEBUG - + ynh_validate_ip --family=6 --ip_address=xx:xx:xx:xx:xx:xx
2023-07-12 15:44:30,063: DEBUG - + '[' 6 == 4 ']'
2023-07-12 15:44:30,066: DEBUG - + '[' 6 == 6 ']'
2023-07-12 15:44:30,070: DEBUG - + python3 /dev/stdin
2023-07-12 15:44:30,609: DEBUG - ++ ip -j addr show
2023-07-12 15:44:30,614: DEBUG - ++ jq -r '[.[].ifname]|join(" ")'
2023-07-12 15:44:31,328: DEBUG - + interfaces='lo eth0 wlx18a6f716086d tun0'
2023-07-12 15:44:31,332: DEBUG - + wireless_interfaces=lo
2023-07-12 15:44:31,335: DEBUG - ++ ls /sys/class/net
2023-07-12 15:44:31,345: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,350: DEBUG - + '[' -d /sys/class/net/eth0/wireless ']'
2023-07-12 15:44:31,353: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,357: DEBUG - + '[' -d /sys/class/net/lo/wireless ']'
2023-07-12 15:44:31,360: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,364: DEBUG - + '[' -d /sys/class/net/tun0/wireless ']'
2023-07-12 15:44:31,369: DEBUG - + for dev in $(ls /sys/class/net)
2023-07-12 15:44:31,372: DEBUG - + '[' -d /sys/class/net/wlx18a6f716086d/wireless ']'
2023-07-12 15:44:31,375: DEBUG - + grep -q up /sys/class/net/wlx18a6f716086d/operstate
2023-07-12 15:44:31,379: DEBUG - + wireless_interfaces+=' wlx18a6f716086d'
2023-07-12 15:44:31,384: DEBUG - + export wireless_interfaces
2023-07-12 15:44:31,387: DEBUG - + ynh_render_template dnsmasq.conf.tpl /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf
2023-07-12 15:44:31,391: DEBUG - + local template_path=dnsmasq.conf.tpl
2023-07-12 15:44:31,394: DEBUG - + local output_path=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf
2023-07-12 15:44:31,397: DEBUG - ++ dirname /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf
2023-07-12 15:44:31,401: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc
2023-07-12 15:44:31,404: DEBUG - + python3 -c 'import os, sys, jinja2; sys.stdout.write(
2023-07-12 15:44:31,407: DEBUG -                     jinja2.Template(sys.stdin.read()
2023-07-12 15:44:31,410: DEBUG -                     ).render(os.environ));'
2023-07-12 15:44:32,398: DEBUG - + export interfaces
2023-07-12 15:44:32,401: DEBUG - + export ipv4
2023-07-12 15:44:32,405: DEBUG - + export ipv6
2023-07-12 15:44:32,409: DEBUG - + for domain in $YNH_DOMAINS
2023-07-12 15:44:32,413: DEBUG - + [[ ! maindomain.tld =~ \.local$ ]]
2023-07-12 15:44:32,417: DEBUG - + export domain
2023-07-12 15:44:32,420: DEBUG - + ynh_render_template domain.tpl /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld
2023-07-12 15:44:32,424: DEBUG - + local template_path=domain.tpl
2023-07-12 15:44:32,428: DEBUG - + local output_path=/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld
2023-07-12 15:44:32,432: DEBUG - ++ dirname /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld
2023-07-12 15:44:32,436: DEBUG - + mkdir -p /var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d
2023-07-12 15:44:32,439: DEBUG - + python3 -c 'import os, sys, jinja2; sys.stdout.write(
2023-07-12 15:44:32,442: DEBUG -                     jinja2.Template(sys.stdin.read()
2023-07-12 15:44:32,446: DEBUG -                     ).render(os.environ));'
2023-07-12 15:44:33,397: DEBUG - ++ ls -1 /etc/dnsmasq.d
2023-07-12 15:44:33,404: DEBUG - ++ awk '/^[^\.]+\.[^\.]+.*$/ { print $1 }'
2023-07-12 15:44:33,429: DEBUG - + conf_files=maindomain.tld
2023-07-12 15:44:33,432: DEBUG - + for domain in $conf_files
2023-07-12 15:44:33,434: DEBUG - + [[ ! maindomain.tld =~ maindomain.tld ]]
2023-07-12 15:44:34,443: DEBUG - Checking pending configuration which would have been applied for category 'dnsmasq'...
2023-07-12 15:44:34,612: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.conf' to system conf '/etc/dnsmasq.conf'
2023-07-12 15:44:34,617: DEBUG - > system conf is already up-to-date
2023-07-12 15:44:34,619: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/resolv.dnsmasq.conf' to system conf '/etc/resolv.dnsmasq.conf'
2023-07-12 15:44:34,626: DEBUG - Configuration file '/etc/resolv.dnsmasq.conf' backed up to '/var/cache/yunohost/regenconf/backup/etc/resolv.dnsmasq.conf-20230712.154434'
2023-07-12 15:44:34,631: DEBUG - Configuration file '/etc/resolv.dnsmasq.conf' updated
2023-07-12 15:44:34,635: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/dnsmasq.d/maindomain.tld' to system conf '/etc/dnsmasq.d/maindomain.tld'
2023-07-12 15:44:34,640: DEBUG - > system conf is already up-to-date
2023-07-12 15:44:34,643: DEBUG - processing pending conf '/var/cache/yunohost/regenconf/pending/dnsmasq/etc/default/dnsmasq' to system conf '/etc/default/dnsmasq'
2023-07-12 15:44:34,648: DEBUG - > system conf is already up-to-date
2023-07-12 15:44:34,652: SUCCESS - Configuration updated for 'dnsmasq'
2023-07-12 15:44:34,660: DEBUG - updating conf hashes for 'dnsmasq' with: {'/etc/default/dnsmasq': 'ff5c2923b4d5e1e51ffd8d226c26fe2b', '/etc/dnsmasq.conf': 'b0656bea91d6cf92c0cfc7185c892e28', '/etc/dnsmasq.d/maindomain.tld': 'ee8ca89033c89ee42384aed3fe69312d', '/etc/resolv.dnsmasq.conf': 'e65f4880e18ca1bebf0b4027e41f6cf2'}
2023-07-12 15:44:34,968: DEBUG - Executing command '['sh', '-c', '/bin/bash -x "./43-dnsmasq" post \'\' \'\' /etc/resolv.dnsmasq.conf 7>&1']'
2023-07-12 15:44:35,011: DEBUG - + set -e
2023-07-12 15:44:35,016: DEBUG - + . /usr/share/yunohost/helpers
2023-07-12 15:44:35,020: DEBUG - +++ set +o
2023-07-12 15:44:35,024: DEBUG - +++ grep xtrace
2023-07-12 15:44:35,036: DEBUG - ++ readonly 'XTRACE_ENABLE=set -o xtrace'
2023-07-12 15:44:35,039: DEBUG - ++ XTRACE_ENABLE='set -o xtrace'
2023-07-12 15:44:35,212: DEBUG - + do_post_regen /etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,215: DEBUG - + regen_conf_files=/etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,218: DEBUG - + chown root /etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,224: DEBUG - + chmod 644 /etc/resolv.dnsmasq.conf
2023-07-12 15:44:35,232: DEBUG - + grep -q -E '^ *(domain|search)' /run/resolvconf/resolv.conf
2023-07-12 15:44:35,247: DEBUG - ++ hostname -s
2023-07-12 15:44:35,254: DEBUG - + short_hostname=[mon_domaine]
2023-07-12 15:44:35,258: DEBUG - + grep -q '127.0.0.1.*[mon_domaine]' /etc/hosts
2023-07-12 15:44:35,268: DEBUG - + [[ -n /etc/resolv.dnsmasq.conf ]]
2023-07-12 15:44:35,271: DEBUG - + for SERVICE in systemd-resolved bind9
2023-07-12 15:44:35,275: DEBUG - + systemctl is-enabled systemd-resolved
2023-07-12 15:44:35,347: DEBUG - + systemctl is-active systemd-resolved
2023-07-12 15:44:35,409: DEBUG - + for SERVICE in systemd-resolved bind9
2023-07-12 15:44:35,412: DEBUG - + systemctl is-enabled bind9
2023-07-12 15:44:35,480: DEBUG - + systemctl is-active bind9
2023-07-12 15:44:35,520: DEBUG - + systemctl restart dnsmasq
2023-07-12 15:44:37,542: DEBUG - Full log of this operation: '<a href="#/tools/logs/20230712-154417-regen_conf-dnsmasq" style="text-decoration:underline">Regenerate system configurations 'dnsmasq'</a>'
2023-07-12 15:44:37,638: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2023-07-12 15:44:42,387: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/maindomain.tld.csr.
2023-07-12 15:44:42,392: DEBUG - Now using ACME Tiny to sign the certificate...
2023-07-12 15:44:42,394: INFO - Parsing account key...
2023-07-12 15:44:42,492: INFO - Parsing CSR...
2023-07-12 15:44:42,562: INFO - Found domains: muc.maindomain.tld, xmpp-upload.maindomain.tld, maindomain.tld
2023-07-12 15:44:42,567: INFO - Getting directory...
2023-07-12 15:44:43,154: INFO - Directory found!
2023-07-12 15:44:43,161: INFO - Registering account...
2023-07-12 15:44:44,378: INFO - Registered!
2023-07-12 15:44:44,385: INFO - Creating new order...
2023-07-12 15:44:45,715: INFO - Order created!
2023-07-12 15:44:47,207: INFO - Verifying maindomain.tld...
2023-07-12 15:45:02,599: ERROR - Challenge did not pass for maindomain.tld: {'identifier': {'type': 'dns', 'value': 'maindomain.tld'}, 'status': 'invalid', 'expires': '2023-07-19T15:44:45Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:connection', 'detail': '213.55.240.46: Fetching http://maindomain.tld/.well-known/acme-challenge/KzoIBZGd1PrQrh8v12zjsK-OfhGk-ixHSMgFZanEX3M: Timeout during connect (likely firewall problem)', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/244976007507/4s6Naw', 'token': 'KzoIBZGd1PrQrh8v12zjsK-OfhGk-ixHSMgFZanEX3M', 'validationRecord': [{'url': 'http://maindomain.tld/.well-known/acme-challenge/KzoIBZGd1PrQrh8v12zjsK-OfhGk-ixHSMgFZanEX3M', 'hostname': 'maindomain.tld', 'port': '80', 'addressesResolved': ['213.55.240.46'], 'addressUsed': '213.55.240.46'}], 'validated': '2023-07-12T15:44:48Z'}]}
2023-07-12 15:45:02,606: ERROR - Certificate installation for maindomain.tld failed !
Exception: Could not sign the new certificate

A plus