Let's encrypt can't verify xmpp-upload.domain - installation of certificate fails

mroe · August 28, 2020, 12:29pm

Hi there

I’ve setup my YunoHost server yesterday for the first time. Now I’m not able to install the letsencrypt certificates: https://paste.yunohost.org/raw/iyateyuqik

The ports work as they should. I also set up the dns as recommended but I don’t have any IPv6 entries and the wildcard-A-entry was not permited by my dns-service. I’ve tested this with the self diagnosis tool.

My YunoHost server

Hardware: Raspberry PI 4 4GB
YunoHost version: 4.0.4
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Aleks · August 28, 2020, 1:10pm

Zblerg, not sure why this fails (the xmpp-upload part) if all the other stuff work …

Are you interested in the xmpp-upload feature ? Otherwise I guess a “simple” fix/workaround would be to not define / delete the DNS record for xmpp-upload, and yunohost will not attempt to integrate xmpp-upload inside the certificate … (Just be sure to wait ~1hour maybe after deleting the DNS record)

mroe · August 28, 2020, 2:49pm

Thank you for your reply. It still fails, it still lists both domains:
Found domains: xmpp-upload.domain, domain
the dns setting of xmpp-upload are deleted.

Aleks · August 28, 2020, 2:50pm

Ah yes you also need to re-run the diagnosis for DNS records maybe … in the Diagnosis section of the webadmin (it should find a warning about the xmpp-upload record but you can safely click Ignore for it)

mroe · August 28, 2020, 3:36pm

Ok, this worked. Thank you.

steakscience · August 31, 2020, 7:31am

@Aleks Hi I’m running into the same issue with the automatic domain (.nohost.me) so I don’t have any DNS access.

How should I fix this?

Aleks · August 31, 2020, 11:31am

I think I have an idea why this issue appears …

Can you try to edit a dnsmasq conf file with

nano /etc/dnsmasq.d/yourdomain.nohost.me

(replacin yourdomain.nohost.me with … your domain…)

that will enter a command line text editor where you should see on the first line something like

address=/yourdomain.tld/11.22.33.44

With 11.22.33.44 being your global IP

then let’s ~duplicate that line to have

address=/yourdomain.tld/11.22.33.44
address=/xmpp-upload.yourdomain.tld/11.22.33.44

Then save/exit with Ctrl+X, then run systemctl reload dnsmasq, and retry the certificate install

(Annnnd maybe you also need to do the same thing for the ipv6 address which is at the bottom of the file)

Aleks · August 31, 2020, 6:13pm

@steakscience : forget my previous post, this should be fixed in latest’s release 4.0.6

system · September 15, 2020, 6:13pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.