Hardware: Old laptop or computer YunoHost version: 11.1.2.2 (testing) I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Description of my issue
I can’t renew my “let’s encrypt” certificate.
When I launch :
sudo yunohost domain cert-renew mondomain.fr
I get an error :
Wrote file to /tmp/acme-challenge-public/DMCeuEw10tD-jmuh81Sa2XwlqvuZ3q2LBUeT8HuZbUU, but couldn't download http://muc.mondomain.fr/.well-known/acme-challenge/DMCeuEw10tD-jmuh81Sa2XwlqvuZ3q2LBUeT8HuZbUU: Error:
Url: http://muc.mondomain.fr/.well-known/acme-challenge/DMCeuEw10tD-jmuh81Sa2XwlqvuZ3q2LBUeT8HuZbUU
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>
Erreur : Certificate renewing for mondomain.fr failed!
Matériel: Vieil ordinateur Version de YunoHost: 11.1.2.2 (testing) J’ai accès à mon serveur : En SSH | Par la webadmin | En direct avec un clavier/écran | …
Description du problème
Je ne parviens pas à renouveler mon certificat “let’s encrypt”.
Quand je lance :
sudo yunohost domain cert-renew mondomain.fr
J’ai l’erreur :
Wrote file to /tmp/acme-challenge-public/DMCeuEw10tD-jmuh81Sa2XwlqvuZ3q2LBUeT8HuZbUU, but couldn't download http://muc.mondomain.fr/.well-known/acme-challenge/DMCeuEw10tD-jmuh81Sa2XwlqvuZ3q2LBUeT8HuZbUU: Error:
Url: http://muc.mondomain.fr/.well-known/acme-challenge/DMCeuEw10tD-jmuh81Sa2XwlqvuZ3q2LBUeT8HuZbUU
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>
Erreur : Certificate renewing for mondomain.fr failed!
Sur le serveur Yunohost, je n’ai pas touché à la configuration nginx par défaut. J’avais activé la configuration automatique du DNS OVH, mais je ne pense pas que ça change la config du serveur web.
Serait-ce ma box orange qui bloque un truc ?
J’ai bien routé les ports.
Mais elle n’intervient pas dans la résolution de nom …
like @Cyril from what I understand from his latest posts.
Hopefully, Certificate Manager <certmanager@domain.tld> sent a mail to root, that I’m sharing it here : hastebin .
It looks like the certificate manager generates a file (/tmp/acme-challenge-public/7ZLfLy_PFrrlvaclfS7O56fX_ZDeenp357BVUo8h-aQ) that still exists on my server but that could not be downloaded afterwards through http://muc.domain.tld/.well-known/acme-challenge/7ZLfLy_PFrrlvaclfS7O56fX_ZDeenp357BVUo8h-aQ, leading to the certification failure.
There is no HTTP response code in the logs, but I suspect some 401, because when I try to fetch to HTTP file now, it redirects me to the Yunohost admin panel. As this problem seems to happen after the latest SSOwat update, I guess it’s a matter of permissions ?
can you try to grep -nr muc.yourdomain.tld /etc/nginx ? It should display the position of the line (which may not be there, and would be symptomatic of a manually modified conf file)
Alternatively you can try disabling XMPP for this domain in the webadmin, Domains > yourdomain.tld > Features > disable xmpp
I disabled XMPP for this domain and was also able to renew my certificate.
Great!
I’m getting an error about metronome.service failing, this seems logical as it is the IM server. But is it supposed to try to start?
Mise à jour du panneau ‘feature’ de configuration du domaine ‘lalinne.fr’
Saving the new configuration...
La configuration a été mise à jour pour 'metronome'
La configuration a été mise à jour pour 'nginx'
Job for metronome.service failed because the control process exited with error code.
See "systemctl status metronome.service" and "journalctl -xe" for details.
Échec de l`exécution du script : '/usr/share/yunohost/hooks/conf_regen/12-metronome'
Config updated as expected
I run grep -nr muc.yourdomain.tld /etc/nginx with and without the XMPP service and I get something strange :
With XMPP activated, it returns nothing.
Without XMPP enabled, it returns : /etc/nginx/conf.d/domain.fr.conf:9: server_name domain.fr xmpp-upload.domain.fr muc.domain.fr;