Hardware: VPS bought online / Old laptop or computer / Raspberry Pi (specify version, 0 to 4) at home / Internet Cube with VPN / Other ARM board / …
REMOTE VPS
YunoHost version: 11.2.11.3 (stable). I have access to my server : Through SSH | through the webadmin | Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
it looks like my let’s encrypt certificate has expired a few days ago and for some unknown reason cannot be renewed automatically or manually.
this is the output i get when i try to renew the certificate manually:
Now attempting renewing of certificate for domain herde.nohost.me !
Parsing account key...
Parsing CSR...
Found domains: xmpp-upload.herde.nohost.me, muc.herde.nohost.me, herde.nohost.me
Getting directory...
Error getting directory:
Url: https://acme-v02.api.letsencrypt.org/directory
Data: None
Response Code: None
Response:
Certificate renewing for herde.nohost.me failed!
**Der Vorgang konnte nicht abgeschlossen werden 'Erneuern des Let's Encrypt-Zeritifikates von 'herde.nohost.me''. Bitte gib das vollständige Protokoll dieser Operation mit [Klicken Sie hier](https://herde.nohost.me/yunohost/admin/#/tools/logs/20240813-161842-letsencrypt_cert_renew-herde.nohost.me) an, um Hilfe zu erhalten**
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 502, in _fetch_and_enable_new_certificate
signed_certificate = sign_certificate(
File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 165, in get_crt
directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 76, in _do_request
raise ValueError(
ValueError: Error getting directory:
Url: https://acme-v02.api.letsencrypt.org/directory
Data: None
Response Code: None
Response:
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 390, in certificate_renew
_fetch_and_enable_new_certificate(domain, no_checks=no_checks)
File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 515, in _fetch_and_enable_new_certificate
raise YunohostError("certmanager_cert_signing_failed")
yunohost.utils.error.YunohostError: Das neue Zertifikat konnte nicht signiert werden
Das neue Zertifikat konnte nicht signiert werden
OK
Mokay, what happens if you try to manually run curl https://acme-v02.api.letsencrypt.org/directory >/dev/null on your server … does it display some kind of error ?
Actually, it looks more likely to be a network issue as i cannot ping any machines except from localhost and the own nohost.me entry dedicated to this server.
Strange thing is, that no changes have been made during the last 30 days or so and i cannot figure out where this behaviour might come from.
also, i cannot run any system updates because of the machine being unable to resolve the dns entries properly.
So, diagnosis told me that the /etc/resolv.conf file was empty. i guess that it was empty before as like i mentioned, i haven’t changed anything for quite a while on this particular system. However, after adding two public dns servers to the resolv.conf file, i was able to renew the certificate.
Now, diagnosis shows that dnsmask service is not running or not running properly. will look into this later, but the origin for this topic seems to be solved for now.