Let's Encrypt certificate won't install

hello! i am on raspberry pi 4 and yunohost 4.3.6. i can access my server just fine through webadmin and ssh and also directly. i have not made any tweaks. i’m not very experienced in this at all but don’t be afraid to use some technical terms with me.

i’m trying to get my site certified to get the spooky warning message to stop showing up but this error keeps showing up

args:
  force: false
  no_checks: false
  staging: false
ended_at: 2022-01-18 05:35:43.658295
error: 'Certificate installation for maindomain.tld failed !

  Exception: Could not sign the new certificate'
interface: api
operation: letsencrypt_cert_install
parent: null
related_to:
- - domain
  - maindomain.tld
started_at: 2022-01-18 05:35:23.829757
success: false
yunohost_version: 4.3.6

============

2022-01-18 05:35:23,863: DEBUG - Making sure tmp folders exists...
2022-01-18 05:35:23,900: DEBUG - Fetching IP from https://ip.yunohost.org 
2022-01-18 05:35:24,974: DEBUG - IP fetched: xx.xx.xx.xx
2022-01-18 05:35:25,017: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
2022-01-18 05:35:25,019: DEBUG - IP fetched: None
2022-01-18 05:35:25,022: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2022-01-18 05:35:40,410: DEBUG - Saving to /tmp/acme-challenge-private/maindomain.tld.csr.
2022-01-18 05:35:40,411: DEBUG - Now using ACME Tiny to sign the certificate...
2022-01-18 05:35:40,411: INFO - Parsing account key...
2022-01-18 05:35:40,437: INFO - Parsing CSR...
2022-01-18 05:35:40,463: INFO - Found domains: maindomain.tld, xmpp-upload.maindomain.tld
2022-01-18 05:35:40,465: INFO - Getting directory...
2022-01-18 05:35:40,647: INFO - Directory found!
2022-01-18 05:35:40,648: INFO - Registering account...
2022-01-18 05:35:41,052: INFO - Already registered!
2022-01-18 05:35:41,054: INFO - Creating new order...
2022-01-18 05:35:41,397: INFO - Order created!
2022-01-18 05:35:41,934: INFO - Verifying maindomain.tld...
2022-01-18 05:35:42,749: INFO - maindomain.tld verified!
2022-01-18 05:35:43,141: INFO - Verifying xmpp-upload.maindomain.tld...
2022-01-18 05:35:43,653: ERROR - string indices must be integers
2022-01-18 05:35:43,656: ERROR - Certificate installation for maindomain.tld failed !
Exception: Could not sign the new certificate

i’m hoping there will be a simple fix because i have spent all day with figuring out how to work this thing haha

What the diagnosis says about dns?
If there is something missing you should add it to the dns configuration. If you’re using a yunohost subdomain then you are OK.
You may have to add two lines to your hosts file:
sudo nano /etc/hosts
At the end of the file add these lines and replace “domain.com” with your domain name :

127.0.0.1 domain.com
127.0.0.1 xmpp-upload.domain.com

Retry certificate generation.
If you have tried certificate generation a lot of times and failing, you may have to wait some time since the attempts number is limited (I don’t remember how many or how long)

This looks like some python error happening in the code, maybe inside acme tiny :confused: It’s difficult to debug without any proper stacktrace but I don’t know how we could get one …

Yeah we can add some debugging but that’s gonna be a bit technical (but you said " but don’t be afraid to use some technical terms with me." :stuck_out_tongue_winking_eye: )

  • Open the certificate code with nano with : nano /usr/lib/moulinette/yunohost/certificate.py
  • Find line 547 : yunohost/certificate.py at dev · YunoHost/yunohost · GitHub
  • Add exc_info=1 such that the line looks like: logger.error(str(e), exc_info=1)
  • Rerun the certificate installation (from the command line, or after running “systemctl restart yunohost-api” to propagate the change to the webadmin)

thank you for the quick responses! this is my first time using nano and it feels really neat.

i use a yunohost domain but i tried your idea and a new error has appeared

args:
  force: false
  no_checks: false
  staging: false
ended_at: 2022-01-18 20:18:42.493719
error: 'Certificate installation for maindomain.tld failed !

  Exception: Could not sign the new certificate'
interface: api
operation: letsencrypt_cert_install
parent: null
related_to:
- - domain
  - maindomain.tld
started_at: 2022-01-18 20:18:16.421118
success: false
yunohost_version: 4.3.6

============

2022-01-18 20:18:16,446: DEBUG - Making sure tmp folders exists...
2022-01-18 20:18:16,470: DEBUG - Fetching IP from https://ip.yunohost.org 
2022-01-18 20:18:17,734: DEBUG - IP fetched: xx.xx.xx.xx
2022-01-18 20:18:17,765: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
2022-01-18 20:18:17,766: DEBUG - IP fetched: None
2022-01-18 20:18:17,769: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld...
2022-01-18 20:18:26,422: DEBUG - Saving to /tmp/acme-challenge-private/maindomain.tld.csr.
2022-01-18 20:18:26,423: DEBUG - Now using ACME Tiny to sign the certificate...
2022-01-18 20:18:26,424: INFO - Parsing account key...
2022-01-18 20:18:26,450: INFO - Parsing CSR...
2022-01-18 20:18:26,475: INFO - Found domains: xmpp-upload.maindomain.tld, maindomain.tld
2022-01-18 20:18:26,477: INFO - Getting directory...
2022-01-18 20:18:26,611: INFO - Directory found!
2022-01-18 20:18:26,612: INFO - Registering account...
2022-01-18 20:18:27,007: INFO - Already registered!
2022-01-18 20:18:27,009: INFO - Creating new order...
2022-01-18 20:18:27,370: INFO - Order created!
2022-01-18 20:18:27,804: INFO - Verifying maindomain.tld...
2022-01-18 20:18:28,758: INFO - maindomain.tld verified!
2022-01-18 20:18:29,245: INFO - Verifying xmpp-upload.maindomain.tld...
2022-01-18 20:18:42,490: ERROR - Challenge did not pass for xmpp-upload.maindomain.tld: {'identifier': {'type': 'dns', 'value': 'xmpp-upload.maindomain.tld'}, 'status': 'invalid', 'expires': '2022-01-25T02:24:40Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:connection', 'detail': 'Fetching http://xmpp-upload.maindomain.tld/.well-known/acme-challenge/swelnAMpzHs-8rjrepwDIpYVDK9pUBoLGRU4ixZ9aBM: Timeout during connect (likely firewall problem)', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/69371581200/mzr_yg', 'token': 'swelnAMpzHs-8rjrepwDIpYVDK9pUBoLGRU4ixZ9aBM', 'validationRecord': [{'url': 'http://xmpp-upload.maindomain.tld/.well-known/acme-challenge/swelnAMpzHs-8rjrepwDIpYVDK9pUBoLGRU4ixZ9aBM', 'hostname': 'xmpp-upload.maindomain.tld', 'port': '80', 'addressesResolved': ['xx.xx.xx.xx'], 'addressUsed': 'xx.xx.xx.xx'}], 'validated': '2022-01-18T20:18:29Z'}]}
2022-01-18 20:18:42,492: ERROR - Certificate installation for maindomain.tld failed !
Exception: Could not sign the new certificate

out of curiosity i tried using both your ideas. adding hosts seemed to change the error and i can’t seem to go back to having the string integer error. this may have become an issue of too many variables changed in hindsight. also at this point my server is no longer able to try for a certificate and it appears none of my ports are working and my network is unreachable according to diagnostics.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.