Let's Encrypt fails to renew my certificate

What type of hardware are you using: Old laptop or computer
What YunoHost version are you running: 12.0.17
How are you able to access your server: SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

Let’s encrypt certificate renew failed. Here is the error:
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 529, in _fetch_and_enable_new_certificate
raise YunohostError(“certmanager_cert_signing_failed”)
yunohost.utils.error.YunohostError: Could not sign the new certificate

Error: Could not sign the new certificate
Error: Let’s Encrypt certificate renew failed for shinevar.nohost.me

Share relevant logs or error messages

File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 529, in _fetch_and_enable_new_certificate
raise YunohostError(“certmanager_cert_signing_failed”)
yunohost.utils.error.YunohostError: Could not sign the new certificate

Error: Could not sign the new certificate
Error: Let’s Encrypt certificate renew failed for shinevar.nohost.me

yunohost domain cert renew not working

Hello @ralphshinevar
Did you try this:

sudo yunohost tools regen-conf nginx
sudo systemctl restart nginx

Hi otm33,

Ran those two nginx commands, then tried to renew cert again. Got these errors:

Info: Verifying shinevar.nohost.me…
Error: Wrote file to /var/www/.well-known/acme-challenge-public/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU, but couldn’t download http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU: Error:
Url: http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
Error: Certificate renewing for shinevar.nohost.me failed!
Info: The operation ‘Renew ‘shinevar.nohost.me’ Let’s Encrypt certificate’ could not be completed. Please share the full log of this operation using the command ‘yunohost log share 20250717-170059-letsencrypt_cert_renew-shinevar.nohost.me’ to get help
Error: Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py”, line 226, in get_crt
assert disable_check or _do_request(wellknown_url)[0] == keyauthorization
^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py”, line 88, in _do_request
raise ValueError(
ValueError: Error:
Url: http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 516, in _fetch_and_enable_new_certificate
signed_certificate = sign_certificate(
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py”, line 228, in get_crt
raise ValueError(
ValueError: Wrote file to /var/www/.well-known/acme-challenge-public/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU, but couldn’t download http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU: Error:
Url: http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 404, in certificate_renew
_fetch_and_enable_new_certificate(domain, no_checks=no_checks)
File “/usr/lib/python3/dist-packages/yunohost/certificate.py”, line 529, in _fetch_and_enable_new_certificate
raise YunohostError(“certmanager_cert_signing_failed”)
yunohost.utils.error.YunohostError: Could not sign the new certificate

Error: Could not sign the new certificate
Error: Let’s Encrypt certificate renew failed for shinevar.nohost.me

Any error in the diagnosis or in nginx error log ?

And can you reach http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU ?

And can you share yunohost log share 20250717-170059-letsencrypt_cert_renew-shinevar.nohost.me?

Cannot reach the URL. http://shinevar.nohost.me/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU

Nginx Error Logs:

2025/07/17 11:47:19 [error] 219943#219943: *14502 open() "/usr/share/yunohost/portal/customassets/shinevar.nohost.me.custom.css" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "GET /yunohost/sso/customassets/custom.css HTTP/2.0", host: "shinevar.nohost.me", referrer: "https://shinevar.nohost.me/yunohost/sso/?r=aHR0cHM6Ly9zaGluZXZhci5ub2hvc3QubWUvY2xpZmZ2ZW5pZXI="
2025/07/17 11:52:09 [error] 219940#219940: *14505 open() "/var/www/.well-known/acme-challenge-public/test" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "HEAD /.well-known/acme-challenge/test HTTP/1.1", host: "shinevar.nohost.me"
2025/07/17 11:53:31 [error] 219940#219940: *14506 open() "/var/www/.well-known/acme-challenge-public/test" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "HEAD /.well-known/acme-challenge/test HTTP/1.1", host: "shinevar.nohost.me"
2025/07/17 11:57:27 [error] 219940#219940: *14508 open() "/var/www/.well-known/acme-challenge-public/test" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "GET /.well-known/acme-challenge/test HTTP/1.1", host: "shinevar.nohost.me"
2025/07/17 11:57:36 [error] 219940#219940: *14509 open() "/var/www/.well-known/acme-challenge-public/test" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "GET /.well-known/acme-challenge/test HTTP/1.1", host: "shinevar.nohost.me"
2025/07/17 12:09:30 [error] 417637#417637: *30 open() "/var/www/.well-known/acme-challenge-public/test" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "GET /.well-known/acme-challenge/test HTTP/1.1", host: "shinevar.nohost.me"
2025/07/17 12:12:41 [error] 417635#417635: *34 open() "/usr/share/yunohost/portal/customassets/shinevar.nohost.me.custom.css" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "GET /yunohost/sso/customassets/custom.css HTTP/2.0", host: "shinevar.nohost.me", referrer: "https://shinevar.nohost.me/yunohost/sso/?r=aHR0cHM6Ly9zaGluZXZhci5ub2hvc3QubWUvY2xpZmZ2ZW5pZXI="
2025/07/17 12:22:37 [error] 417637#417637: *74 open() "/usr/share/nginx/html/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU" failed (2: No such file or directory), client: 3.85.242.152, server: shinevar.nohost.me, request: "GET /.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU HTTP/2.0", host: "shinevar.nohost.me"
2025/07/17 12:22:44 [error] 417637#417637: *74 open() "/usr/share/yunohost/portal/customassets/shinevar.nohost.me.custom.css" failed (2: No such file or directory), client: 3.85.242.152, server: shinevar.nohost.me, request: "GET /yunohost/sso/customassets/custom.css HTTP/2.0", host: "shinevar.nohost.me", referrer: "https://shinevar.nohost.me/yunohost/sso/?r=aHR0cHM6Ly9zaGluZXZhci5ub2hvc3QubWUvY2xpZmZ2ZW5pZXI="
2025/07/17 12:23:57 [error] 417637#417637: *77 open() "/var/www/.well-known/acme-challenge-public/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU:" failed (2: No such file or directory), client: 90.127.130.143, server: shinevar.nohost.me, request: "GET /.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU: HTTP/1.1", host: "shinevar.nohost.me"

https://paste.yunohost.org/raw/culusivuma:

args:
email: false
force: false
no_checks: false
ended_at: 2025-07-17 17:03:10.358478
error: Certificate renewing for maindomain.tld failed!
interface: cli
operation: letsencrypt_cert_renew
parent: null
related_to:

• • domain
  • maindomain.tld
    started_at: 2025-07-17 17:00:59.057172
    success: false
    yunohost_version: 12.0.17

============

2025-07-17 12:00:59,060: DEBUG - Making sure tmp folders exists…
2025-07-17 12:00:59,060: DEBUG - Reusing IPv4 from cache: xx.xx.xx.xx
2025-07-17 12:00:59,061: DEBUG - Reusing IPv6 from cache: None
2025-07-17 12:00:59,061: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tld…
2025-07-17 12:00:59,654: DEBUG - Saving to /var/www/.well-known/acme-challenge-private/maindomain.tld.csr.
2025-07-17 12:00:59,655: DEBUG - Now using ACME Tiny to sign the certificate…
2025-07-17 12:00:59,655: INFO - Parsing account key…
2025-07-17 12:00:59,660: INFO - Parsing CSR…
2025-07-17 12:00:59,665: INFO - Found domains: maindomain.tld
2025-07-17 12:00:59,665: INFO - Getting directory…
2025-07-17 12:00:59,880: INFO - Directory found!
2025-07-17 12:00:59,881: INFO - Registering account…
2025-07-17 12:01:00,253: INFO - Already registered!
2025-07-17 12:01:00,253: INFO - Creating new order…
2025-07-17 12:01:00,746: INFO - Order created!
2025-07-17 12:01:01,129: INFO - Verifying maindomain.tld…
2025-07-17 12:03:10,354: ERROR - Wrote file to /var/www/.well-known/acme-challenge-public/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU, but couldn’t download http://maindomain.tld/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU: Error:
Url: http://maindomain.tld/.well-known/acme-challenge/Wi-jeyjhGw0R9KbcnUh6_xCDlVVr3ezy6NkS5DlgshU
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
2025-07-17 12:03:10,358: ERROR - Certificate renewing for maindomain.tld failed!

I can reach it so it seems to be a connectivity issue. Did you run yunohost diagnosis? What does it return ?

Try adding

127.0.0.1 yourdomain.nohost.me

In /etc/hosts file (replace yourdomain.nohost.me with your own domain) then retry.

Updated /etc/hosts file with my domain name. It worked!!! Thanks Jarod5001!!!