Hey
So far I have had a very smooth experience with yunohost, only now I cannot figure out what is going on.
As I had screwed up my email configurations beyond repair and was too naive to have backups yet, I today decided to completely scrap my VPS running yunohost and start anew from a fresh debian and yunohost install, keeping the public IP.
I did not change the existing DNS records, as they still match the recommended settings after the reinstall.
This has mostly worked and email is back up and running, but I am having trouble registering the LetsEncrypt certificate for my domain name:
in the webinterface the process will just remain in an infinite loading state, on the yunohost-cli the output of yunohost domain cert-install DOMAINNAME
will produce the error below.
As the internals of LetsEncrypt and the cert-install command are unclear to me, I was hoping that someone could tell whether I am overlooking something that will confuse LetsEncrypt when re-using my domain name on the fresh install or similar.
Detailed behavior of the cert-install command:
$yunohost domain cert-install DOMAINNAME
returns:
Info: Now attempting install of certificate for domain DOMAINNAME!
Info: Parsing account key...
Info: Parsing CSR...
Info: Registering account...
and here it will remain for about than half an hour and then produce the following error:
Error: Error registering: 400 {
"type": "urn:acme:error:badNonce",
"detail": "JWS has invalid anti-replay nonce IjJGVUPwQUrw_zNLjpuHSRcNk7qTUnPgANQHoT5W14s",
"status": 400
}
Warning: Debug information:
- domain ip from DNS [public IP of the VPS]
- domain ip from local DNS [public IP of the VPS]
- public ip of the server [public IP of the VPS]
Warning: Debug information:
- domain ip from DNS [public IP of the VPS]
- domain ip from local DNS [public IP of the VPS]
- public ip of the server [public IP of the VPS]
Error: Certificate installation for DOMAINNAME failed !
Exception: Signing the new certificate failed
Info: The operation 'Install Let's encrypt certificate on 'DOMAINNAME' domain' has failed! To get help, please share the full log of this operation using the command 'yunohost log display 20190224-154935-letsencrypt_cert_install-DOMAINNAME --share'
The logs mentiond above are as follows:
description: Install Let's encrypt certificate on 'DOMAINNAME' domain
log_path: /var/log/yunohost/categories/operation/20190224-154935-letsencrypt_cert_install-DOMAINNAME.log
logs:
- 2019-02-24 15:49:35,555: DEBUG - Nginx configuration file for ACME challenge already exists for domain, skipping.
- 2019-02-24 15:49:35,555: DEBUG - Making sure tmp folders exists...
- 2019-02-24 15:50:05,674: DEBUG - Could not get public IPv6 : Invalid url https://ip6.yunohost.org (does this site exists?)
- 2019-02-24 15:50:05,675: DEBUG - Prepare key and certificate signing request (CSR) for DOMAINNAME...
- 2019-02-24 15:50:06,255: DEBUG - Saving to /tmp/acme-challenge-private/DOMAINNAME.csr.
- 2019-02-24 15:50:06,256: DEBUG - Now using ACME Tiny to sign the certificate...
- 2019-02-24 15:50:06,256: INFO - Parsing account key...
- 2019-02-24 15:50:06,273: INFO - Parsing CSR...
- 2019-02-24 15:50:06,291: INFO - Registering account...
- 2019-02-24 16:03:13,285: ERROR - Error registering: 400 {
- "type": "urn:acme:error:badNonce",
- "detail": "JWS has invalid anti-replay nonce IjJGVUPwQUrw_zNLjpuHSRcNk7qTUnPgANQHoT5W14s",
- "status": 400
- }
- 2019-02-24 16:03:13,483: WARNING - Debug information:
- - domain ip from DNS [public IP of the VPS]
- - domain ip from local DNS [public IP of the VPS]
- - public ip of the server [public IP of the VPS]
-
- 2019-02-24 16:03:13,587: WARNING - Debug information:
- - domain ip from DNS [public IP of the VPS]
- - domain ip from local DNS [public IP of the VPS]
- - public ip of the server [public IP of the VPS]
-
- 2019-02-24 16:03:13,588: ERROR - Certificate installation for DOMAINNAME failed !
- Exception: Signing the new certificate failed
metadata:
args:
force: False
no_checks: False
staging: False
ended_at: 2019-02-24 16:03:13
error: Certificate installation for DOMAINNAME failed !
Exception: Signing the new certificate failed
operation: letsencrypt_cert_install
related_to:
- domain
- DOMAINNAME
started_at: 2019-02-24 15:49:35
success: False
metadata_path: /var/log/yunohost/categories/operation/20190224-154935-letsencrypt_cert_install-DOMAINNAME.yml
name: 20190224-154935-letsencrypt_cert_install-DOMAINNAME
I would be extremely glad for any thoughts, hints, and insights.
Thank you very much!