[Letsencrypt] Certificate update fails | Échec de màj du certificat

,

Hello,

I currently have a weird error when renewing my certificate.

Configuration

Hardware: x64 vps
Internet access: in a datacenter
YunoHost version: Latest available
Tweaks: I installed Knot and kept dnsmasq for localhost resolution only.


Problem

I have an unspecified error when running yunohost domain cert-renew --debug irc.fol.fr. I don’t know where to look for other logs / clues :confused:

Here is a log extract:

5719 INFO Verifying irc.fol.fr
6403 ERROR ''
6405 ERROR Certificate renewing for irc.fol.fr failed !
6406 INFO The operation ‘Renew ‘irc.fol.fr’ Let’s encrypt certificate’ has failed ! To get help, please share the full log of this operation using the command ‘yunohost log display 20190117-085241-letsencrypt_cert_renew-irc.fol.fr --share’
6408 ERROR Traceback (most recent call last):
File “/usr/lib/moulinette/yunohost/certificate.py”, line 392, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
File “/usr/lib/moulinette/yunohost/certificate.py”, line 578, in _fetch_and_enable_new_certificate
‘certmanager_cert_signing_failed’))
MoulinetteError: [Errno 22] Signing the new certificate failed

A full log from yunohost domain cert-install --force --debug irc.fol.fr is available here: https://paste.yunohost.org/raw/xupaziruyu

Vous pouvez aussi me répondre en français, l’anglais, c’est ocazou, même si pas beaucoup d’anglophones ici :slight_smile:

Bon. Problème de ma part :expressionless:
Je me suis souvenu que j’avais aussi modifié ma conf Nginx, avec (mais pas que) un beau rewrite [1] côté http:80. Chose que apparamment Letencrypt n’aime pas du tout… J’avais fait ça à la base parce que un accès sur http://irc.fol.fr ne redirigeait pas vers https://...

Du coup, sans, ça marche mieux ! Et la redirection fonctionne toujours :face_with_raised_eyebrow:


My bad, sorry for the inconvenience. I had a nice rewrite [1] on the http:80 site of my Nginx’s conf. It appears Letencrypt didn’t like it at all… I did this because an access to http://irc.fol.fr wasn’t redirecting to https://...

Without this redirection, the certificate renewal now works. And the redirection is still there… :face_with_raised_eyebrow:


[1] : rewrite ^ https://$server_name$request_uri? permanent;

2 Likes