Letsencrypt certificates not renewing after upgrading yunohost from older version

craigvb · April 21, 2026, 8:30am

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.1.39
How are you able to access your server: The webadmin
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

lets encrypt certificates come up with a 500 error. I restored a previous backup of the server from a few versions ago, and certificates all work fine, ran the updates and again certificates don’t update so it’s something that happens between running an older version and updating to the newer version (previous version is about 5 months old).This happens with all domains, and auto renewals

Share relevant logs or error messages

https://paste.yunohost.org/raw/olorikekun

jarod5001 · April 21, 2026, 11:22am

Update from? To?

Did you run yunohost tools regen-conf -f after upgrade?

artlog · April 21, 2026, 1:05pm

Hi @craigvb

updating a little here what was discovered during our chat on matrix yunohost support channel.

this pull request added a timeout to urlopen by jvanasco · Pull Request #293 · diafygi/acme-tiny · GitHub is reposnsible for your issue, this was integrated in bookworm 12.1.38 and trixie 13.0.3.

Now there is a 5 seconds timeout whenever acme-tiny, which is the library used by yunhost to operate with letsencrypt, does a connection. Before there was just no timeout so process could stay hung perhaps indefinitely until connection breaks.

In your case this is a VPN slowness issue that we did confirm with

curl https://acme-v02.api.letsencrypt.org/directory --connect-timeout 5.0

in your case this did fail on timeout while it worked by raising it to 10.0 seconds

we managed to go further by editing the python file ( `/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py ) and changing timeout to a bigger one. I don’t copy this here to not mislead, patching code in live is a dangerous suggestion.

But another issue occured when trying to verify localy access the url of the proof for letsencrypt. this local verification can be bypassed with an option to disable check.

on command line it look like

yunohost domain cert renew domain.tld --no-checks

using --no-checks won’t conenct back to your http//domain.tld/ to check if it is available. this should pass this step.

I would advocate to try to fix this VPN issue anyway.

craigvb · April 22, 2026, 6:57pm

Thanks for that! Will try the no checks shortly

craigvb · April 22, 2026, 7:07pm

Is there maybe another piece of the command I need to add for letsencrypt? I got 2 errors, one saying it’s not about to expire use –force which I did, and then the 2nd was that the cert wasn’t issued by letsencrypt so can’t be automatically renewed (new domain so it’s never had a certificate on that one)

craigvb · April 25, 2026, 3:17am

Just to let you know that I’ve setup a new server, switched to a new vpn provider and yep, Letsencrypt certs are working with no changes to the default install now (WIN!). Also have copy/paste access on the server using SSH least there’s any problems in the future.

Thanks again for your help the other night, and your patience!