Letsencrypt failure on Dynamic DNS

My YunoHost server

Hardware: Old laptop or computer x64
YunoHost version: 4.0.8 stable
I have access to my server : through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I installed a new instance of Yunohost. It is a home based system and I have a dynamic IP.
I purchased a domain name from namecheap and set my domain name to my dynamic IP with their guide. I’m using ddclient to set correct IP.
Everything works as expected but Let’sencrypt.

Diaonosis says;

Some DNS records are missing or incorrect for domain xxx.yyy (category basic)

    Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
    The following DNS record does not seem to follow the recommended configuration:
    Type: A
    Name: @
    Current value: [u'12.345.678.9', u'']
    Expected value: 12.345.678.9

12.345.678.9 ip is my dynamic IP, I think is from namecheap for redirecting pourpose.

Let'sencrypt says;
The DNS records for domain 'xxx.yyy' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)

My DNS records are A + Dynamic DNS Record (@ and *), there are no A record other these.

How can I solve this problem? If solution is, how can apply ‘use ‘–no-checks’ to turn off those checks’?

I don’t understand very well your setup. Maybe i don’t understand correctly how namecheap redirection works.

In general, dyndns domain update instantaneously the A record (like noho.st, nohost.me, ynh.fr).

It might work indeed.

Namecheap uses parkingpage.namecheap.com service and ddclient deamon on my PC. Or https://dynamicdns.park-your-domain.com/update?host=@&domain=domain.ltd&password=a7c38a3fdf864854bbe9a0c3c8782ce4&ip=12.345.678.9 via browser based setup.

Ok but it doesn’t explain why you have a round robin A (with 2 ips).

I think that’s your issue. You possibly need to delete the old ip ?

With this situation, sometime your server will be reachable sometime not, it depends of which ip will be choose in your round robin…

Ip’s shown in picture are mine and unique. ip is only reported in Yunohost diagnosis report. Whois record shows is belong to Namecheap. It isn’t my old IP.

PS: IP number I mentioned are not real IP numbers.


sudo yunohost domain cert-install --no-checks domain.ltd command 's failed following log.

description: Install a Let's Encrypt certificate on 'domain.ltd' domain
log_path: /var/log/yunohost/categories/operation/20201211-132637-letsencrypt_cert_install-domain.ltd.log
 - 2020-12-11 16:26:37,302: DEBUG - Making sure tmp folders exists...
 - 2020-12-11 16:26:37,338: DEBUG - Fetching IP from https://ip.yunohost.org 
 - 2020-12-11 16:26:37,974: DEBUG - IP fetched: 12.345.678.9
 - 2020-12-11 16:26:37,997: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
 - 2020-12-11 16:26:37,998: DEBUG - IP fetched: None
 - 2020-12-11 16:26:38,000: DEBUG - Prepare key and certificate signing request (CSR) for domain.ltd...
 - 2020-12-11 16:26:39,480: DEBUG - Saving to /tmp/acme-challenge-private/domain.ltd.csr.
 - 2020-12-11 16:26:39,481: DEBUG - Now using ACME Tiny to sign the certificate...
 - 2020-12-11 16:26:39,482: INFO - Parsing account key...
 - 2020-12-11 16:26:39,518: INFO - Parsing CSR...
 - 2020-12-11 16:26:39,554: INFO - Found domains: xmpp-upload.domain.ltd, domain.ltd
 - 2020-12-11 16:26:39,555: INFO - Getting directory...
 - 2020-12-11 16:26:40,539: INFO - Directory found!
 - 2020-12-11 16:26:40,540: INFO - Registering account...
 - 2020-12-11 16:26:42,515: INFO - Registered!
 - 2020-12-11 16:26:42,517: INFO - Creating new order...
 - 2020-12-11 16:26:44,461: INFO - Order created!
 - 2020-12-11 16:26:46,381: INFO - Verifying domain.ltd...
 - 2020-12-11 16:26:54,257: ERROR - Challenge did not pass for domain.ltd: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://domain.ltd/.well-known/acme-challenge/5SklJnpN7lPwx-GShovYQT4c8FCxBwXLdceWjlTSNsM', u'hostname': u'domain.ltd', u'addressUsed': u'12.345.678.9', u'port': u'80', u'addressesResolved': [u'12.345.678.9', u'']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/9228806187/B6op1w', u'token': u'5SklJnpN7lPwx-GShovYQT4c8FCxBwXLdceWjlTSNsM', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u'During secondary validation: Fetching https://domain.ltd/yunohost/sso/?r=aHR0cHM6Ly9jYXRhdi5jeW91Lw==: Connection refused'}, u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'domain.ltd'}, u'expires': u'2020-12-18T13:26:44Z'}
 - 2020-12-11 16:26:54,260: ERROR - Certificate installation for domain.ltd failed !
 - Exception: Could not sign the new certificate
   force: False
   no_checks: True
   staging: False
 ended_at: 2020-12-11 16:26:54
 error: Certificate installation for domain.ltd failed !
Exception: Could not sign the new certificate
 interface: False
 operation: letsencrypt_cert_install
   - domain
   - domain.ltd
 started_at: 2020-12-11 16:26:37
 success: False
metadata_path: /var/log/yunohost/categories/operation/20201211-132637-letsencrypt_cert_install-domain.ltd.yml
name: 20201211-132637-letsencrypt_cert_install-domain.ltd

Do dig A DOMAIN.tld and you will several ip are configured for your domain, that’s your issue.

curl ip.yunohost.org show that you have an ip 12.345.678.9 configured.

Which kind of internet provider, network setup have you ?

Solved, it is related a wrong URL redirect record.
Thanks for your attention.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.