Letsencrypt failure on Dynamic DNS

My YunoHost server

Hardware: Old laptop or computer x64
YunoHost version: 4.0.8 stable
I have access to my server : through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I installed a new instance of Yunohost. It is a home based system and I have a dynamic IP.
I purchased a domain name from namecheap and set my domain name to my dynamic IP with their guide. I’m using ddclient to set correct IP.
Everything works as expected but Let’sencrypt.

Diaonosis says;

Some DNS records are missing or incorrect for domain xxx.yyy (category basic)

    Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
    The following DNS record does not seem to follow the recommended configuration:
    Type: A
    Name: @
    Current value: [u'12.345.678.9', u'12.55.11.10']
    Expected value: 12.345.678.9

12.345.678.9 ip is my dynamic IP, I think 12.55.11.10 is from namecheap for redirecting pourpose.

Let'sencrypt says;
The DNS records for domain 'xxx.yyy' is different from this server's IP. Please check the 'DNS records' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to turn off those checks.)

My DNS records are A + Dynamic DNS Record (@ and *), there are no A record other these.

How can I solve this problem? If solution is, how can apply ‘use ‘–no-checks’ to turn off those checks’?
Thanks.

I don’t understand very well your setup. Maybe i don’t understand correctly how namecheap redirection works.

In general, dyndns domain update instantaneously the A record (like noho.st, nohost.me, ynh.fr).

It might work indeed.

Hi,
Namecheap uses parkingpage.namecheap.com service and ddclient deamon on my PC. Or https://dynamicdns.park-your-domain.com/update?host=@&domain=domain.ltd&password=a7c38a3fdf864854bbe9a0c3c8782ce4&ip=12.345.678.9 via browser based setup.

namecheap1106×682 62.2 KB

Ok but it doesn’t explain why you have a round robin A (with 2 ips).

I think that’s your issue. You possibly need to delete the old ip 12.55.11.10 ?

With this situation, sometime your server will be reachable sometime not, it depends of which ip will be choose in your round robin…

Hi,
Ip’s shown in picture are mine and unique. 12.55.11.10 ip is only reported in Yunohost diagnosis report. Whois record shows 12.55.11.10 is belong to Namecheap. It isn’t my old IP.

PS: IP number I mentioned are not real IP numbers.

Hi,

sudo yunohost domain cert-install --no-checks domain.ltd command 's failed following log.

description: Install a Let's Encrypt certificate on 'domain.ltd' domain
log_path: /var/log/yunohost/categories/operation/20201211-132637-letsencrypt_cert_install-domain.ltd.log
logs: 
 - 2020-12-11 16:26:37,302: DEBUG - Making sure tmp folders exists...
 - 2020-12-11 16:26:37,338: DEBUG - Fetching IP from https://ip.yunohost.org 
 - 2020-12-11 16:26:37,974: DEBUG - IP fetched: 12.345.678.9
 - 2020-12-11 16:26:37,997: DEBUG - No default route for IPv6, so assuming there's no IP address for that version
 - 2020-12-11 16:26:37,998: DEBUG - IP fetched: None
 - 2020-12-11 16:26:38,000: DEBUG - Prepare key and certificate signing request (CSR) for domain.ltd...
 - 2020-12-11 16:26:39,480: DEBUG - Saving to /tmp/acme-challenge-private/domain.ltd.csr.
 - 2020-12-11 16:26:39,481: DEBUG - Now using ACME Tiny to sign the certificate...
 - 2020-12-11 16:26:39,482: INFO - Parsing account key...
 - 2020-12-11 16:26:39,518: INFO - Parsing CSR...
 - 2020-12-11 16:26:39,554: INFO - Found domains: xmpp-upload.domain.ltd, domain.ltd
 - 2020-12-11 16:26:39,555: INFO - Getting directory...
 - 2020-12-11 16:26:40,539: INFO - Directory found!
 - 2020-12-11 16:26:40,540: INFO - Registering account...
 - 2020-12-11 16:26:42,515: INFO - Registered!
 - 2020-12-11 16:26:42,517: INFO - Creating new order...
 - 2020-12-11 16:26:44,461: INFO - Order created!
 - 2020-12-11 16:26:46,381: INFO - Verifying domain.ltd...
 - 2020-12-11 16:26:54,257: ERROR - Challenge did not pass for domain.ltd: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://domain.ltd/.well-known/acme-challenge/5SklJnpN7lPwx-GShovYQT4c8FCxBwXLdceWjlTSNsM', u'hostname': u'domain.ltd', u'addressUsed': u'12.345.678.9', u'port': u'80', u'addressesResolved': [u'12.345.678.9', u'12.55.11.10']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/9228806187/B6op1w', u'token': u'5SklJnpN7lPwx-GShovYQT4c8FCxBwXLdceWjlTSNsM', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:connection', u'detail': u'During secondary validation: Fetching https://domain.ltd/yunohost/sso/?r=aHR0cHM6Ly9jYXRhdi5jeW91Lw==: Connection refused'}, u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'domain.ltd'}, u'expires': u'2020-12-18T13:26:44Z'}
 - 2020-12-11 16:26:54,260: ERROR - Certificate installation for domain.ltd failed !
 - Exception: Could not sign the new certificate
metadata: 
 args: 
   force: False
   no_checks: True
   staging: False
 ended_at: 2020-12-11 16:26:54
 error: Certificate installation for domain.ltd failed !
Exception: Could not sign the new certificate
 interface: False
 operation: letsencrypt_cert_install
 related_to: 
   - domain
   - domain.ltd
 started_at: 2020-12-11 16:26:37
 success: False
 yunohost_version: 4.0.8.3
metadata_path: /var/log/yunohost/categories/operation/20201211-132637-letsencrypt_cert_install-domain.ltd.yml
name: 20201211-132637-letsencrypt_cert_install-domain.ltd

Do dig A DOMAIN.tld and you will several ip are configured for your domain, that’s your issue.

curl ip.yunohost.org show that you have an ip 12.345.678.9 configured.

Which kind of internet provider, network setup have you ?

Hi,
Solved, it is related a wrong URL redirect record.
Thanks for your attention.
Regards.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.