Hello,
Let’s explain all of what happened, so you won’t miss any puzzle pieces.
I already ad Let’s Encrypt signed certificates. But when I had to renew them, I tried something else by using YunoHost solution. So for any of my (sub)domains, I removed my letsencrypt.conf file in /etc/nginx/conf.d/mydomain.tld.d/ and I generated a self-signed certificate, then a LE-signed one.
When I finished doing this manipulation for any of my subdomains, it came to my principal domain. At first, it became complecated because HSTS didn’t appreciate the manipulation. I comented the associated line in nginx, restarted nginx, and then had to use Midori instead of Firefox which didn’t want to know anything about the new certificate.
So I was able to go to my /yunohost/admin page, and… YunoHost told me that my domain wasn’t ready to install a LE certificate.
Searching on the forum, I found the solution of using the --no-check option in cli, so I did it and everything went fine. I reactivated HSTS and my install was complete.
Except that since I did that, Metronome can’t join anyone. In my client (Profanity), I can see these messages, for instance :
Error from dev@conference.yunohost.org: Server-to-server connection failed: DNS resolution failed
and in /var/log/metronome/metronome.log, I got this :
Mar 18 11:13:37 s2sout1803f0 info Out of connection options, can't connect to conference.yunohost.org Mar 18 11:13:37 s2sout1803f0 info sending error replies for 1 queued stanzas because of failed outgoing connection to conference.yunohost.org
I’m getting the same for every contact, but sometimes, one of them is finally shown connected. This is logged like this :
Mar 18 13:08:12 mydomain.tld:sasl_s2s info Accepting SASL EXTERNAL identity from [CONTACT'S DOMAIN] Mar 18 13:08:12 s2sin403390 info incoming s2s connection [CONTACT'S DOMAIN] -> mydomain.tld complete
But if I try to communicate, this happens :
Mar 18 13:14:46 s2sout70f1c0 info Out of connection options, can't connect to [CONTACT'S DOMAIN] Mar 18 13:14:46 s2sout70f1c0 info sending error replies for 1 queued stanzas because of failed outgoing connection to [CONTACT'S DOMAIN]
I thought it was all about LE certs, so I did this, based on the old manipulation you had to do with LE when it wasn’t integrated to YNH :
$ chown root:metronome /etc/yunohost/certs/ $ chmod g+rx /etc/yunohost/certs/
So I looked at the forum, and I found something about a line to delete resolv-file=
in /etc/dnsmasq.d/domain.tld. I did it, for every (sub)domains, but it didn’t get anything fixed, even after I restarted both dnsmasq and metronome.
I’m totally stuck, can you save me ?