Migrated via Rsync (Old Habit!) Can't Create Let's Encrypt Certs for New Domains

My YunoHost server

Hardware: VPS bought online
YunoHost version: 4.3.6.3
I have access to my server : Through SSH & through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no (except for migration via rsync)

Description of my issue

Adding new domains, won’t allow installation of Lets Encrypt SSL certs, even after the Domain is visible at the new address. When I ping the domain, I find the address of my new VPS.

Somewhere yunohost is tracking what it thinks the address should be. I can’t find where to update it. I can only imagine that this hidden internal record is what is tripping up the Lets Encrypt cert creation. It’s always been straight forward before.

I do note that the DNS records still recommend the old address, so I know that data is somewhere. I thought asking might be quicker than doing a global find on the old address.

There are no error messages, although DNS is updated the GUI acts like it is not and the [Install a Lets Encrypt certificate] button is disabled.

https://imgur.com/w3zsads.png

Here is a link of the logs from adding the domain. I don’t know that they are relevant, but I had no idea what other logs might be useful.

So as advised by the message you see in the GUI, what does the Diagnosis complains about in the Web and DNS records sections ?

I am rerunning Diagnostics now. What I recall was that it was not very useful. Essentially it was complaining that the IP address is not what it’s expecting, which is exactly the problem I am trying to fix here, hoping that updating those records will allow it to see that my new domain is in fact visible via DNS.

I will post the relevant Diagnostics results in a following reply, but they are as helpful as the logs shared above.

One Red Warning

This is a different message than before. These are domains that I are registered elsewhere, and I am doing the DNS elsewhere, and forgot to update them.

Is it possible the host itself was not seeing DNS updates, that I could see from my home location. I presumed the host itself would be using the authoritative nameservers that I was updating on the hosting platform, so I didn’t think to ping the domain from itself to see what the results were. (Edit: Actually, it sensibly, and presumably correctly, sees itself as local host when ping the main domain or the new subdoamin.)

The other DNS results are warnings! One of which is similar to the above, about a domain where the DNS is managed elsewhere.

And the second is just mistaken, except for the non-existence of a CAA record which my hosting provider does not give the option of using.

Some DNS records are missing or incorrect for domain semsifu.com (category basic)

Ignore Details

* Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
* The following DNS record does not seem to follow the recommended configuration:
Type: `A`
Name: `@`
Current value: `xxx.225.223.180`
Expected value: `63.250.xxx.154`
* The following DNS record does not seem to follow the recommended configuration:
Type: `AAAA`
Name: `@`
Current value: `2602:ff16:1:0:1:xxx:0:1`
Expected value: `2602:ff16:8:0:1:xxx:0:1`
* The following DNS record does not seem to follow the recommended configuration:
Type: `A`
Name: `leads`
Current value: `xxx.225.223.180`
Expected value: `63.250.xxx.154`
* The following DNS record does not seem to follow the recommended configuration:
Type: `AAAA`
Name: `leads`
Current value: `2602:ff16:1:0:1:xxx:0:1`
Expected value: `2602:ff16:8:0:1:xxx:0:1`

I guess this is still just a time based thing for DNS to change globally. Since I don’t know how the checking of what the local address should be is taking place, I’ll assume all is fine now, since I no longer have DNS Error vs Warning messages in my diagnostics. and I am now able to add Lets Encrypt certs as easy as before.

Sorry for my impatience!

This issue can be considered, CLOSED.

Interestingly Enough
The diagonstics are still showing that yunohost expects the old address. I think it must be stored somewhere. Where are the Expected values coming from? Anyone!

I received the following in email today.

=================================
DNS records (dnsrecords)

[ERROR] Some DNS records are missing or incorrect for domain semsifu.com (category basic)

  • Please check the documentation at DNS zone configuration | Yunohost Documentation if you need help about configuring DNS records.
  • The following DNS record does not seem to follow the recommended configuration:
    Type: A
    Name: @
    Current value: 63.250.xxx.154
    Expected value: xxx.225.223.180
  • The following DNS record does not seem to follow the recommended configuration:
    Type: AAAA
    Name: @
    Current value: 2602:ff16:8:0:1:xxx:0:1
    Expected value: 2602:ff16:1:0:1:xxx:0:1
  • The following DNS record does not seem to follow the recommended configuration:
    Type: A
    Name: leads
    Current value: 63.250.xxx.154
    Expected value: xxx.225.223.180
  • The following DNS record does not seem to follow the recommended configuration:
    Type: AAAA
    Name: leads
    Current value: 2602:ff16:8:0:1:xxx:0:1
    Expected value: 2602:ff16:1:0:1:xxx:0:1

To get it’s public ip, yunohost relies on 2 services hosted by Yunohost team : ip.yunohost.org and (I think and can not test due to lack on ipv6) ipv6.yunohost.org
You can try on your server via ssh to test the answear you get : curl ip.yunohost.org
And check if it is the right ip or the old one

TY! That explains a lot! So, it was lagging DNS updates after all.
And, I even know from where.

I appreciate it!
:man_bowing:t5: