No Let’s encrypt certificate for folatt-duniter.nohost.me

folaht · November 11, 2017, 5:24pm

Deja-vu.

Yet again my certificate is self-signed.

admin@Xroklaus:~ $ sudo yunohost domain cert-status
certificates: 
  duniter-folatt.nohost.me: 
    CA_type: Self-signed
    summary: WARNING
    validity: 3649

This is what happens when I try to install a certificate:

admin@Xroklaus:~ $ sudo yunohost domain cert-install
Success! The configuration has been updated for service 'dnsmasq'
Error: duniter-folatt.nohost.me challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'83.163.103.119', u'2001:983:8610:1:653f:a26b:37d6:a707'], u'url': u'https://duniter-folatt.nohost.me/yunohost/admin', u'hostname': u'duniter-folatt.nohost.me', u'addressesTried': [], u'addressUsed': u'83.163.103.119', u'port': u'443'}, {u'addressesResolved': [u'83.163.103.119', u'2001:983:8610:1:653f:a26b:37d6:a707'], u'url': u'https://duniter-folatt.nohost.me/yunohost/admin/', u'hostname': u'duniter-folatt.nohost.me', u'addressesTried': [], u'addressUsed': u'83.163.103.119', u'port': u'443'}, {u'addressesResolved': [u'83.163.103.119', u'2001:983:8610:1:653f:a26b:37d6:a707'], u'url': u'http://duniter-folatt.nohost.me/.well-known/acme-challenge/K2UzodH-sbsjaDXJLcFl107N4OnqY22epyt3lkQSKEo', u'hostname': u'duniter-folatt.nohost.me', u'addressesTried': [u'2001:983:8610:1:653f:a26b:37d6:a707'], u'addressUsed': u'83.163.103.119', u'port': u'80'}], u'keyAuthorization': u'K2UzodH-sbsjaDXJLcFl107N4OnqY22epyt3lkQSKEo.iOLOa5f8Y4tkilQZdaGwjuR-4QKDCKrU-Ql0849H5dI', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/qBulWOjDT774zXODpPfxLQQ59i0wRPvMHJF0kgxDxDk/2444663601', u'token': u'K2UzodH-sbsjaDXJLcFl107N4OnqY22epyt3lkQSKEo', u'error': {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Invalid response from http://duniter-folatt.nohost.me/.well-known/acme-challenge/K2UzodH-sbsjaDXJLcFl107N4OnqY22epyt3lkQSKEo: "<!DOCTYPE html>\n<html lang="en">\n<head>\n    <meta charset="utf-8">\n    <title>YunoHost admin</title>\n    <meta http-equiv="cache"'}, u'type': u'http-01'}
Error: Certificate installation for duniter-folatt.nohost.me failed !
Exception: [Errno 22] Signing the new certificate failed

/etc/hosts

127.0.0.1       localhost folatt-duniter.nohost.me
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       Xroklaus

Aleks · November 11, 2017, 5:37pm

Sounds like your /etc/hosts is incorrect because there’s a . instead of - in the domain name.

But that shouldnt be the issue anyway.

Can you confirm that you can correcly access your server via the domain from outside your local network ?

Also there are some known issue with some apps that are installed at root level (e.g. directly https://your.domain.tld/) which ‘blocks’ the Lets’Encrypt / ACME interaction…

folaht · November 11, 2017, 5:49pm

I can connect to my domain.

[update]

Correction, the domain leads to Server A, while Duniter is running on Server B.

[update #2]

I have uninstalled Duniter. I still recieve the same error.

[update #3]

The port forwarding is the problem.