Plus d'accès à mon domaine

Bonjour,

alors qu’hier tout fonctionnait, ce matin, et sans avoir touché à quoi que ce soit, je n’ai plus accès à mon domaine donc à mes services sur Yunohost.

L’interface graphique du tableau de bord de yunohost est ok, le ssh aussi, tous les services marchent.
Le certificat Let’s encrypt aussi. J’utilise un vpn franciliens.

Quand j’essaye d’accéder à, par exemple, ma gallerie de photos, mon cloud ou autre j’ai :

dans chromium:

Your connection is not private
Attackers might be trying to steal your information from abordes.ynh.fr (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
abordes.ynh.fr normally uses encryption to protect your information. When Chromium tried to connect to abordes.ynh.fr this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be abordes.ynh.fr, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.

You cannot visit abordes.ynh.fr right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

Et dans la barre d’adresse je n’ai plus le https (il apparaît en rouge, barré) : https://abordes.ynh.fr/gallerie/?dir=Photos+Chine+Vladislav+Mikosha+彩色中国+1949+1950

si j’utilise firefox :

The owner of abordes.ynh.fr has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

abordes.ynh.fr uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
The certificate is only valid for livebox

Error code: SEC_ERROR_UNKNOWN_ISSUER

edit :

A tout hasard, j’ai essayé de renouveler le certificat Let’s encrypt et j’ai ce message :

[Errno 22] The DNS ‘A’ record for domain abordes.ynh.fr is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)

Traceback (most recent call last): File “/usr/lib/moulinette/yunohost/certificate.py”, line 384, in certificate_renew _check_domain_is_ready_for_ACME(domain) File “/usr/lib/moulinette/yunohost/certificate.py”, line 829, in _check_domain_is_ready_for_ACME ‘certmanager_domain_dns_ip_differs_from_public_ip’, domain=domain)) MoulinetteError: [Errno 22] The DNS ‘A’ record for domain abordes.ynh.fr is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)

Certificate renewing for abordes.ynh.fr failed !

Merci des conseils.

Que se passe-t-il si tu fais un yunohost dyndns update --debug ?

Il se passe :

root@abordes:~# yunohost dyndns update --debug
586  DEBUG loading actions map namespace 'yunohost'
668  DEBUG extra parameter classes loaded: ['ask', 'password', 'required', 'pattern']
668  DEBUG initializing base actions map parser for cli
673  DEBUG registering new callback action 'yunohost.utils.packages.ynh_packages_version' to ['-v', '--version']
971  DEBUG lock has been acquired
1197 DEBUG loading python module yunohost.dyndns took 0.225s
1198 INFO processing action [9902.1]: yunohost.dyndns.update with args={'domain': None, 'key': None, 'dyn_host': 'dyndns.yunohost.org', 'ipv4': None, 'ipv6': None}
3652 DEBUG Starting new HTTPS connection (1): ip.yunohost.org
4046 DEBUG https://ip.yunohost.org:443 "GET / HTTP/1.1" 200 14
4061 DEBUG Starting new HTTPS connection (1): ip6.yunohost.org
4064 DEBUG Could not get public IPv6 : [Errno 52] Invalid url https://ip6.yunohost.org (does this site exists ?)
4065 DEBUG Old IPv4/v6 are (79.143.250.120, None)
4066 DEBUG Requested IPv4/v6 are (79.143.250.120, None)
4066 INFO No updated needed.
4067 DEBUG action [9902.1] executed in 2.868s
4068 DEBUG lock has been released

Fais un :

rm /etc/yunohost/dyndns/old_ip

puis refais

yunohost dyndns update --debug

2 Likes

root@abordes:~# rm /etc/yunohost/dyndns/old_ip
root@abordes:~# yunohost dyndns update --debug
497 DEBUG loading actions map namespace ‘yunohost’
579 DEBUG extra parameter classes loaded: [‘ask’, ‘password’, ‘required’, ‘pattern’]
580 DEBUG initializing base actions map parser for cli
584 DEBUG registering new callback action ‘yunohost.utils.packages.ynh_packages_version’ to [’-v’, ‘–version’]
882 DEBUG lock has been acquired
1085 DEBUG loading python module yunohost.dyndns took 0.202s
1086 INFO processing action [10086.1]: yunohost.dyndns.update with args={‘domain’: None, ‘key’: None, ‘dyn_host’: ‘dyndns.yunohost.org’, ‘ipv4’: None, ‘ipv6’: None}
3535 DEBUG Starting new HTTPS connection (1): ip.yunohost.org
3881 DEBUG https://ip.yunohost.org:443 “GET / HTTP/1.1” 200 14
3897 DEBUG Starting new HTTPS connection (1): ip6.yunohost.org
3950 DEBUG Could not get public IPv6 : [Errno 52] Invalid url https://ip6.yunohost.org (does this site exists ?)
3950 DEBUG Old IPv4/v6 are (None, None)
3951 DEBUG Requested IPv4/v6 are (79.143.250.120, None)
3952 INFO Updated needed, going on…
3953 DEBUG Checking if domain abordes.ynh.fr is available on dyndns.yunohost.org
3959 DEBUG Starting new HTTPS connection (1): dyndns.yunohost.org
4448 DEBUG https://dyndns.yunohost.org:443 “GET /test/abordes.ynh.fr HTTP/1.1” 409 51
4466 DEBUG Building zone update file …
4477 DEBUG Starting new HTTPS connection (1): ip.yunohost.org
4835 DEBUG https://ip.yunohost.org:443 “GET / HTTP/1.1” 200 14
4850 DEBUG Starting new HTTPS connection (1): ip6.yunohost.org
4853 DEBUG Could not get public IPv6 : [Errno 52] Invalid url https://ip6.yunohost.org (does this site exists ?)
4922 DEBUG Now pushing new conf to DynDNS host…
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;ynh.fr. IN SOA

;; UPDATE SECTION:
_xmpp-client._tcp.abordes.ynh.fr. 0 ANY ANY
_xmpp-server._tcp.abordes.ynh.fr. 0 ANY ANY
muc.abordes.ynh.fr. 0 ANY ANY
pubsub.abordes.ynh.fr. 0 ANY ANY
vjud.abordes.ynh.fr. 0 ANY ANY
abordes.ynh.fr. 0 ANY ANY
abordes.ynh.fr. 0 ANY ANY
mail._domainkey.abordes.ynh.fr. 0 ANY ANY
_dmarc.abordes.ynh.fr. 0 ANY ANY
abordes.ynh.fr. 0 ANY ANY
*.abordes.ynh.fr. 0 ANY ANY
_xmpp-client._tcp.abordes.ynh.fr. 3600 IN SRV 0 5 5222 abordes.ynh.fr.
_xmpp-server._tcp.abordes.ynh.fr. 3600 IN SRV 0 5 5269 abordes.ynh.fr.
muc.abordes.ynh.fr. 3600 IN CNAME abordes.ynh.fr.
pubsub.abordes.ynh.fr. 3600 IN CNAME abordes.ynh.fr.
vjud.abordes.ynh.fr. 3600 IN CNAME abordes.ynh.fr.
abordes.ynh.fr. 3600 IN MX 10 abordes.ynh.fr.
abordes.ynh.fr. 3600 IN TXT “v=spf1 a mx ip4:79.143.250.120 -all”
mail._domainkey.abordes.ynh.fr. 3600 IN TXT “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsVXHFTwk6/fmeiKuaHKseUsd1M4MD6gKiZN2mTDkxUOifs5RPQ8x9BSHUGpbBeirjQNbqoRPTRE+BBpA/52SHOUy9ty07zEwRuoyiYH1FzprdRcHW7MuX59mCCKxmNSLfV1mCYvESP7Tnf+qLh7QQ3vOWYsUqU1OroQx9A5AVwwIDAQAB”
_dmarc.abordes.ynh.fr. 3600 IN TXT “v=DMARC1; p=none”
abordes.ynh.fr. 3600 IN A 79.143.250.120
*.abordes.ynh.fr. 3600 IN A 79.143.250.120

5226 SUCCESS Your IP address has been updated on DynDNS
5228 DEBUG action [10086.1] executed in 4.141s
5228 DEBUG lock has been released

Maintenant il suffit normalement d’attendre ~1h max que la propagation DNS fasse son job. Ou alors que tu effaces ton cache DNS (ou bien par exemple tu peux tenter de te connecter depuis une autre machine)

2 Likes

d’accord, j’attends. Merci.

Merci Aleks pour ton aide ! C’est bon maintenant.

Idem ici… si ça peut aider à dire que tu n’es pas tout seul dans ce cas aujourd’hui !
La solution de Aleks a résolut le souci dans la foulée :wink:

Merci

1 Like

J’ai fait une réponse ici Plus d’accès à mes services

1 Like