Problem installing LetsEncrypt with CertBot on Yunohost

CodeBugging · July 24, 2022, 9:10am

READ ME AND USE THIS TEMPLATE IF YOU WANT TO GET HELP ! You may ask your question in english or french, whichever is easiest for you… But please use one of the templates provided below
LISEZ-MOI ET UTILISEZ CE MODÈLE DE TOPIC SI VOUS SOUHAITEZ OBTENIR DE L’AIDE ! Vous pouvez poser votre question en anglais ou français, selon ce qui est le plus simple pour vous… Mais de préférence en utilisant l’un des deux modèles fournis ci-dessous

/ Message template (english)

The “support” category is meant to ask for help or troubleshooting related to installing or using YunoHost or its applications. It is not to ask assistance on general system administration, network administration or special use cases that goes beyond the scope of the project. If you wish to discuss more advanced use case, please post in the “Advanced Use Case” category.

Before posting, please :

Look for similar issues on this forum using the error message.

If you did not already, consider searching / reading the administrator documentation

Take the time to say Hi and stay friendly, this is a forum and project 100% ran by volunteer human beings

My YunoHost server

Hardware: Raspberry Pi (0 at home)
YunoHost version: 4.3.6.3 (stable).
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes

Description of my issue

Hello to all. I have a Yunohost instance running on a Raspberry Zero. I have opened port 443 on my modem/router (Thomson TG585v8), but for the life of me, I cannot open port 80, no matter what I’ve tried.
Therefore, I have assigned port 1723 that was open in my modem/router on Yunohost server to listen.
Doing this, I can access Yunohost instance from outside local network through a noip port forwarding, but I cannot use the automated LetsEncrypt function, as port 80 is still closed.

In order to have my Yunohost server certified, I have tried doing so through using CertBot-LetsEncrypt on installation on terminal.
But I have stacked on the prompt asking “Input the webroot for xxxxx.nohost.me: (Enter ‘c’ to cancel):”
i have entered “/var/www/html” as webroot, but I got the following error, and CertBot stopped installing certificate.

Can anyone please help me solve this webroot input for my Yunohost domain, so CertBot can finish installing LetsEncrypt certificate?

Here are some error messages
`The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

charly · July 24, 2022, 10:11am

Hello,

That might drive you mad and upset (I’m sorry), but I believe there must be a way to open forward the port 80.

Can you try this ?

What happens when you try ? Any error message ?

See ya

CodeBugging · July 24, 2022, 10:38am

Hello @charly . I have tried what you have suggested numerous times on TG585v8. Nothing happens, port 80 still remains closed on www.yougetsignal.com.

I have my Yunohost server running on a RPI zero at ip 192.168.1.xx. On TG585v8 I choose this device (named yuno) with this static ip, instead off any unknown mac address the router prompts. I cannot use as it does nothing (page reload).
I cannot think off anything else to do , to have this 80 port opened on TG585v8 router, and I have tried this many years ago, and it worked, now it does not.

All I want is have the 80 port opened, for Yunohost server let me install LetsEncrypt, otherwise, I can access my server from outsite internet, as I have it listen to other open port, and I access it through noip hostname.

Do you have any other ideas, to solve this matter?

rungeard · July 24, 2022, 1:10pm

Did you try to force the cert generation with :

yunohost domain cert-install yourdomain.tld --no-checks

?

CodeBugging · July 24, 2022, 2:12pm

Yep. No go either. Terminal return error “Error: Certificate installation for xxxxx.nohost.me failed !”

Full log here

rungeard · July 24, 2022, 2:24pm

OK. And with :

yunohost domain cert-install yourdomain.tld --no-checks --force

?

CodeBugging · July 24, 2022, 5:32pm

Hello @rungeard. Still nothing comes completed. Here is the log.

rungeard · July 24, 2022, 7:40pm

And what if you add to /etc/hosts

127.0.0.1 yourdomain.tld
127.0.0.1 xmpp-upload.yourdomain.tld

before to execute

yunohost domain cert-install yourdomain.tld --no-checks

tituspijean · July 24, 2022, 7:56pm

@CodeBugging could it be that your router has a “remote admin” feature that uses port 80? Can you try disabling it?

CodeBugging · July 24, 2022, 8:12pm

@rungeard , I have modified hosts, as you said, but could not sign the certificate. See log here.

CodeBugging · July 24, 2022, 8:15pm

@tituspijean, i have tried disabling the remote admin from telnet, but I’m not 100% sure, it stays disabled. My router is Thomson TG585v8. Do you know any telnet commands, that can disable remote admin for good? Do you happen to know any telnet command to disable firewall on my router? Thank you in advance for your answer.

tituspijean · July 25, 2022, 7:06am

Unfortunately no.

Can you share screenshots of your configuration? (I’m guessing you are all doing it well, but who knows…)

Another option would be to try with another modem/router, if you have one on hand.

charly · July 27, 2022, 8:41am

I would suggest you to use an other routeur yeah.
Or, have you tried to reset this one ?

system · August 26, 2022, 8:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.