Problem installing LetsEncrypt with CertBot on Yunohost

  • READ ME AND USE THIS TEMPLATE IF YOU WANT TO GET HELP ! You may ask your question in english or french, whichever is easiest for you… But please use one of the templates provided below :wink:
  • LISEZ-MOI ET UTILISEZ CE MODÈLE DE TOPIC SI VOUS SOUHAITEZ OBTENIR DE L’AIDE ! Vous pouvez poser votre question en anglais ou français, selon ce qui est le plus simple pour vous… Mais de préférence en utilisant l’un des deux modèles fournis ci-dessous :wink:

:uk:/:us: Message template (english)

The “support” category is meant to ask for help or troubleshooting related to installing or using YunoHost or its applications. It is not to ask assistance on general system administration, network administration or special use cases that goes beyond the scope of the project. If you wish to discuss more advanced use case, please post in the “Advanced Use Case” category.

Before posting, please :

My YunoHost server

Hardware: Raspberry Pi (0 at home)
YunoHost version: 4.3.6.3 (stable).
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes

Description of my issue

Hello to all. I have a Yunohost instance running on a Raspberry Zero. I have opened port 443 on my modem/router (Thomson TG585v8), but for the life of me, I cannot open port 80, no matter what I’ve tried.
Therefore, I have assigned port 1723 that was open in my modem/router on Yunohost server to listen.
Doing this, I can access Yunohost instance from outside local network through a noip port forwarding, but I cannot use the automated LetsEncrypt function, as port 80 is still closed.

In order to have my Yunohost server certified, I have tried doing so through using CertBot-LetsEncrypt on installation on terminal.
But I have stacked on the prompt asking “Input the webroot for xxxxx.nohost.me: (Enter ‘c’ to cancel):”
i have entered “/var/www/html” as webroot, but I got the following error, and CertBot stopped installing certificate.

Can anyone please help me solve this webroot input for my Yunohost domain, so CertBot can finish installing LetsEncrypt certificate?

Here are some error messages
`The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Hello,

That might drive you mad and upset (I’m sorry), but I believe there must be a way to open forward the port 80.

Can you try this ?

What happens when you try ? Any error message ?

See ya

Hello @charly . I have tried what you have suggested numerous times on TG585v8. Nothing happens, port 80 still remains closed on www.yougetsignal.com.

I have my Yunohost server running on a RPI zero at ip 192.168.1.xx. On TG585v8 I choose this device (named yuno) with this static ip, instead off any unknown mac address the router prompts. I cannot use as it does nothing (page reload).
I cannot think off anything else to do , to have this 80 port opened on TG585v8 router, and I have tried this many years ago, and it worked, now it does not.

All I want is have the 80 port opened, for Yunohost server let me install LetsEncrypt, otherwise, I can access my server from outsite internet, as I have it listen to other open port, and I access it through noip hostname.

Do you have any other ideas, to solve this matter?

Did you try to force the cert generation with :

yunohost domain cert-install yourdomain.tld --no-checks

?

Yep. No go either. Terminal return error “Error: Certificate installation for xxxxx.nohost.me failed !”

Full log here

OK. And with :

yunohost domain cert-install yourdomain.tld --no-checks --force

?

Hello @rungeard. Still nothing comes completed. Here is the log.

And what if you add to /etc/hosts

127.0.0.1 yourdomain.tld
127.0.0.1 xmpp-upload.yourdomain.tld

before to execute

yunohost domain cert-install yourdomain.tld --no-checks

@CodeBugging could it be that your router has a “remote admin” feature that uses port 80? Can you try disabling it?

@rungeard , I have modified hosts, as you said, but could not sign the certificate. See log here.

@tituspijean, i have tried disabling the remote admin from telnet, but I’m not 100% sure, it stays disabled. My router is Thomson TG585v8. Do you know any telnet commands, that can disable remote admin for good? Do you happen to know any telnet command to disable firewall on my router? Thank you in advance for your answer.

Unfortunately no. :confused:

Can you share screenshots of your configuration? (I’m guessing you are all doing it well, but who knows…)

Another option would be to try with another modem/router, if you have one on hand.

I would suggest you to use an other routeur yeah.
Or, have you tried to reset this one ?