Problem while adding a Let's Encrypt certificate

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 3.6.5.3
**I have access to my server : direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no, it’s freshly installed

Description of my issue

Hi all,

I’m getting a problem every time I try to add a letsencrypt certificate to one of my yunohost domains. For example, if I try to do this:

yunohost domain cert-install mail.fediverso.net

I get the following:

Warning: Timed out when server tried to contact itself through HTTP using public IP address (domain mail.fediverso.net with ip 170.253.58.254). You may be experiencing hairpinning issue or the firewall/router ahead of your server is misconfigured.

Info: Now attempting install of certificate for domain mail.fediverso.net!

Warning: Timed out when server tried to contact itself through HTTP using public IP address (domain mail.fediverso.net with ip XXX.XXX.XXX.XXX). You may be experiencing hairpinning issue or the firewall/router ahead of your server is misconfigured.

Warning: Debug information:

  • domain ip from DNS XXX.XXX.XXX.XXX
  • domain ip from local DNS XXX.XXX.XXX.XXX
  • public ip of the server XXX.XXX.XXX.XXX

Error: Certificate installation for mail.fediverso.net failed !
Exception: It seems that the domain mail.fediverso.net cannot be accessed through HTTP. Please check your DNS and nginx configuration is okay

Bonjour,
As-tu essayé avec l’option --no-checks ?
Bon week-end !
Traduction anglaise avec deepl.com
Hello,
Have you tried the --no-checks option?
Have a good weekend!

Hi, thanks for the reply.

Yes, I have tried that and it does seem to install the certificate. But I’d still like to know why the problem happens, rather than merely sidestepping it.

Hi,

You are most likely facing hairpinning issue, as stated in the error message.

If your router does not allow hairpinning, when your server tries to check that mail.fediverso.net points to its ip address (through DNS), the connection will fail. It is because your router does not handle requests to its external ip address from within its internal network. Some routers allow some local DNS rules, see this documentation page.

Thank you very much, I’ll check the documentation page and see what I can do about it :slight_smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.