Renouvellement certificat let's encrypt

olitask · December 6, 2019, 10:35am

Bonjour.
J’aurais besoin de vos lumières …

Matériel: Raspberry Pi à la maison avec VPN /
Version de YunoHost: dignostique ici : https://paste.yunohost.org/dafudejaha
J’ai accès à mon serveur : En SSH | Par la webadmin
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non /

renouvellement certificat let’s encrypt qui ne se fait pas .

j’ai desactivé mon vpn et lancé la mise à jour de let’sencrpt ( dabord dans la console webadmin puis en ssh)
sudo yunohost domain cert-install olitask.changeip.com --force

c’est un problème récurent tous les 90 jours

https://paste.yunohost.org/raw/waqemipezi

admin@olitask:/home $ sudo yunohost domain cert-install olitask.changeip.com --force
Info: Now attempting install of certificate for domain olitask.changeip.com!
Info: The configuration file '/etc/dnsmasq.d/03-pihole-wildcard.conf' is expected to be deleted by regen-conf (category dnsmasq) but has been kept back.
Info: The configuration file '/etc/dnsmasq.d/01-pihole.conf' is expected to be deleted by regen-conf (category dnsmasq) but has been kept back.
Info: Parsing account key...
Info: Parsing CSR...
Info: Found domains: olitask.changeip.com
Info: Getting directory...
Info: Directory found!
Info: Registering account...
Info: Already registered!
Info: Creating new order...
Info: Order created!
Info: Verifying olitask.changeip.com...
Error: Wrote file to /tmp/acme-challenge-public/4z8_B9eKcAREcI5xQmPR2AwEXiomJ8sIuH9hb3JqzRo, but couldn't download http://olitask.changeip.com/.well-known/acme-challenge/4z8_B9eKcAREcI5xQmPR2AwEXiomJ8sIuH9hb3JqzRo: Error:
Url: http://olitask.changeip.com/.well-known/acme-challenge/4z8_B9eKcAREcI5xQmPR2AwEXiomJ8sIuH9hb3JqzRo
Data: None
Response Code: None
Response: <urlopen error [Errno 113] No route to host>
Warning: Debug information:
 - domain ip from DNS        93.21.248.123
 - domain ip from local DNS  93.21.248.123
 - public ip of the server   93.21.248.123

Warning: Debug information:
 - domain ip from DNS        93.21.248.123
 - domain ip from local DNS  93.21.248.123
 - public ip of the server   93.21.248.123

Error: Certificate installation for olitask.changeip.com failed !
Exception: Signing the new certificate failed
Info: The operation 'Install Let's encrypt certificate on 'olitask.changeip.com' domain' has failed! To get help, please share the full log of this operation using the command 'yunohost log display 20191206-101522-letsencrypt_cert_install-olitask.changeip.com --share'

une idée Olivier

olitask · December 7, 2019, 10:17pm

Bonsoir

Est-il possible d’installer le certificat let’s encrypt "à la main " car manifestement je n’y arrive pas avec ynh . Il arrive souvent ue ma box SFR bug ( c’est réellement une vrais daube, beaucoup de soucis avec le NAT) mais la je n’arrive plus à utiliser mes services . Je suis repassé à un certificat autosigné mais ce n’est pas utilisable sur les periferiques ios .
voila le retour de sudo yunohost domain cert-install olitask.changeip.com --force

2019-12-07 22:20:42,957: DEBUG - + sudo service dnsmasq restart
2019-12-07 22:20:44,970: DEBUG - + exit 0
2019-12-07 22:20:45,095: DEBUG - Exécution de la commande ‘sh -c YNH_INTERFACE=api YNH_CWD=/usr/share/yunohost/hooks/conf_regen YNH_STDINFO=/tmp/tmpqOoVtl/stdinfo YNH_STDRETURN=/tmp/tmpSS8py2/stdreturn BASH_XTRACEFD=7 /bin/bash -x “./50-dnsmasq_pihole” post 0 0 ‘’ 7>&1’ …
2019-12-07 22:20:45,097: DEBUG - About to run the command ‘[‘sh’, ‘-c’, ‘YNH_INTERFACE=api YNH_CWD=/usr/share/yunohost/hooks/conf_regen YNH_STDINFO=/tmp/tmpqOoVtl/stdinfo YNH_STDRETURN=/tmp/tmpSS8py2/stdreturn BASH_XTRACEFD=7 /bin/bash -x “./50-dnsmasq_pihole” post 0 0 ‘’ 7>&1’]’
2019-12-07 22:20:45,266: DEBUG - + force=0
2019-12-07 22:20:45,270: DEBUG - + dryrun=0
2019-12-07 22:20:45,271: DEBUG - + pending_conf=
2019-12-07 22:20:45,275: DEBUG - + temp_dir=/tmp/pi-hole.bck
2019-12-07 22:20:45,277: DEBUG - + case “$1” in
2019-12-07 22:20:45,279: DEBUG - + do_post_regen
2019-12-07 22:20:45,281: DEBUG - + cp -a /tmp/pi-hole.bck/01-pihole.conf /etc/dnsmasq.d/
2019-12-07 22:20:45,283: DEBUG - + test -e /tmp/pi-hole.bck/02-pihole-dhcp.conf
2019-12-07 22:20:45,285: DEBUG - + test -e /tmp/pi-hole.bck/03-pihole-wildcard.conf
2019-12-07 22:20:45,287: DEBUG - + cp -a /tmp/pi-hole.bck/03-pihole-wildcard.conf /etc/dnsmasq.d/
2019-12-07 22:20:45,289: DEBUG - + test -n /tmp/pi-hole.bck
2019-12-07 22:20:45,291: DEBUG - + rm -r /tmp/pi-hole.bck
2019-12-07 22:20:45,292: DEBUG - + sed --in-place ‘s/^cache-size=/#pihole# cache-size=/g’ /etc/dnsmasq.conf
2019-12-07 22:20:45,294: DEBUG - + systemctl reload dnsmasq
2019-12-07 22:20:45,296: DEBUG - + exit 0
2019-12-07 22:20:45,461: DEBUG - Journal historisé complet de cette opération : ’ Régénérer les configurations du système ‘dnsmasq’ ’
2019-12-07 22:20:45,482: DEBUG - Prepare key and certificate signing request (CSR) for olitask.changeip.com…
2019-12-07 22:20:55,561: DEBUG - Saving to /tmp/acme-challenge-private/olitask.changeip.com.csr.
2019-12-07 22:20:55,564: DEBUG - Now using ACME Tiny to sign the certificate…
2019-12-07 22:20:55,566: INFO - Parsing account key…
2019-12-07 22:20:55,628: INFO - Parsing CSR…
2019-12-07 22:20:55,687: INFO - Found domains: olitask.changeip.com
2019-12-07 22:20:55,691: INFO - Getting directory…
2019-12-07 22:20:56,333: INFO - Directory found!
2019-12-07 22:20:56,337: INFO - Registering account…
2019-12-07 22:20:57,825: INFO - Already registered!
2019-12-07 22:20:57,828: INFO - Creating new order…
2019-12-07 22:20:59,325: INFO - Order created!
2019-12-07 22:20:59,967: INFO - Verifying olitask.changeip.com…
2019-12-07 22:21:03,066: ERROR - Wrote file to /tmp/acme-challenge-public/4z8_B9eKcAREcI5xQmPR2AwEXiomJ8sIuH9hb3JqzRo, but couldn’t download http://olitask.changeip.com/.well-known/acme-challenge/4z8_B9eKcAREcI5xQmPR2AwEXiomJ8sIuH9hb3JqzRo: Error:
Url: http://olitask.changeip.com/.well-known/acme-challenge/4z8_B9eKcAREcI5xQmPR2AwEXiomJ8sIuH9hb3JqzRo
Data: None
Response Code: None
Response: <urlopen error [Errno 113] No route to host>
2019-12-07 22:21:03,569: WARNING - Debug information:

domain ip from DNS 93.21.248.123
domain ip from local DNS 93.21.248.123
public ip of the server 93.21.248.123

2019-12-07 22:21:03,931: WARNING - Debug information:

domain ip from DNS 93.21.248.123
domain ip from local DNS 93.21.248.123
public ip of the server 93.21.248.123

2019-12-07 22:21:03,935: ERROR - Certificate installation for olitask.changeip.com failed !
Exception: La signature du nouveau certificat a échoué

system · December 22, 2019, 10:17pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.