Self-signed certs are served for subdomains with valid LE certs

Hello! I’m having an issue with self-signed certs.

Hardware: 2 x Xeon E5 2660v4
Version: 11.2.7 (stable)
Server access : SSH
Special context or tweaking: No

Description of my issue

My subdomains have valid LE certs but are still serving self-signed certs and warnings. Desired behavior is to serve secure connection without warning.

Error logs

Everything looks fine in my panel dashboard. There are no error logs.

Can you elaborate on how you conclude that it’s still using self-signed cert

Sure! Thanks for your reply.

The certificate for the root domain is issued by R3. The certificates for the subdomains are issued by the root domain.

This is what my /etc/yunohost/certs directory looks like.

.
├── chatgpt.xn--eck8dh6o.net -> /etc/yunohost/certs//chatgpt.xn--eck8dh6o.net-history/20231202.214206-letsencrypt
├── chatgpt.xn--eck8dh6o.net-history
│   ├── 20231202.191849-selfsigned
│   ├── 20231202.212049-letsencrypt
│   └── 20231202.214206-letsencrypt
├── wiki.xn--eck8dh6o.net -> /etc/yunohost/certs//wiki.xn--eck8dh6o.net-history/20231202.212128-letsencrypt
├── wiki.xn--eck8dh6o.net-history
│   ├── 20231202.191710-selfsigned
│   └── 20231202.212128-letsencrypt
├── xn--4dkua4c.xn--eck8dh6o.net -> /etc/yunohost/certs//xn--4dkua4c.xn--eck8dh6o.net-history/20231202.214008-letsencrypt
├── xn--4dkua4c.xn--eck8dh6o.net-history
│   ├── 20231202.204301-selfsigned
│   ├── 20231202.212304-letsencrypt
│   └── 20231202.214008-letsencrypt
├── xn--eck8dh6o.net -> /etc/yunohost/certs//xn--eck8dh6o.net-history/20231202.215641-letsencrypt
├── xn--eck8dh6o.net-history
│   ├── 20231201.210311-selfsigned
│   ├── 20231202.011508-letsencrypt
│   ├── 20231202.211845-letsencrypt
│   ├── 20231202.212956-letsencrypt
│   └── 20231202.215641-letsencrypt
└── yunohost.org
    ├── ca.pem
    ├── crt.pem
    └── key.pem

Hmokay and so can we make sure that :

  • you reproduce the issue with another fresh browser ?
  • you are not behind some kind of reverse proxy ?
  • i guess you can try to systemctl reload nginx or even systemctl restart nginx but that should already have been performed by YunoHost unless there’s an important bug somehow … could be related to the fact that you’re using special chars domain names

Yes, I made sure I was getting the error on a different computer before posting.

I’m not using a reverse proxy.

Restarting nginx worked! Thank you!

Here’s the log of my last call to LE:

https://paste.yunohost.org/raw/qehaqikote

I see the last command is a reload. I didn’t try to reload. I went for the restart and it worked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.