[SOLVED] Let’s Encrypt certificates NOT WORKING / was not renewed automatically

Hardware: VPS

YunoHost version: 11.0.9.14

I have access to my server: yes local ip, https domain & ssh working

Since the update to debian 11 i have problems to install Let’s Encryp certificates for new subdomains

Now the main domain of my YH installation is also not working anymore because the Let’s Encrypt certificates was not renewed automatically…
than I did a manual update - i get a green light saying that the Let’s Encrypt is now valid for 40 days - but the site is still nor reachable
EDIT
that was a mistake by me - was looking at the wrong domain - a manual updates does not work.

the site is still nor reachable

showing NET::ERR_CERT_DATE_INVALID

I checked the date by $ timedatectl - seams to be ok

What could i try - THANKS

eidt

Manuel updats for a Let’s Encrypt certificates do also not work…

when i run the diagnose tool i get errors like this:

Der folgende DNS Eintrag scheint nicht den empfohlenen Einstellungen zu entsprechen:
Typ: AAAA
Name: sub
Aktueller Wert: 2a05:c206:1005:6756::6
Erwarteter Wert: None

but i updated this ip6 DNS records a long time ago… so some how it seams that my YH Server is not fetching the current DNS records

How can I force the system to do so?

if i try to update manual - i get this error

The DNS A record of the domain domain.tld is different from this server IP. For more information, see the ‘DNS records’ (Basic) category in the diagnostics. If you have changed your A record recently, please wait a while for the changes to take effect (you can check the DNS propagation via the website) (if you know what you are doing, you can use ‘–no-checks’ to skip this check).

did NOT edit the A record

does this look right?

root@admin:/home/admin# ping -c3 domain.tld                                                                    
PING domain.tld (127.0.0.1) 56(84) bytes of data.                                                               
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.055 ms                                                 
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.045 ms                                                 
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.036 ms                                                 
                                                                                                                     
--- domain.tld ping statistics ---                                                                              
3 packets transmitted, 3 received, 0% packet loss, time 2055ms                                                       
rtt min/avg/max/mdev = 0.036/0.045/0.055/0.007 ms                                                                    
root@admin:/home/admin# cat /etc/resolv.conf                                                                         
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)                                       
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN                                              
# 127.0.0.53 is the systemd-resolved stub resolver.                                                                  
# run "resolvectl status" to see details about the actual nameservers.                                               
                                                                                                                     
nameserver 127.0.0.1                                                                                                 
search invalid                                                                                                       
cat: cat: No such file or directory                                                                                  
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)                                       
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN                                              
# 127.0.0.53 is the systemd-resolved stub resolver.                                                                  
# run "resolvectl status" to see details about the actual nameservers.                                               
                                                                                                                     
nameserver 127.0.0.1

                                                                                                 
search invalid
root@admin:/home/admin# sudo yunohost domain cert-install domain.tld --force                                    
Warning: 'yunohost domain cert-install' is deprecated and will be removed in the future
Warning: 'yunohost domain cert-install' is deprecated and will be removed in the future
Error: The DNS records for domain 'domain.tld' is different from this server's IP. Please check the 'DNS records
' (basic) category in the diagnosis for more info. If you recently modified your A record, please wait for it to prop
agate (some DNS propagation checkers are available online). (If you know what you are doing, use '--no-checks' to tur
n off those checks.)                                                                                                 
root@admin:/home/admin#

after installing a self signed certificate by

yunohost domain cert-install your.domain.tld --self-signed --force

i could also install a Let’s Encrypt certificate for the domain again :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.