[Solved] Let's Encrypt certifikat does not install

Let’s Encrypt certifikat does not install

sudo yunohost domain cert-install my.domain.tld--force

does not work

https://paste.yunohost.org/raw/ovizoxekuk

What could I try ? - Thanks

Well, why are you using --force, and what does it says if you don’t, and what does the diagnosis says …

without --force I get the same:
https://paste.yunohost.org/raw/okacodoquf

under diagnosis it says missing record:
Typ: CAA
Name: @
Wert: 128 issue "letsencrypt.org"

but i can´t set this one up… because I just have a server with DynDNS
I can set up DNS for the main domain but not for the subdomains :frowning:
but that was up to now never a problem… well… I did it by the --force command

Does the diagnosis says anything else ? (the CAA record is not so important)

What does this returns ?

ping -c3 domain2.tld

And this ?

cat /etc/resolv.conf

the diagnosis says the domain is
Blacklist at SpamRATS!
Blacklist at SPFBL.net

  ping -c3 my.domain.tld                                                                                       
    PING my.domain.tld (xy.48.33.164) 56(84) bytes of data.                                                                  
    64 bytes from link.domain.tlf(xy.48.33.164): icmp_seq=1 ttl=58 time=15.0 ms                                                  
    64 bytes from link.domain.tld (xy.48.33.164): icmp_seq=2 ttl=58 time=14.7 ms                                                  
    64 bytes from link.domain.tld (xy.48.33.164): icmp_seq=3 ttl=58 time=13.9 ms                                                  
                                                                                                                   
    --- my.domain.tld ping statistics ---                                                                                    
    3 packets transmitted, 3 received, 0% packet loss, time 3ms                                                                   
    rtt min/avg/max/mdev = 13.949/14.550/15.026/0.469 ms                                                                          


$ cat /etc/resolv.conf                                                                                              
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)                                                
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN                                                       
nameserver 127.0.0.1

Here you wrote “my.domain.tld”. Do you confirm it does corresponds to what was called “domain2.tld” in the logs previously ?

yes

Well then let’s try to

echo "hello" > /tmp/acme-challenge-public/test
curl http://domain2.tld/.well-known/acme-challenge/test
admin@my:~$ sudo echo "hello" > /tmp/acme-challenge-public/test curl http://domain2.tld/.well-known/acme-challenge/test             
-bash: /tmp/acme-challenge-public/test: Permission denied

N.B. : le “echo” et le “curl” sont deux commandes différentes à taper l’une après l’autre …

Pour le permission dedied, tape d’abord sudo -i pour passer root (N.B. : sudo -i est une commande indépendande des autres aussi …)

root@my:~# sudo -i                                                                                                                         
                                                                                                                                           
root@my:~# echo "hello" > /tmp/acme-challenge-public/test                                                                                  
root@my:~# curl http://domain2.tld/.well-known/acme-challenge/test                                                                  
curl: (7) Failed to connect to domain2.tld port 80: No route to host                                                                
root@my:~#

You have to use your real domain for the curl command, like this :

$ sudo -s

# echo "hello" > /tmp/acme-challenge-public/test

# curl http://simonlefort.be/.well-known/acme-challenge/test
hello

i used the the curl command with the sub.domain I want to install let´s encrypt

admin@my:~$ sudo -s                                                                                                                        
root@my:/home/admin# echo "hello" > /tmp/acme-challenge-public/test                                                                        
root@my:/home/admin# curl http://sub.domain.tld/.well-known/acme-challenge/test                                                        
<html>                                                                                                                                     
<head><title>404 Not Found</title></head>                                                                                                  
<body bgcolor="white">                                                                                                                     
<center><h1>404 Not Found</h1></center>                                                                                                    
<hr><center>nginx/1.14.2</center>                                                                                                          
</body>                                                                                                                                    
</html>                                                                                                                                    
curl: (7) Failed to connect to sub.domain.tld port 80: No route to host                                                                
root@my:/home/admin#

Ugh…

Can you try to

yunohost tools regen-conf dnsmasq

and see if that fixes the issue ?

2 Likes

YESSSSSS - Thanks
that did help