[SOLVED]Postinstall - ERROR SSL error when connecting to https://dyndns.yunohost.org/test/*

max_bxl · February 28, 2023, 1:48pm

My YunoHost server

Hardware: Raspberry Pi 4 at home
YunoHost version: 11.0.10-rpi
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello Yunohost team !

I failed in the first steps of postinstall : I get “SSL error when connecting to https://dyndns.yunohost.org/test/lamoulue.noho.st” (see detailed log below) even though when I check directly the dynette, it tells me "“Domain lamoulue.noho.st is available” (and I also tried with other subdomain names).

My box is a Fritz!Box, quite flexible I guess, even though I didn’t see the need of port redirection or other “box settings” in the installation guide as far as I went (which is, not far =)

Thanks in advance for your help and thanks anyway for you work!
Maxime

root@yunohost:~# yunohost tools postinstall --debug
301  DEBUG initializing base actions map parser for cli
304  DEBUG loading actions map
306  DEBUG building parser...
325  DEBUG building parser took 0.018s
571  DEBUG Using selector: EpollSelector
Main domain: lamoulue.noho.st
New administration password: **********************************
Confirm new administration password: **********************************
26810 DEBUG acquiring lock...
26861 DEBUG lock has been acquired
26914 DEBUG loading python module yunohost.tools took 0.053s
26915 DEBUG processing action [2537.1]: yunohost.tools.postinstall with args={'domain': 'lamoulue.noho.st', 'password': '***********', 'ignore_dyndns': False, 'force_password': False, 'force_diskspace': False}
27263 DEBUG Checking if domain lamoulue.noho.st is available on dyndns.yunohost.org ...
27270 DEBUG Starting new HTTPS connection (1): dyndns.yunohost.org:443
27408 ERROR SSL error when connecting to https://dyndns.yunohost.org/test/lamoulue.noho.st
27409 WARNING Unable to reach DynDNS provider dyndns.yunohost.org: either your YunoHost is not correctly connected to the internet or the dynette server is down.
27411 DEBUG action [2537.1] executed in 0.496s
27412 DEBUG lock has been released
27413 ERROR The domain 'lamoulue.noho.st' is unavailable.

Aleks · February 28, 2023, 5:34pm

Hmkay, well then I would try to double check that other website do work from the server with for example:

curl https://api.my-ip.io/ip

which should display your IP (we don’t really care about your IP here, just the fact that it doesnt throw an error)

max_bxl · February 28, 2023, 6:27pm

Indeed, it returns an error :
curl: (60) SSL certificate problem: certificate is not yet valid

ping-ing and dig-ing something is working

max_bxl · February 28, 2023, 9:22pm

I tried to perform postinstall with a fake domain name (yolo.test) and then “add” lamoulue.noho.st through the webadmin and I get the same error and I’m unable to Yunopaste !
(cf below)

**Erreur**: `"500" Internal Server Error`

**Action**: `"GET" /yunohost/api/logs/20221207-115537-domain_add-lamoulue.noho.st/share?locale=fr`

**Message d'erreur :**

Something wrong happened while trying to paste data on paste.yunohost.org : HTTPSConnectionPool(host='paste.yunohost.org', port=443): Max retries exceeded with url: /documents (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1123)')))

max_bxl · March 2, 2023, 9:13am

I just ran the diagnosis tool and it seems there are issue with some python scripts :

Échec du diagnostic pour la catégorie 'ip':
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
socket.timeout: _ssl.c:1106: The handshake operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 385, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=conn.timeout)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 336, in _raise_timeout
raise ReadTimeoutError(
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='ip.yunohost.org', port=443): Read timed out. (read timeout=30)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/moulinette/utils/network.py", line 24, in download_text
r = requests.get(url, timeout=timeout)
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='ip.yunohost.org', port=443): Read timed out. (read timeout=30)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/diagnosers/10-ip.py", line 220, in get_public_ip
return download_text(url, timeout=30).strip()
File "/usr/lib/python3/dist-packages/moulinette/utils/network.py", line 33, in download_text
raise MoulinetteError("download_timeout", url=url)
moulinette.core.MoulinetteError: https://ip.yunohost.org a pris trop de temps pour répondre : abandon.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/diagnosis.py", line 196, in diagnosis_run
code, report = diagnoser.diagnose(force=force)
File "/usr/lib/python3/dist-packages/yunohost/diagnosis.py", line 449, in diagnose
items = list(self.run())
File "/usr/lib/python3/dist-packages/yunohost/diagnosers/10-ip.py", line 87, in run
ipv4 = self.get_public_ip(4) if can_ping_ipv4 else None
File "/usr/lib/python3/dist-packages/yunohost/diagnosers/10-ip.py", line 224, in get_public_ip
self.logger_debug(f"Could not get public IPv{protocol} : {e}")
AttributeError: 'MyDiagnoser' object has no attribute 'logger_debug'

max_bxl · March 2, 2023, 9:36am

It seems my box (Fritz!Box) has its own ssl certificat (that I can download, in a *.cer file) because the box can be accessed from the internets (for storage, basic functionnality they provide =). It seems I can apply a personnalized certificat !

Aleks · March 2, 2023, 11:06am

The ugly python stacktrace thing was fixed in YunoHost 11.1, but the initial issue is that your server internet connectivity is kinda broken

max_bxl · March 2, 2023, 11:10am

Ok thanks! Is it possibly due to this self-signed stuff of the fritzbox? (I’m trying to manually upload another cert downloaded from letsencrypt to the box, but no success yet)

Aleks · March 2, 2023, 11:11am

I doubt, because the certificate on your fritzbox is about incoming traffic, not outgoing one

max_bxl · March 2, 2023, 11:17am

I can curl https://api.my-ip.io/ip from my computer (it returns my IP), but from the Pi it returns the error mentionned above, both are LAN connected… I’m a bit lost !

max_bxl · March 2, 2023, 6:38pm

I ended up trying to flash another microSD, didn’t work, and I had the chance to have another Pi on my desk so I tried to swape them and… now it works!
My guess : something wrong on the hardware side.
(thanks for the help anyhow, I stopped looking for these certificats stuff =)

system · April 1, 2023, 6:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.