[SOLVED]Postinstall - ERROR SSL error when connecting to https://dyndns.yunohost.org/test/*

My YunoHost server

Hardware: Raspberry Pi 4 at home
YunoHost version: 11.0.10-rpi
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello Yunohost team !

I failed in the first steps of postinstall : I get “SSL error when connecting to https://dyndns.yunohost.org/test/lamoulue.noho.st” (see detailed log below) even though when I check directly the dynette, it tells me "“Domain lamoulue.noho.st is available” (and I also tried with other subdomain names).

My box is a Fritz!Box, quite flexible I guess, even though I didn’t see the need of port redirection or other “box settings” in the installation guide as far as I went (which is, not far =)

Thanks in advance for your help and thanks anyway for you work!

root@yunohost:~# yunohost tools postinstall --debug
301  DEBUG initializing base actions map parser for cli
304  DEBUG loading actions map
306  DEBUG building parser...
325  DEBUG building parser took 0.018s
571  DEBUG Using selector: EpollSelector
Main domain: lamoulue.noho.st
New administration password: **********************************
Confirm new administration password: **********************************
26810 DEBUG acquiring lock...
26861 DEBUG lock has been acquired
26914 DEBUG loading python module yunohost.tools took 0.053s
26915 DEBUG processing action [2537.1]: yunohost.tools.postinstall with args={'domain': 'lamoulue.noho.st', 'password': '***********', 'ignore_dyndns': False, 'force_password': False, 'force_diskspace': False}
27263 DEBUG Checking if domain lamoulue.noho.st is available on dyndns.yunohost.org ...
27270 DEBUG Starting new HTTPS connection (1): dyndns.yunohost.org:443
27408 ERROR SSL error when connecting to https://dyndns.yunohost.org/test/lamoulue.noho.st
27409 WARNING Unable to reach DynDNS provider dyndns.yunohost.org: either your YunoHost is not correctly connected to the internet or the dynette server is down.
27411 DEBUG action [2537.1] executed in 0.496s
27412 DEBUG lock has been released
27413 ERROR The domain 'lamoulue.noho.st' is unavailable.

Hmkay, well then I would try to double check that other website do work from the server with for example:

curl https://api.my-ip.io/ip

which should display your IP (we don’t really care about your IP here, just the fact that it doesnt throw an error)

Indeed, it returns an error :
curl: (60) SSL certificate problem: certificate is not yet valid

ping-ing and dig-ing something is working :slight_smile:

I tried to perform postinstall with a fake domain name (yolo.test) and then “add” lamoulue.noho.st through the webadmin and I get the same error and I’m unable to Yunopaste !
(cf below)

**Erreur**: `"500" Internal Server Error`

**Action**: `"GET" /yunohost/api/logs/20221207-115537-domain_add-lamoulue.noho.st/share?locale=fr`

**Message d'erreur :**

Something wrong happened while trying to paste data on paste.yunohost.org : HTTPSConnectionPool(host='paste.yunohost.org', port=443): Max retries exceeded with url: /documents (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1123)')))

I just ran the diagnosis tool and it seems there are issue with some python scripts :

Échec du diagnostic pour la catégorie 'ip':
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.9/ssl.py", line 1040, in _create
File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
socket.timeout: _ssl.c:1106: The handshake operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 385, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=conn.timeout)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 336, in _raise_timeout
raise ReadTimeoutError(
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='ip.yunohost.org', port=443): Read timed out. (read timeout=30)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/moulinette/utils/network.py", line 24, in download_text
r = requests.get(url, timeout=timeout)
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='ip.yunohost.org', port=443): Read timed out. (read timeout=30)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/diagnosers/10-ip.py", line 220, in get_public_ip
return download_text(url, timeout=30).strip()
File "/usr/lib/python3/dist-packages/moulinette/utils/network.py", line 33, in download_text
raise MoulinetteError("download_timeout", url=url)
moulinette.core.MoulinetteError: https://ip.yunohost.org a pris trop de temps pour répondre : abandon.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/diagnosis.py", line 196, in diagnosis_run
code, report = diagnoser.diagnose(force=force)
File "/usr/lib/python3/dist-packages/yunohost/diagnosis.py", line 449, in diagnose
items = list(self.run())
File "/usr/lib/python3/dist-packages/yunohost/diagnosers/10-ip.py", line 87, in run
ipv4 = self.get_public_ip(4) if can_ping_ipv4 else None
File "/usr/lib/python3/dist-packages/yunohost/diagnosers/10-ip.py", line 224, in get_public_ip
self.logger_debug(f"Could not get public IPv{protocol} : {e}")
AttributeError: 'MyDiagnoser' object has no attribute 'logger_debug'

It seems my box (Fritz!Box) has its own ssl certificat (that I can download, in a *.cer file) because the box can be accessed from the internets (for storage, basic functionnality they provide =). It seems I can apply a personnalized certificat !

The ugly python stacktrace thing was fixed in YunoHost 11.1, but the initial issue is that your server internet connectivity is kinda broken

Ok thanks! Is it possibly due to this self-signed stuff of the fritzbox? (I’m trying to manually upload another cert downloaded from letsencrypt to the box, but no success yet)

I doubt, because the certificate on your fritzbox is about incoming traffic, not outgoing one

I can curl https://api.my-ip.io/ip from my computer (it returns my IP), but from the Pi it returns the error mentionned above, both are LAN connected… I’m a bit lost !

I ended up trying to flash another microSD, didn’t work, and I had the chance to have another Pi on my desk so I tried to swape them and… now it works!
My guess : something wrong on the hardware side.
(thanks for the help anyhow, I stopped looking for these certificats stuff =)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.