[SOLVED?] Xmpp-upload not available/verified for ynh domain

  • raspi 4b at home with ynh stable version & updated
  • noho.st domain
  • no special config
  • xmpp-upload worked fine for several months now, last uploaded file is from december 8th
  • text messaging works fine

I’ve read:

and some other similar, without success.

Conversations client info when trying to share a picture

Hostname xmpp-upload.domain.noho.st not verified:

Certificate: sha256/35533zz3................
DN: CN=domain.noho.st
subjectAltNames: [domain.noho.st]

conversejs web gives no info, just does not upload file

when trying to renew Let’sencrypt to --force renewal for xmpp-upload (even with --no-checks) it fails due to xmpp-upload.domain.noho.st does not resolve the same IP as domain.noho.st

I’ve also dyndns update.

I had previously manually renewed certificates because of similar problems, but finally got installed for all subdomains.

I have “regen-conf” to defaults for nginx and metronome also, if case any other previous config was wrong.

I gave up trying to config xmpp-upload for my personal domains (never could use it :frowning_face: ), but at least could use messaging with domain.noho.st :cry: Even this does not work now. This is SOLVED NOW, READ NEXT MESSAGE.

Please, is this just happening to my system? I have not touched system config in this previous week.

Thank you for reading this and any hint would be great to try to solve the problem.


buenos días,
desde hace unos días no puedo compartir fotos/ficheros con el servidor metronome/xmpp debido a que, según el cliente Conversations, hay un problema con el certificado (ver arriba). Al intentar renovarlo “forzando” su instalación “sin comprobaciones” (los comandos de yunohost), no lo hace debido a que, según veo en la línea de comandos, xmpp-upload no resuelve la misma ip que el domino principal. Es un dominio yunohost que yo no controlo.

No he realizado cambios en la cnfiguración en los últimos días, sólo actualizaciones de sistema normales.

NUNCA he podido hacer funcionar xmpp-upload con mis dominios, pero por lo menos podía usar el dominio de ynh para la mensajería :frowning: ahora ni eso.

Cualquier ayuda sería de agradecer. Saludos

Hi,

I think I have found the PROBLEM :smiley: for my own domain, not for domain.noho.st

TL;DR

change issue to issuewild in the CAA record for @ letsencrypt

@ 3600 IN CAA 128 issuewild "letsencrypt.org"

so now, when renewed letsencrypt certificate it does found and verify xmpp-upload subdomain.

root@ynh:~# yunohost domain cert-renew --no-checks --force domain.tld
Warning: 'yunohost domain cert-renew' is deprecated and will be removed in the future
Warning: 'yunohost domain cert-renew' is deprecated and will be removed in the future
Info: Now attempting renewing of certificate for domain domain.tld !
Info: Parsing account key...
Info: Parsing CSR...
Info: Found domains: xmpp-upload.domain.tld, domain.tld
... and so on
Info: xmpp-upload.domain.tld verified!
Info: Signing certificate...
Info: Certificate signed!
Success! Let's Encrypt certificate renewed for the domain 'domain.tld'

At least it works in one of my domains

So I would suggest adding issuewild to the letsencrypt CAA record config, OR, creating an A-record for xmpp-upload subdomain I guess (?) would also do the trick.

Question

please, where are yunohost’s domain dns config stored? (domain.noho.st in my case).

so I could change CAA value, try at least, from issue to issuewild.

and

could it be that “*” A record from Extra would be missing from dns config?
IDK, just guessing.

Thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.