Sources.list Errors

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 4.0.8
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

I get this error when I do a apt update and apt upgrade and also when I select systems updates from the web app:

Something went wrong while updating the cache of APT (Debian's package manager). Here is a dump of the sources.list lines, which might help identify problematic lines:
sources.list:deb http://ftp.debian.org/debian buster main contrib InRelease
sources.list:deb-src http://ftp.debian.org/debian buster main contrib InRelease
sources.list:deb http://ftp.debian.org/debian buster InRelease
sources.list:deb http://security.debian.org/debian-security buster/updates InRelease
sources.list:deb http://forge.yunohost.org/debian buster InRelease
sources.list:deb http://forge.yunohost.org/debian/ buster stable InRelease
sources.list:deb http://security.debian.org/debian-security buster/updates main contrib non-free InRelease
sources.list:deb-src http://security.debian.org/debian-security buster/updates main contrib non-free InRelease

W: Target Translations (InRelease/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:15

W: Target Packages (InRelease/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:15

W: Target Packages (InRelease/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:15

W: Target Translations (InRelease/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:10 and /etc/apt/sources.list:17

W: Target Packages (InRelease/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:10 and /etc/apt/sources.list:17

W: Target Packages (InRelease/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:10 and /etc/apt/sources.list:17

W: Target Translations (InRelease/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:7 and /etc/apt/sources.list:9

W: Target Packages (InRelease/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:7 and /etc/apt/sources.list:9

W: Target Packages (InRelease/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:7 and /etc/apt/sources.list:9

W: Skipping acquire of configured file 'InRelease/i18n/Translation-en' as repository 'http://forge.yunohost.org/debian buster InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Skipping acquire of configured file 'InRelease/binary-amd64/Packages' as repository 'http://forge.yunohost.org/debian buster InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Target Translations (InRelease/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:15

W: Target Packages (InRelease/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:15

W: Target Packages (InRelease/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:15

W: Skipping acquire of configured file 'InRelease/i18n/Translation-en' as repository 'http://ftp.debian.org/debian buster InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Skipping acquire of configured file 'InRelease/binary-amd64/Packages' as repository 'http://ftp.debian.org/debian buster InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Skipping acquire of configured file 'InRelease/source/Sources' as repository 'http://ftp.debian.org/debian buster InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Target Translations (InRelease/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:7 and /etc/apt/sources.list:9

W: Target Packages (InRelease/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:7 and /etc/apt/sources.list:9

W: Target Packages (InRelease/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:7 and /etc/apt/sources.list:9

W: Skipping acquire of configured file 'InRelease/i18n/Translation-en' as repository 'http://security.debian.org/debian-security buster/updates InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Skipping acquire of configured file 'InRelease/binary-amd64/Packages' as repository 'http://security.debian.org/debian-security buster/updates InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Skipping acquire of configured file 'InRelease/source/Sources' as repository 'http://security.debian.org/debian-security buster/updates InRelease' doesn't have the component 'InRelease' (component misspelt in sources.list?)

W: Target Translations (InRelease/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:10 and /etc/apt/sources.list:17

W: Target Packages (InRelease/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:10 and /etc/apt/sources.list:17

W: Target Packages (InRelease/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:10 and /etc/apt/sources.list:17

Que dit le diagnostique dans la partie connexion internet ?

ping 9.9.9.9
ping ftp.debian.org

In any case it sounds like you have duplicate lines (11 and 15) in your /etc/apt/sources.list ā€¦ Not sure how this can magically happens ā€¦

I am able to ping both of these.

Aleks,

Here is my sources.list file. Also my LetsEncrypt has expired. How do I?

#deb cdrom:[Debian GNU/Linux 9.9 _Stretch_ - Unofficial amd64 CD Binary-1 20190811-19:37]/ buster main non-free

#deb cdrom:[Debian GNU/Linux 9.9 _Stretch_ - Unofficial amd64 CD Binary-1 20190811-19:37]/ buster main non-free

deb http://ftp.debian.org/debian buster main contrib InRelease
deb-src http://ftp.debian.org/debian buster main contrib InRelease
#deb http://ftp.debian.org/debian buster InRelease
#deb http://security.debian.org/debian-security buster/updates InRelease
#deb http://forge.yunohost.org/debian buster InRelease


## YunoHost repository
deb http://forge.yunohost.org/debian/ buster stable InRelease

deb http://security.debian.org/debian-security buster/updates main contrib non-free InRelease
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free InRelease

# buster-updates, previously known as 'volatile'
#deb http://ftp.debian.org/debian buster-updates main contrib non-free
#deb [arch=ppc64el,i386,amd64] http://mirror.zol.co.zw/mariadb/repo/10.4/debian buster main
#deb-src [arch=ppc64el,i386,amd64] http://mirror.zol.co.zw/mariadb/repo/10.4/debian buster main
#deb-src http://ftp.debian.org/debian buster-updates main contrib non-free

Weeeeeell why do you have these ā€œInReleaseā€ flags inside the source.list ā€¦ Also youā€™re supposed to have a separate yunohost.list for the yunohost repository (except if your server is like from 4 or 5 years ago ā€¦)

Where is that sources.list coming from ā€¦?

Okay, so I took off the InRelease and am no longer getting all the ā€œW:ā€ entries. When I do apt update and apt upgrade it says there are no updates. My DNS is not working, I can only get into the web app with local NAT. How do I get Lets Encrypt updated and DNS working? When I use the Host Name I get this:

Did Not Connect: Potential Security Issue

Firefox detected an issue and did not continue to shinevar.nohost.me. The website is either misconfigured or your computer clock is set to the wrong time.

Itā€™s likely the websiteā€™s certificate is expired, which prevents Firefox from connecting securely.

What can you do about it?

shinevar.nohost.me has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You canā€™t add an exception to visit this site.

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the websiteā€™s administrator about the problem.

Still would be nice to know more about the story of that sources.list before the issue arised ā€¦

Anyway, yes, you need to renew your certificates, by going in the webadmin, Domains > SSL certificate > Renew ā€¦ (or yunohost domain cert-renew) But if that was not done automatically by Yunohost, it probably means thereā€™s an issue to be solved first. So would recommend checking the diagnosis screen ā€¦

Aleks,

Not sure how the sources.list got this way. In the past changes were made trying to fix things. Here it is now:

#deb cdrom:[Debian GNU/Linux 9.9 Stretch - Unofficial amd64 CD Binary-1 20190811-19:37]/ buster main non-free

#deb cdrom:[Debian GNU/Linux 9.9 Stretch - Unofficial amd64 CD Binary-1 20190811-19:37]/ buster main non-free

deb http://ftp.debian.org/debian buster main contrib #InRelease
deb-src http://ftp.debian.org/debian buster main contrib InRelease
#deb http://ftp.debian.org/debian buster InRelease
#deb http://security.debian.org/debian-security buster/updates InRelease
#deb http://forge.yunohost.org/debian buster InRelease

YunoHost repository

deb http://forge.yunohost.org/debian/ buster stable InRelease

deb http://security.debian.org/debian-security buster/updates main contrib non-free InRelease
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free #InRelease

buster-updates, previously known as ā€˜volatileā€™

#deb http://ftp.debian.org/debian buster-updates main contrib non-free
#deb [arch=ppc64el,i386,amd64] http://mirror.zol.co.zw/mariadb/repo/10.4/debian buster main
#deb-src [arch=ppc64el,i386,amd64] http://mirror.zol.co.zw/mariadb/repo/10.4/debian buster main
#deb-src http://ftp.debian.org/debian buster-updates main contrib non-free

I will make any changes you see. I am running the yunohost domain cert-renew and it is taking a lot of time. Still running.

Aleks,

My Yunohost server will not update certificates or work in DNS. Can only get to the web app via NAT. Any suggestion or help would be appreciated.

I see that you commented(?) the InRelease in one line but there are MULTIPLE of them ā€¦

Just REMOVE all the InRelease occurences

Hi Aleks,

Sorry for the delay, I was at work. With the DNS not working I cannot use wetty to access my terminal from work. I took out all of the In Release statements. apt update and apt upgrade says everything is updated. What next?

Aleks,

I tried to manually renew certificate; it failed. Here are the log files for the failure:

args:
email: false
force: true
no_checks: false
staging: false
ended_at: 2020-12-19 01:40:24.756750
error: Certificate renewing for maindomain.tld failed !
interface: true
operation: letsencrypt_cert_renew
related_to:

    • domain
    • maindomain.tld
      started_at: 2020-12-19 01:39:50.887474
      success: false
      yunohost_version: 4.0.8.3

============

2020-12-18 19:39:50,917: DEBUG - Making sure tmp folders existsā€¦
2020-12-18 19:39:50,919: DEBUG - Reusing IPv4 from cache: xx.xx.xx.xx
2020-12-18 19:39:50,920: DEBUG - Reusing IPv6 from cache: None
2020-12-18 19:39:50,920: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tldā€¦
2020-12-18 19:39:51,355: DEBUG - Saving to /tmp/acme-challenge-private/maindomain.tld.csr.
2020-12-18 19:39:51,356: DEBUG - Now using ACME Tiny to sign the certificateā€¦
2020-12-18 19:39:51,356: INFO - Parsing account keyā€¦
2020-12-18 19:39:51,383: INFO - Parsing CSRā€¦
2020-12-18 19:39:51,390: INFO - Found domains: xmpp-upload.maindomain.tld, maindomain.tld
2020-12-18 19:39:51,391: INFO - Getting directoryā€¦
2020-12-18 19:39:51,738: INFO - Directory found!
2020-12-18 19:39:51,739: INFO - Registering accountā€¦
2020-12-18 19:39:52,191: INFO - Already registered!
2020-12-18 19:39:52,192: INFO - Creating new orderā€¦
2020-12-18 19:39:52,672: INFO - Order created!
2020-12-18 19:39:53,128: INFO - Verifying maindomain.tldā€¦
2020-12-18 19:40:24,742: ERROR - Wrote file to /tmp/acme-challenge-public/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM, but couldnā€™t download http://maindomain.tld/.well-known/acme-challenge/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM: Error:
Url: http://maindomain.tld/.well-known/acme-challenge/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
2020-12-18 19:40:24,755: ERROR - Certificate renewing for maindomain.tld failed !

Sooo can you go in the diagnosis screen and say if itā€™s complaining about anything in the ā€œDNSā€ or ā€œWebā€ sections ?

(If you want to run the diagnosis from the cli, you can use yunohost diagnosis run, then yunohost diagnosis show --share)

Ran diagnosis and found no warnings in DNS or Web. Email returned some blacklists:

The reverse DNS is not correctly configured in IPv4. Some emails may fail to get delivered or may get flagged as spam. * Your IP or domain 97.91.140.33 is blacklisted on Spamhaus ZEN

  • Your IP or domain 97.91.140.33 is blacklisted on Barracuda Reputation Block List
  • Your IP or domain 97.91.140.33 is blacklisted on SPFBL.net RBL

Also system configurations:

Configuration file /etc/fail2ban/jail.conf appears to have been manually modified. * Configuration file /etc/mysql/my.cnf appears to have been manually modified.

  • Configuration file /etc/postfix/main.cf appears to have been manually modified.
  • Configuration file /etc/avahi/avahi-daemon.conf appears to have been manually modified.
  • Configuration file /etc/ssh/sshd_config appears to have been manually modified.

Anything I can do to get LetsEncrypt to update my certificate?

Manual renew certificate fail logs:

Could not sign the new certificate

Traceback (most recent call last):
File ā€œ/usr/lib/moulinette/yunohost/certificate.pyā€, line 386, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
File ā€œ/usr/lib/moulinette/yunohost/certificate.pyā€, line 533, in _fetch_and_enable_new_certificate
raise YunohostError(ā€˜certmanager_cert_signing_failedā€™)
YunohostError: Could not sign the new certificate

Could not complete the operation ā€˜Renew ā€˜shinevar.nohost.meā€™ Letā€™s Encrypt certificateā€™. Please provide the full log of this operation by clicking here to get help

Certificate renewing for shinevar.nohost.me failed !

Wrote file to /tmp/acme-challenge-public/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM, but couldnā€™t download http://shinevar.nohost.me/.well-known/acme-challenge/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM: Error:
Url: http://shinevar.nohost.me/.well-known/acme-challenge/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM
Data: None
Response Code: None
Response:

Verifying shinevar.nohost.meā€¦

Order created!

Creating new orderā€¦

Already registered!

Registering accountā€¦

Directory found!

Getting directoryā€¦

Found domains: xmpp-upload.shinevar.nohost.me, shinevar.nohost.me

Tried to create new certificate from console. (yunohost domain cert-install shinevar.nohost.me --force)

Here are the logs:

args:
force: true
no_checks: false
staging: false
ended_at: 2020-12-19 02:19:12.295590
error: 'Certificate installation for maindomain.tld failed !

Exception: Could not sign the new certificateā€™
interface: false
operation: letsencrypt_cert_install
related_to:

    • domain
    • maindomain.tld
      started_at: 2020-12-19 02:18:38.016586
      success: false
      yunohost_version: 4.0.8.3

============

2020-12-18 20:18:38,036: DEBUG - Making sure tmp folders existsā€¦
2020-12-18 20:18:38,041: DEBUG - Fetching IP from https://ip.yunohost.org
2020-12-18 20:18:38,792: DEBUG - IP fetched: xx.xx.xx.xx
2020-12-18 20:18:38,798: DEBUG - No default route for IPv6, so assuming thereā€™s no IP address for that version
2020-12-18 20:18:38,798: DEBUG - IP fetched: None
2020-12-18 20:18:38,798: DEBUG - Prepare key and certificate signing request (CSR) for maindomain.tldā€¦
2020-12-18 20:18:38,972: DEBUG - Saving to /tmp/acme-challenge-private/maindomain.tld.csr.
2020-12-18 20:18:38,972: DEBUG - Now using ACME Tiny to sign the certificateā€¦
2020-12-18 20:18:38,973: INFO - Parsing account keyā€¦
2020-12-18 20:18:38,980: INFO - Parsing CSRā€¦
2020-12-18 20:18:38,986: INFO - Found domains: xmpp-upload.maindomain.tld, maindomain.tld
2020-12-18 20:18:38,986: INFO - Getting directoryā€¦
2020-12-18 20:18:39,279: INFO - Directory found!
2020-12-18 20:18:39,279: INFO - Registering accountā€¦
2020-12-18 20:18:39,725: INFO - Already registered!
2020-12-18 20:18:39,727: INFO - Creating new orderā€¦
2020-12-18 20:18:40,249: INFO - Order created!
2020-12-18 20:18:40,710: INFO - Verifying maindomain.tldā€¦
2020-12-18 20:19:12,294: ERROR - Wrote file to /tmp/acme-challenge-public/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM, but couldnā€™t download http://maindomain.tld/.well-known/acme-challenge/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM: Error:
Url: http://maindomain.tld/.well-known/acme-challenge/opNFl639iyEAdwUxS1Sol-Z3LLXb6XzKQu4piGJgWoM
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
2020-12-18 20:19:12,295: ERROR - Certificate installation for maindomain.tld failed !
Exception: Could not sign the new certificate

Aleks! I fixed it! Saw a former forum post of yours and ran the following command:

yunohost domain cert-install shinevar.nohost.me --no-checks --force

It installed the new certificate!

1 Like

Uuuuuh wokay thatā€™s weird because the issue seemed unrelated to the use of --no-checks ā€¦ so maybe a temporary issue ā€¦ Anyway glad itā€™s fixed ĀÆ\_(惄)_/ĀÆ

1 Like

I guess weā€™ll never know if the --no-checks was the answer, maybe Letā€™s Encrypt wasnā€™t working earlier. I wanted to take this opportunity to wish all Yunohosterā€™s a very Merry Christmas!

1 Like