SSL Certificates Expired: Challenge did not pass for xmpp-upload.maindomain.tld

My YunoHost server

Hardware: Raspberry Pi 4B (4 Gb) at home
YunoHost version: 4.0.8.2
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no, but I am hosting using a 4G router

Description of my issue

Long story short, I can’t renew my SSL certificates, it’s been a month and I haven’t been able to figure out how to fix this. Last resort would be reinstalling everything but I really want to avoid doing that. I am new to self hosting.

Here is my error log

Here is my system diagnosis output

I will try to provide as much additional information as possible:

I have 2 domains on my yunohost installation:
maindomain.tld is a ****.noho.st
domain2.tld is *****.xyz

under maindomain.tld I have applications:

  • nextcloud
  • piwigo
  • rainloop
  • synapse
  • shellinabox
  • gitea

Under domain2.tld I have:

  • Wordpress

Things I have tried:

forcing the certificate renewall
sudo yunohost domain cert-install maindomain.tld --no-checks --force

force restoring nginx configuration
yunohost tools regen-conf nginx --force

Error log corresponds to only main domain since it is the one I care the most about, but I get exactly the same output for domain2.tld

I have been looking for answers and someone asked if I was behind a reverse proxy but I wouldn’t know how to know if I am.

I am happy to provide more details, work on the terminal and even the actual domain URLs.

Maybe I am mistaken on this but, have you CNAMEd the xmpp-upload on your registrar?

Also you might wanna fix this

[WARNING] Some DNS records are missing or incorrect for domain domain2.tld (category extra)

  • Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
  • The following DNS record does not seem to follow the recommended configuration:
    Type: CAA
    Name: @
    Current value: 0 issue “letsencrypt.org
    Expected value: 128 issue “letsencrypt.org

Hi thank you for your reply.

  • It is my understanding that maindomain.tld 's registrar is managed by yunohost DNS service. I assume it should work by default. Can’t check if xmpp-upload is CNAMEd
  • just checked domain2.tld 's registrar and xmpp-upload is CNAMEd

  • For some reason my registrar (namecheap) can only do 0 issue "letsencrypt.org" but that didn’t cause any problems the very first time I installed a SSL certificate from letsencrypt

To try to clarify a few things :

  • the issue has nothing to do with the CAA record
  • considering the main domain is a noho.st domain, the configuration for the xmpp-upload. subdomain is fine (otherwise the diagnosis would complain about it anyway)

Random thought but could it be that your wordpress is configured with multisite enabled ? You could check this with grep multisite /etc/yunohost/apps/wordpress/settings.yml

Alternatively, we can try to pinpoint the issue with

echo "hello" > /tmp/acme-challenge-public/hello

then trying to

curl http://xmpp-upload.domain2.tld/.well-known/acme-challenge/hello

which should simply return “hello”

Hi, thanks for the help, here are the corresponding outputs:

multisite: '0'

The “hello” test returns:

hello

As far as I understand everything seems to be good?

That’s puzzling …

Do you happen to have an external Linux/Mac machine where you could run the same curl command ?

Seems to work from another computer on a separate network, first screenshot came from shell in a box btw

Hmpf then I don’t understand … I guess if you retry you still have the same issue …?

just ran

sudo yunohost domain cert-install maindomain.tld

here’s the log, now the problem is maindomain.tld not passing the challenge…
Is there anything else I could check to find out the root cause of my issue? Nuke and start over like humanity should? :frowning:

Just updated to yunohost 4.0.8.3 but that didn’t help to solve the issue. error log is basically the same.

So we followed this up in a private chat and found the issue …

Mandatory table flip :

2 Likes

just for future reference this is the fix, lesson learned. I did tweak nginx.conf to “optimize” my blog :man_facepalming:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.