SSL Certificates Expired: Challenge did not pass for xmpp-upload.maindomain.tld

lopeztel · December 4, 2020, 8:07pm

My YunoHost server

Hardware: Raspberry Pi 4B (4 Gb) at home
YunoHost version: 4.0.8.2
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no, but I am hosting using a 4G router

Description of my issue

Long story short, I can’t renew my SSL certificates, it’s been a month and I haven’t been able to figure out how to fix this. Last resort would be reinstalling everything but I really want to avoid doing that. I am new to self hosting.

Here is my error log

Here is my system diagnosis output

I will try to provide as much additional information as possible:

I have 2 domains on my yunohost installation:
maindomain.tld is a ****.noho.st
domain2.tld is *****.xyz

under maindomain.tld I have applications:

nextcloud
piwigo
rainloop
synapse
shellinabox
gitea

Under domain2.tld I have:

Wordpress

Things I have tried:

forcing the certificate renewall
sudo yunohost domain cert-install maindomain.tld --no-checks --force

force restoring nginx configuration
yunohost tools regen-conf nginx --force

Error log corresponds to only main domain since it is the one I care the most about, but I get exactly the same output for domain2.tld

I have been looking for answers and someone asked if I was behind a reverse proxy but I wouldn’t know how to know if I am.

I am happy to provide more details, work on the terminal and even the actual domain URLs.

HoldMyGin · December 4, 2020, 10:53pm

Maybe I am mistaken on this but, have you CNAMEd the xmpp-upload on your registrar?

Also you might wanna fix this

[WARNING] Some DNS records are missing or incorrect for domain domain2.tld (category extra)

Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
The following DNS record does not seem to follow the recommended configuration:
Type: CAA
Name: @
Current value: 0 issue “letsencrypt.org”
Expected value: 128 issue “letsencrypt.org”

lopeztel · December 5, 2020, 9:17am

Hi thank you for your reply.

It is my understanding that maindomain.tld 's registrar is managed by yunohost DNS service. I assume it should work by default. Can’t check if xmpp-upload is CNAMEd
just checked domain2.tld 's registrar and xmpp-upload is CNAMEd

For some reason my registrar (namecheap) can only do 0 issue "letsencrypt.org" but that didn’t cause any problems the very first time I installed a SSL certificate from letsencrypt

Aleks · December 5, 2020, 4:30pm

To try to clarify a few things :

the issue has nothing to do with the CAA record
considering the main domain is a noho.st domain, the configuration for the xmpp-upload. subdomain is fine (otherwise the diagnosis would complain about it anyway)

Random thought but could it be that your wordpress is configured with multisite enabled ? You could check this with grep multisite /etc/yunohost/apps/wordpress/settings.yml

Alternatively, we can try to pinpoint the issue with

echo "hello" > /tmp/acme-challenge-public/hello

then trying to

curl http://xmpp-upload.domain2.tld/.well-known/acme-challenge/hello

which should simply return “hello”

lopeztel · December 6, 2020, 12:42pm

Hi, thanks for the help, here are the corresponding outputs:

multisite: '0'

The “hello” test returns:

hello

As far as I understand everything seems to be good?

Aleks · December 6, 2020, 2:55pm

That’s puzzling …

Do you happen to have an external Linux/Mac machine where you could run the same curl command ?

lopeztel · December 6, 2020, 4:11pm

Seems to work from another computer on a separate network, first screenshot came from shell in a box btw

Aleks · December 6, 2020, 4:24pm

Hmpf then I don’t understand … I guess if you retry you still have the same issue …?

lopeztel · December 8, 2020, 1:04pm

just ran

sudo yunohost domain cert-install maindomain.tld

here’s the log, now the problem is maindomain.tld not passing the challenge…
Is there anything else I could check to find out the root cause of my issue? Nuke and start over like humanity should?

lopeztel · December 11, 2020, 5:23pm

Just updated to yunohost 4.0.8.3 but that didn’t help to solve the issue. error log is basically the same.

Aleks · December 11, 2020, 7:37pm

So we followed this up in a private chat and found the issue …

Mandatory table flip :

lopeztel · December 11, 2020, 7:47pm

just for future reference this is the fix, lesson learned. I did tweak nginx.conf to “optimize” my blog

system · December 26, 2020, 7:46pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.