SSL Certificates Expired

lopeztel · November 1, 2020, 2:22pm

My YunoHost server

Hardware: Raspberry Pi 4 at home
YunoHost version: 4.0.8
I have access to my server : Through SSH (not anymore) | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello, thanks for this amazing project.

Just today I found myself locked out because it looks like my SSL certificates have expired, can’t access using Firefox web browser, had to use Chromium to access the admin web portal.

I haven’t been able to troubleshoot myself, I’ve tried the solution listed here but renewing or installing a Let’s Encrypt certificate (after reverting to self-signed) fails, see log here

According to the log there seems to be a problem with the IP, but according to whats my IP it looks like the global IP is correct.

I would really appreciate some pointers or help!!

Aleks · November 1, 2020, 3:07pm

Do you happen to have an app installed at the root of your domain ? (Or maybe set as default app?)

lopeztel · November 1, 2020, 3:29pm

Hi thanks for the quick reply!

I guess I should elaborate more, I am using 2 domains: a noho.st one and a .xyz (the .xyz domain has the same issue):

On the noho.st domain I have some apps installed but not at the root, root redirects you to .noho.st/yunohost/sso/

The .xyz domain has my wordpress blog installed at the root

Aleks · November 1, 2020, 3:35pm

Annnnd would you happen to have the “multi-site” option enabled maybe ? (On the wordpress?)

Aleks · November 1, 2020, 3:38pm

Anyway … not sure why this really happens and that’s a bit annoying to see this bug happening again because we thought it would be fixed … but naively I would try something like :

mv /etc/nginx/conf.d/yourdomain.tld.d/wordpress.conf{,.bkp}
nginx -t && systemctl reload nginx

… then retry to renew the certificate …

then restablish the wordpress conf with :

mv /etc/nginx/conf.d/yourdomain.tld.d/wordpress.conf{.bkp,}
nginx -t && systemctl reload nginx

(of course don’t forget to replace ‘yourdomain.tld’ by your actual domain name)

lopeztel · November 1, 2020, 3:42pm

As far as I know no “multi-site” option is enabled. since this is on somename.xyz would it affect all the stuff on somename.noho.st ?

Aleks · November 1, 2020, 3:48pm

Hmmnah i don’t think so … not 100% sure what this option is about exactly but that’s something like being able to have multiple site on a single blog but it’s not cross-domain … (not really sure about what i’m saying)

lopeztel · November 1, 2020, 3:51pm

just tried your suggestion on the somename.xyz wordpress blog, no changes, here’s the log

Also I noticed that this didn’t make it into the log:

Could not sign the new certificate

Traceback (most recent call last):
File “/usr/lib/moulinette/yunohost/certificate.py”, line 388, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
File “/usr/lib/moulinette/yunohost/certificate.py”, line 535, in _fetch_and_enable_new_certificate
raise YunohostError(‘certmanager_cert_signing_failed’)
YunohostError: Could not sign the new certificate

Aleks · November 1, 2020, 4:02pm

eeeeh so the first log you mentionned was about maindomain.tld but now it’s about domain2.tld (or viversa) ? Sooo uuuuh

lopeztel · November 1, 2020, 4:07pm

First log is about domain 1 (somename.noho.st), then as you suggested the worpress fix, I applied it to domain 2 (somename.xyz). So yes, 2 logs.

Domain 2 still has an active SSL certificate, which expires in 9 days.
Since I will have domain 1’s problem on domain 2 in 9 days I also tried to manually renew its SSL certificate, which yields a very similar result to trying to do the same on domain 1

system · November 16, 2020, 4:07pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.