Tld is repeated in DNS records

My YunoHost server

Hardware: Old laptop (AMD E-450)
YunoHost version: YunoHost (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no, i dont think so

Description of my issue

Howdy partners,
I know my isp blocks port 80 but 443 is open.
I ran shields up at gibson research and 443 is open.
The yunohost ip is in my routers DMZ.
I have been using freedombox but want to try yunohost.

Running diagnosis I have some issues in the DNS records area. I’m guessing letsencrypt wont work till this is fixed.

(snip of diagnosis from DNS records follows…)

Name: muc
Current value:
Expected value:
The following DNS record does not seem to follow the recommended configuration:
Name: pubsub
Current value:
Expected value:
The following DNS record does not seem to follow the recommended configuration:

So, I guess an autoconfiguration put the tld in twice.???

I tried to include a full YunoPaste but got complant from forum about new users are allowed 5 links.

Yep, im new.

1 Like

You can change the domains that are considered as links, so you might be ablo to post a “real” link.

For Let’s encrypt, I’m really not sure but I think that it will need port 80 for the verification before generating the certificate, there might be a way to run around this, but it is somewhere hidden in the forum :sweat:

I can confirm that port 80 will be needed by Lets Encrypt, there’s no easy way around this without having to tweak stuff a lot

The issue with XMPP CNAMEs records is not related, this is a small bug in Yunohost that we need to dig in at some point, but will only prevent XMPP from working properly, not other part of the system

1 Like

J’ai la même erreur de Tld qui se répète dans l’enregistrement DNS et cela a pour moi 3 effets trés génants:

  1. SNAPPY Mail ne me permet pas d’envoyer un mail alors qu’il n’y a aucun problème dans le système mail

  2. Let’s encrypt ne marche pas systématiquement

  3. Sur la commande sudo yunohost dyndns update --force après reboot du système, la réponse a été:
    Info: Updated needed, going on…
    Error: The peer didn’t know the key we used
    Info: The operation ‘Update the IP associated with your YunoHost subdomain ‘’’ could not be completed. Please share the full log of this operation using the command ‘yunohost log share’ to get help
    Le fichier log est: dont la dernière ligne est:
    2022-08-30 19:03:21,842: ERROR - The peer didn’t know the key we used

Le log du diagnostic est à:

Comme expliqué je doute fortement que le soucis sur les enregistrements CNAME XMPP aient un quelconque impact sur le mail et sur Lets Encrypt …

1 Like

Hi, welcome to the forums!

That is quite annoying. Reading you have used Freedombox before, I guess you already tried: did you ask your ISP whether they can make case-by-case exceptions to their blocking of port 80?

I think the easiest workaround to get Letsencrypt working is to have a VPN (with public IP and non-blocked ports) pointing to your server. The cheapest way to run that might be a light weight VPS, which in some respects defeats the purpose of running a homeserver :-/

As long as you are the only user of the services on your Yunohost, you could import the self signed certificate to receive fewer SSL/TLS-warnings.

Thanks for the replies !

I’m trying to use one of my noip dyndns domains…just testing for now.

Isp forbids running any servers. I think port 80 could open if you get a business account. Im trying to have a server for only the cost of electricity.

I dont understand why, but i can get freedombox to work with letsencrypt. Or I tricked my self into thinking it worked.

I love tinkering in my home network.

1 Like

Maybe they’re using the DNS challenge of Lets Encrypt (which we do not suppport) or I think they have a thing with onion domains (though you probably werent using those ?)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.