I am pretty new to running servers, but have managed to install yunohost from the latest raspberry pi image, and have successfully set up a .nohost.me domain with a wordpress instance running. The site and server seems to be open and available from outside the local network, and all relevant ports should be open. Nevertheless I am unable to install a certificate:
"This domain doesn’t seem ready for a Let’s Encrypt certificate. Please check your DNS configuration and HTTP server reachability."
Also all services do not seem to be running: ssl is inactive and not-found, as is udisks2 and nsswitch. It is not possible to enable or start these services.
Should I try to start from scratch reinstalling everything or is there something I could do to get these services and certificate installed?
Hi there,
can you try to add a line in your /etc/hosts (on your server) with :
127.0.0.1 yourdomain.nohost.me
and see if that fixes the issue ?
(Sorry about the ‘ssl’ and ‘udisks2’ services, you don’t really need to care about these as they are old stuff which are not really relevant anymore. nsswitch however should be running and you should be able to start/restart it. But that’s kind of unrellated to the certificate issue anyway, I think)
Thank you that worked very well!
When installing the server I first used yunohost.local as a test domain before switching to the current .nohost.me as the main domain, and I wonder if there might still be a reference to yunohost.local somewhere in the system.
Anyway, I still haven’t got nsswitch running, but at least I managed to install the certificate and everything seems to work all right.
Thank you that worked very well!
Nice 
(In the future 2.6, this should work without needing to add the line in /etc/hosts)
When installing the server I first used yunohost.local as a test domain before switching to the current .nohost.me as the main domain, and I wonder if there might still be a reference to yunohost.local somewhere in the system.
Well, if you deleted the domain (yunohost domain delete (or remove ?)), then it should be okay. You can check if yunohost still know the domain with (yunohost domain list) (Or you can do all this via the web admin)
Sorry about the nsswitch thing, I’m not entirely sure what it’s used for, but at least if everything works then that’s good enough I guess
I am having the same issue with a private domain on my Raspberry Pi. I tried adding the line as per advice above, but still get same error when trying to add Let’s Encrypt.
This is what I did in Putty:
And this is the error:
What am I missing?
Thanks!
Strathy
i am in similar situation, so will follow the subject.
Ya … I’m still stuck on this problem too. @daggaboo … does my screenshot of my /etc/hosts look the same as yours?
@Strathy I wasn’t shure what the last line should refer to so I set both 127.0.0.1 and 127.0.1.1 to point to my .nohost.me domain (as well as yunohost.local, since that was the first domain I used when installing the server). I then managed to install the certificate with the command “sudo yunohost domain cert-install --no-checks”.
I later read that the 127.0.1.1 line should point to the nost name and not the domain name, so I changed that back to “YunoHost” just like it says in your host file (and deleted the reference to “yunohost.local” as well), but I really don’t know if that did any difference when installing the certificate.
@daggaboo Excellent! I’ve got it installed now too. Here is some updated info for anybody else having this issue.
Adding the changes to 127.0.0.1 and 127.0.1.1 did nothing. I changed those but the ‘one button install’ still said “This domain doesn’t seem ready for a Let’s Encrypt certificate. Please check your DNS configuration and HTTP server reachability” and I could not click on the button.
So I changed the setting at /etc/hosts back to their original setting. So 127.0.0.1 points to localhost and 127.0.1.1 points to YunoHost.
I then ran the line you suggested as root using Putty (I’m on a Windowz system) and Let’s Encrypt installed (see screenshots below.) Running “sudo yunohost domain cert-install --no-checks” was/is kinda scary for me as I really don’t know what that does or did other than it worked. For instance, what does ‘no-checks’ mean … does this mean I’ve opened some security issue somehow. I don’t know. All I know is that it works and no more warnings on my domain.
So to sum up, I don’t think the changes t o /etc/hosts make the difference … the main difference is that the command line somehow bypasses something that the ‘one-button’ install does not like. (I’m not a programmer or an admin … I’m just an end user who is learning as I go.) Hope that helps others in this situation.
I then ran the line you suggested as root using Putty (I’m on a Windowz system) and Let’s Encrypt installed (see screenshots below.) Running “sudo yunohost domain cert-install --no-checks” was/is kinda scary for me as I really don’t know what that does or did other than it worked. For instance, what does ‘no-checks’ mean … does this mean I’ve opened some security issue somehow. I don’t know. All I know is that it works and no more warnings on my domain.
Eh, yes sorry about that. Short answer is : there is not security risks involved with running this command with --no-checks. Your system is perfectly fine.
Long answer : when you try to install a certificate, before doing anything, Yunohost will first attempt to detect if your domain is correctly configured (DNS correctly set up, and domain/server accessible from outside). These are “the checks”. In some setups, it looks like Yunohost mistakenly conclude that the DNS is badly configured and/or that the server is not accessible from outside. (The second one is the most tricky I think). Yunohost will abort the certificate installation if one of these is not fulfilled. However, you can bypass them (hence the --no-checks). The only “risk” is that the certificate validation fails (i.e. your server attempting to interact with Let’s Encrypt server’s to validate that you are legitimate to receive a certificate). It won’t break your system in any way, it will just display a ~dirty/technical error like Couldn't reach http://your.domain.tld/.well-known/acme-challenge/abcdefijklmnopqrstuvwxyz which doesn’t really help you know how to fix it.
Thing is, Yunohost “checks” should be more accurate and not generate so many false-negative (that is : saying your domain is badly configured when it’s actually correctly working). But for that we need more weird setups where we can tweak the checks for them to work as expected. And/or we need to change the “check” strategy ;).
Hope that helps !
I want to get this a little more front and center as this is what finally solved my cert problem. Same problem as everyone above. To solve SSH in, and run the following command:
sudo yunohost domain cert-install --no-checks
After running that, everything was hunky-dory.
This presupposes you have properly set up DNS and can access your server from outside your network. A good check would be to turn off WiFi on you cell phone and try from there. If you get to the login, you should be good to go.