Hardware: Proxmox VM on Hetzner root server YunoHost version: 11.2.14.1 I have access to my server : Through SSH, through the webadmin, direct access via keyboard / screen. (All of that). Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no If yes, please explain:
Description of my issue
Tried to get Letsencrypt certificate for Yunohost with only one domain configured
From ssh console with commands:
yunohost domain cert-install maindomain.tld --no-checks --force
and
yunohost domain cert-install maindomain.tld --no-checks --debug
From the web-interface.
With different options: XMPP active/non-active, force HTTPS: YES and NO
Additional information
āmaindomain.tldā is a third level domain name. The Registrar and DNS server provider is Hetzner.
Meh, if you did set up the corresponding DNS record for muc. then I donāt see why that would fail ā¦ On the other hand, maybe if you donāt care about XMPP, just disable XMPP in the webadmin > Domains > yourdomain.tld > āXMPPā toggle in the āFeatureā thing
Did you check your firewalls logs for your manual test connections and the connection that is coming in for actual validation? Do they have the same entries? In case thereās no difference: Does your firewall allow to capture connections? Can you find any differences between your testing connection and the incoming validation http request?
Thanks to all participants for their help! Problem solved, certificate received ))
This was definitely an IPFire issue.
It turns out there are two main questions about Letās encrypt and IPFire:
To disable Reverse Path Filtering you should either use command line approach:
sysctl net.ipv4.conf.default.rp_filter=2
sysctl net.ipv4.conf.all.rp_filter=2
sysctl -w
or:
add (edit) those strings to /etc/sysctl.conf and reboot the IPFire host.