Unable to install letsencrypt certificate

Support
,
1

Hello,

My YunoHost configuration

Hardware: Cubietruck
Internet access: ethernet at home
YunoHost version:
yunohost: 2.7.12 (stable)
yunohost-admin: 2.7.12 (stable)
moulinette: 2.7.12 (stable)
ssowat: 2.7.12 (stable)
Have you personalized your yunohost with some specifics configurations or do you use only the yunohost cli/webadmin tool ? basic

Description of my problem

Try to install a certificate for a second domain with command line:
yunohost domain cert-install your.domain.tld --no-checks --debug

440 DEBUG loading actions map namespace ‘yunohost’
553 DEBUG extra parameter classes loaded: [‘ask’, ‘password’, ‘required’, ‘pattern’]
555 DEBUG initializing base actions map parser for cli
562 DEBUG registering new callback action ‘yunohost.utils.packages.ynh_packages_version’ to [’-v’, ‘–version’]
1133 DEBUG initialize authenticator ‘ldap-anonymous’ with: uri=‘ldap://localhost:389’, base_dn=‘dc=yunohost,dc=org’, user_rdn=‘None’
1144 DEBUG lock has been acquired
1409 DEBUG loading python module yunohost.domain took 0.263s
1410 INFO processing action [9953.1]: yunohost.domain.cert-install with args={‘no_checks’: True, ‘force’: False, ‘domain_list’: [‘your.domain.tld’], ‘self_signed’: False, ‘auth’: <moulinette.authenticators.ldap.Authenticator object at 0xb66278f0>, ‘staging’: False}
7953 INFO Starting new HTTP connection (1): ip_address
7962 DEBUG Couldn’t reach domain ‘your.domain.tld’ by requesting this ip ‘ip_address’ because: (‘Connection aborted.’, BadStatusLine("’’",))
7964 INFO Now attempting install of certificate for domain your.domain.tld!
7968 INFO Nginx configuration file for ACME challenge already exists for domain, skipping.
7969 DEBUG Making sure tmp folders exists

8166 INFO Prepare key and certificate signing request (CSR) for your.domain.tld

37264 INFO Saving to /tmp/acme-challenge-private/your.domain.tld.csr.
37266 INFO Now using ACME Tiny to sign the certificate

37268 INFO Parsing account key

37382 INFO Parsing CSR

37444 INFO Registering account

39180 INFO Already registered!
39182 INFO Verifying your.domain.tld

40521 ERROR ‘’
40725 WARNING Debug information:

  • domain ip from DNS ip_address
  • domain ip from local DNS ip_address
  • public ip of the server ip_address

40733 ERROR Certificate installation for your.domain.tld failed !
Exception: [Errno 22] La signature du nouveau certificat a échoué
40736 DEBUG action [9953.1] executed in 39.324s
40738 DEBUG lock has been released

I had no issue when I installed the first certificate.

What is exastly error 22?
What must be corrected?

Thanks in advance

Steve

2

Weeeeell as it says, error 22 is that the signature of the new certificate failed

The real question is to understand what’s the true error behind that :stuck_out_tongue:

and the logs says :

ERROR ‘’

which isnt really helpful 
 Soooo I dunno what to do about this :confused: Somebody had a similar situation a few days ago and it just resolved by itself after a few days 
 I don’t understand what’s behind that :confused:

3

I think I have an issue to see the HTTP server


How to check if HTTP server is really accessible?

Thank you in advance

Steve

4

Hmmm yea that’s really weird


Well, are you able to access your server via http://yourdomain.tld both from inside your local network and from outside ? You can also use https://ports.yunohost.org/ to diagnose if port 80 looks open

(‘Connection aborted.’, BadStatusLine("’’",) really looks like a weird error. I see an issue here talking about something similar https://github.com/requests/requests/issues/2364 and it really looks like low-level network stuff
 Do you have anything particular in your network setup somehow ?

5

I used the following command to check accessibility: curl http://your.domain.tld

From local network, I got the following response:

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

From outside, I got the following response:

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

Both responses are identical.

https://ports.yunohost.org gives me the below result.
However, I do not know why port 80 appears twice.

image
image.png1080×1582 149 KB

6

I found a solution in the following thread (it is in french): Renew LE certificat - Error: [Errno 22]

It is due to the fact I have a dynamic IPv4 address and this is not handle in YUNoHost.
I had to execute the following command:

yunohost service regen-conf dnsmasq

Now I can renew my LE certificat.
But installing a new certificate for another domain does not work.

2 Likes
7

This solution is useful.I will try this command to install letsencrypt certificate.

8

This solution worked wonderfully for me! Thank you so much!

9

I solved the issue by modifying /etc/hosts like explained in this page:

127.0.0.1 localhost your.domain.tld

10

hey so, the install lets encrypt is greyed out on the side
 so i tried the command but i only get this error [replaced my real domain with “mydomain.com” to post here but i promise its the right one.]

root@games:~# yunohost domain cert-renew mydomain.com --no-checks --debug
110 DEBUG loading actions map namespace ‘yunohost’
125 DEBUG extra parameter classes loaded: [‘comment’, ‘ask’, ‘password’, ‘required’, ‘pattern’]
125 DEBUG initializing base actions map parser for cli
126 DEBUG registering new callback action ‘yunohost.utils.packages.ynh_packages_version’ to [’-v’, ‘–version’]
Traceback (most recent call last):
File “/usr/bin/yunohost”, line 213, in
timeout=opts.timeout,
File “/usr/lib/python2.7/dist-packages/moulinette/init.py”, line 133, in cli
‘parser_kwargs’: parser_kwargs,
File “/usr/lib/python2.7/dist-packages/moulinette/core.py”, line 368, in init_interface
return interface(amap, **kwargs)
File “/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py”, line 387, in init
m18n.set_locale(get_locale())
File “/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py”, line 171, in get_locale
lang = locale.getdefaultlocale()[0]
File “/usr/lib/python2.7/locale.py”, line 545, in getdefaultlocale
return _parse_localename(localename)
File “/usr/lib/python2.7/locale.py”, line 477, in _parse_localename
raise ValueError, ‘unknown locale: %s’ % localename
ValueError: unknown locale: UTF-8

11

Meh 
 I dunno which lang you speak, but can you retry after running export LC_ALL=en_US.utf8 (or maybe also export LANG=en_US.utf8) ?

Those locale issues are fucking madness :expressionless:

12

You have to regenerate the nginx config, and then installing a letsencrypt certificate will work again!

sudo yunohost nginx regen-conf --force (un truc dans le genre)

13

Have you read the stacktrace


14

thanks [russian]

16

that command also simply doesn’t work

17