Unable to renew let´s encrypt certificate

My YunoHost server

Hardware: Raspberry Pi 3 model B rev 1.2
YunoHost version: 11.1.3 testing
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

since yunohost version i´m unable to renew Let s encrypt certificate.

I receive a mail every day like this:

Url: http://muc.mydomain.ynh.fr/.well-known/acme-challenge/QbfEA98PPj6aPZ2UH-l44-ytGjBX-yqPjd9WEXoFENQ
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)>

here the full logs:

Thank you for your help.

Does the diagnosis complain about something like manually changed configuration ?

no only applications flagged as broken Kanboard, Netdata,Guacamole

yunohost tools regen-conf says

/etc/ldap/slapd.ldif’ has been manually modified and will not be updated

Considering that you’re on 11.1.3, and assuming that you ain’t using XMPP, I would go to Domains > yourdomain.tld, and disable ‘XMPP’ in the features

Thank you ! That solves my problem.

Service metronome is stopped now in diagnosis after this warning:

WARNING - Job for metronome.service failed because the control process exited with error code.
2023-01-20 16:16:51,134: WARNING - See “systemctl status metronome.service” and “journalctl -xe” for details.
2023-01-20 16:16:52,139: ERROR - Could not run script: /usr/share/yunohost/hooks/conf_regen/12-metronome
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/hook.py”, line 298, in hook_callback
hook_return = hook_exec(
File “/usr/lib/python3/dist-packages/yunohost/hook.py”, line 386, in hook_exec
raise YunohostError(“hook_exec_failed”, path=path)
yunohost.utils.error.YunohostError: Could not run script: /usr/share/yunohost/hooks/conf_regen/12-metronome

logs here https://paste.yunohost.org/raw/xifalizuda

Same problem here since 11.1.2, not resolved with 11.1.3.

Log here : https://paste.yunohost.org/raw/keletebuqi

No problem on diagnosis page.

Working after disabling xmpp, but it’s only a temporary fix (I need XMPP but certificate was very close to expire so I may not use it while the bug is fixed)

Same problem here too on a VPS running Debian 11.6. It started with 11.1.2, and is not resolved with 11.1.3.
My domain had expired, trying to renew it ran into the same certificate verify failed: unable to get local issuer certificate error.
Disabling XMPP did the trick (sudo yunohost domain config set mydomain.tld feature.xmpp.xmpp -v no)
Then renewing the certificate worked (sudo yunohost domain cert renew mydomain.tld), although it showed the following warning, which I assume to be related to having just disabled XMPP:

Job for metronome.service failed because the control process exited with error code.
See “systemctl status metronome.service” and “journalctl -xe” for details.
Warning: Could not execute the command ‘systemctl restart metronome’

Diagnosis shows the following warning & errors (nothing new, apart from the metronome/XMPP ones): https://paste.yunohost.org/raw/adudecajag

Looks like it’s solved with 11.1.5 (stable) :smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.