YunoHost 3.6 release / Sortie de YunoHost 3.6

Bon de mon coté ca a planté le serveur d’avoir fait la maj :’(.
Biensur je n’ai pas fait atteniton que c’etait une grosse maj et je n’ai pas fait de save avant :’( :cry:

En gros je n’ai plus d’acces à ynh, mais je peux me ocnnecté en ssh.
Je ne sais pas quoi faire …

@hercut: regarde si les services les plus courants sont fonctionnels:

systemctl status nginx
systemctl status yunohost-api
systemctl status php7.0-fpm
systemctl status mysql

SI l’un d’eux est pas “up”, essaie de le redémarer :

systemctl start NOM_DU_SERVICE

Et si ça ne marche toujours pas, essaie de comprendr eles logs où copie les ici. Pour voir les logs d’un services:

journalctl -u NOM_DU_SERVICE

Merci de ton retour, c’est nginx qui plante …

Voila le retour du log de nginx :

Résumé
-- Logs begin at Mon 2019-07-08 09:41:10 UTC, end at Mon 2019-07-08 10:19:54 UTC. --

Jul 08 09:41:18 nuage.ndd.fr systemd[1]: Starting A high performance web server and a reverse proxy server...

Jul 08 09:41:23 nuage.ndd.fr nginx[643]: nginx: [emerg] BIO_new_file("/etc/yunohost/certs/ndd.fr/crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:

Jul 08 09:41:23 nuage.ndd.fr nginx[643]: nginx: configuration file /etc/nginx/nginx.conf test failed

Jul 08 09:41:23 nuage.ndd.fr systemd[1]: **nginx.service: Control process exited, code=exited status=1**

Jul 08 09:41:23 nuage.ndd.fr systemd[1]: **Failed to start A high performance web server and a reverse proxy server.**

Jul 08 09:41:23 nuage.ndd.fr systemd[1]: **nginx.service: Unit entered failed state.**

Jul 08 09:41:23 nuage.ndd.fr systemd[1]: **nginx.service: Failed with result 'exit-code'.**

Jul 08 10:18:32 nuage.ndd.fr systemd[1]: Starting A high performance web server and a reverse proxy server...

Jul 08 10:18:32 nuage.ndd.fr nginx[3222]: nginx: [emerg] BIO_new_file("/etc/yunohost/certs/ndd.fr/crt.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory

Jul 08 10:18:32 nuage.ndd.fr nginx[3222]: nginx: configuration file /etc/nginx/nginx.conf test failed

Jul 08 10:18:32 nuage.ndd.fr systemd[1]: **nginx.service: Control process exited, code=exited status=1**

Jul 08 10:18:32 nuage.ndd.fr systemd[1]: **Failed to start A high performance web server and a reverse proxy server.**

Jul 08 10:18:32 nuage.ndd.fr systemd[1]: **nginx.service: Unit entered failed state.**

Jul 08 10:18:32 nuage.ndd.fr systemd[1]: **nginx.service: Failed with result 'exit-code'.**

Hmben on dirait que un des certifs a disparu, même si j’ai du mal a voir pourquoi/comment ça pourrait se produire …

Tu peux tenter de le regenerer avec yunohost domain cert-install tondomaine.tld

Ca ne fonctionne pas.
Meme en ip local je n’ai pas acces " Ce site est inaccessible".

Résumé
root@nuage:~# domain cert-install nuage.ndd.fr

-bash: domain: command not found

root@nuage:~# yonohost domain cert-install nuage.ndd.fr

-bash: yonohost: command not found

root@nuage:~# yunohost domain cert-install nuage.ndd.fr

**Error:** The certificate for domain nuage.ndd.fr is not self-signed. Are you sure you want to replace it? (Use --force)

root@nuage:~# yunohost domain cert-install nuage.ndd.fr --force

**Info:** Now attempting install of certificate for domain nuage.ndd.fr!

**Info:** Parsing account key...

**Info:** Parsing CSR...

**Info:** Found domains: nuage.ndd.fr

**Info:** Getting directory...

**Info:** Directory found!

**Info:** Registering account...

**Info:** Already registered!

**Info:** Creating new order...

**Info:** Order created!

**Info:** Verifying nuage.ndd.fr...

**Error:** Wrote file to /tmp/acme-challenge-public/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U, but couldn't download http://nuage.ndd.fr/.well-known/acme-challenge/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U: Error:

Url: http://nuage.ndd.fr/.well-known/acme-challenge/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U

Data: None

Response Code: 404

Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>404 Not Found</title>

</head><body>

<h1>Not Found</h1>

<p>The requested URL /.well-known/acme-challenge/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U was not found on this server.</p>

<hr>

<address>Apache/2.4.25 (Raspbian) Server at nuage.ndd.fr Port 80</address>

</body></html>

**Warning:** Debug information:

 - domain ip from DNS ip.ip.ip.ip

 - domain ip from local DNS ip.ip.ip.ip

 - public ip of the server ip.ip.ip.ip

**Warning:** Debug information:

 - domain ip from DNS ip.ip.ip.ip

 - domain ip from local DNS ip.ip.ip.ip

 - public ip of the server ip.ip.ip.ip

**Error:** Certificate installation for nuage.ndd.fr failed !

Exception: Signing the new certificate failed

**Info:** The operation 'Install Let's encrypt certificate on 'nuage.ndd.fr' domain' has failed! To get help, please share the full log of this operation using the command 'yunohost log display 20190708-120719-letsencrypt_cert_install-nuage.ndd.fr --share'

root@nuage:~# yunohost domain cert-install nuage.ndd.fr

**Error:** The certificate for domain nuage.ndd.fr is not self-signed. Are you sure you want to replace it? (Use --force)

Il semble que apache2 soit installé !
Si tu le stoppes puis que tu réessaies ?

systemctl stop apache2
yunohost domain cert-install nuage.ndd.fr --force

No, it’s never needed with YunoHost itself, it’s only if you’ve installed a new version of the kernel and you want to use it (especially if it’s a security release.)

Ca fonctionne pas, mais ce que je comprend pas, si pas de ssl, je devrais quand meme pouvoir rentrer sur le serveur en local ?

Voila le resulta :

Résumé

Error: Wrote file to /tmp/acme-challenge-public/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U, but couldn’t download http://nuage.ndd.fr/.well-known/acme-challenge/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U: Error:

Url: http://nuage.ndd.fr/.well-known/acme-challenge/hyOHZyAzKxaDhysl3ZYZTaUe2CA8DiZsVnLZ-NJpo7U

Data: None

Response Code: None

Response: <urlopen error [Errno 111] Connection refused>

Warning: Debug information:

  • domain ip from DNS ip.ip.ip.ip

  • domain ip from local DNS ip.ip.ip.ip

  • public ip of the server ip.ip.ip.ip

Warning: Debug information:

  • domain ip from DNS ip.ip.ip.ip

  • domain ip from local DNS ip.ip.ip.ip

  • public ip of the server ip.ip.ip.ip

Error: Certificate installation for nuage.ndd.fr failed !

Exception: Signing the new certificate failed

Info: The operation ‘Install Let’s encrypt certificate on ‘nuage.ndd.fr’ domain’ has failed! To get help, please share the full log of this operation using the command ‘yunohost log display 20190708-125831-letsencrypt_cert_install-nuage.ndd.fr --share’

Me too… I can’t reach my server anymore :frowning:
First time is happen with Yunohost !
I can’t access to my server even on ssh…

Is there another way to connect to my kimsufi server to get the last backup ?

When I look at Kimsufi monitoring, I see the 5 processes using more RAM as usual : fail2ban, Matrix, coturn, php-fpm, mysqld
So the server is running, probably a certificate problem what Riot and Nextcloud client are telling me when I try to connect them to my server.

Maybe my prays to the god of Yunohost server have worked… my server is accessible again this morning.
I can’t find logs explaining what happened, can you tell me where to look at?

My only indication were Nextcloud clients on Android device and desktop telling me “SSL exception” “invalid SSL certificate”
And of course impossible to reach SSO authentification webpage and SSH connexion refused.

My first action this morning: make a full backup and download the backup :wink:

Uuuh maybe it could be a certificate renewal ? You can look at the recent logs in Tools > Logs … then I would expect to find a cert renewal during the night (at least that’s by best guess)

4 posts were split to a new topic: Incompatibilité avec Android < 5.x

Hello,

@Aleks in tools / Logs, I can’t find anything related to renewal of certificate. Indeed, according to these logs, nothing happened during the night. Is there another place where I can find more detailed logs ?
Indeed I have received a cron report by Email at 6:00am that doesn’t appear in the logs:

/etc/cron.daily/logrotate:
metronome.service is not active, cannot reload.
error: error running shared postrotate script for '/var/log/metronome/metronome.log /var/log/metronome/metronome.err '
run-parts: /etc/cron.daily/logrotate exited with return code 1

But even more strange, I had again the same problem yesterday.
I could connect to webadmin, and then, with filezilla (SSH), download my full backup in case.
But then around 09:30pm, after running a simple debian package update from the webadmin, I could not access anymore to webadmin and SSH.
All accesses were blocked.
According to Firefox, it seems there is no certificate in place.
The server is running (according to Kimsufi monitoring tool) but I can’t access to it.

This morning the server is still unreachable but miracle of the god of Yunohost, around 10:00am, the server is accessible again… like yesterday morning.

Is my Yunohost server taking habit to have a lie-in :sleeping_bed: every day? :frowning:

I would be really interested to understand what is happening.
I guess something linked to certificate but I will be happy to know more.

After something like 15 years in technical computing, I too came to the conclusion that All Computers Are Broken, and the only reasonable explanation in all this system administration craziness is that the world is filled with sneaky, evil little daemons who like to go from one computer to another and break random stuff on their track :confused:

Other than that uh idk … is there anything new in particular in YunoHost operations logs ? If you are able to connect through SSH, are you able to repair the certificate using for example yunohost domain cert-renew your.domain.tld ?

:laughing:

I’ll try tonight to connect trough SSH and renew all domain / sub domains certificates. Indeed this affect also subdomains (the one for Matrix/Riot is also unreachable in that situation)

Yesterday, I had difficulties to connect to SSH through console but FileZilla was succeeding. Hope tonight will be more successful.

Strange Yunohost server…

Hmokay, wondering if you can check what’s the status of the symlink in the cert folder.

So please prior to anything, run the command :

ls -l /etc/yunohost/certs

and same the output somewhere … maybe that’s a bug similar to @hercut and we could be able to pinpoint what happens exactly :+1:

Hum hum comment dire…
Well, this is embarrassing…

Brain off
I can’t connect to my Yunohost server :angry: … Firefox seems to say there is no certificate existing. Connexion refused.
Aaaaargh what happened during the upgrade to 3.6. !!! … what have they changed in the config?

Brain on
Well… why my server seems working normally according to Kimsufi monitoring?
Why my mobile can’t connect to the server in Wifi but I just find out I can reach it in 3G…

Have I change something else before or just after the upgrade to 3.6.
If brain on… let’s think a little bit…

eeerrr… hum hum… oooh yes, I have changed my passwords (admin and user) to keep them max 1 year… and so is the problem “password” related or “upgrade 3.6” related?
If I can connect to the server in 3G, so the server is working properly… wouldn’t it be linked to the change of password.

I have several apps (Nextcloud client, Riot,…) on my laptop and my smartphone trying to connect to the server still with old paswords… wouldn’t it be possible I have been banned by my own server?
Let have a look at fail2ban and try to unban my IP…
:confounded: :confused:
Connexion to my Yunohost server works again!

Sorry @Aleks to make you look for a solution to my problem when my problem was not related at all to the 3.6. upgrade.

I’ll promise I’ll try to mobilse my brain earlier next time :wink:

1 Like

Excellent travail
Félicitations à tous les développeurs… Je n’ose même pas imaginer la tonne de travail que cela représente !
Enjoy !

1 Like

Heuuu … pas de chance de mon côté: depuis la mise à jour, le serveur n’est plus accessible depuis l’extérieur: ça mouline, et finalement abouti sur un renoncement “temps trop long”. J’ai accès en SSH, et j’ai accès via l’interface web depuis chez moi. Il n’y a pas de problème de DNS (www.whatsmydns.net met le site en vert), et le certificat est ok (retour des lignes de commandes). Tous les services sont marqués “active” et “running” dans l’interface web admin, mais en ligne de commande en ssh, j’ai postfix, nginx et yunohost-firewall qui sont certes marqués “active”, mais qui sont aussi marqué “exited” et pas “running”. Pas de chance … J’ai essayé un peu tout ce que je pouvais essayer, mais là, c’est la poisse. Je vais ouvrir un post spécifique dès que je peux … À moins qu’une solution simple ne soit dispo ?
Précision: une Pi; un site en nohost.me; que des apps officielles

ET relacer les services ça ne marche pas ?

systemctl nginx start
systemctl postfix start
systemctl yunohost-firewall start