Unable to install cert yunohost using dehydrated

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
sauron2.nohost.me

I ran this command:
Built-in yunohost letsencrypt installer

It produced this output:
Certificate installation for sauron2.nohost.me failed !
Exception: [Errno 22] Signing the new certificate failedsauron2.nohost.me
challenge did not pass: {u’status’: u’invalid’, u’validationRecord’:
[{u’addressesResolved’: [u’47.208.96.9’], u’url’:
u’http://sauron2.nohost.me/.well-known/acme-challenge/9JqbnzsHAxPpb6-coj_hgy-H3HxnVQsQeeLE6e1n8Xc’,
u’hostname’: u’sauron2.nohost.me’, u’addressesTried’: [],
u’addressUsed’: u’47.208.96.9’, u’port’: u’80’}], u’keyAuthorization’:
u’9JqbnzsHAxPpb6-coj_hgy-H3HxnVQsQeeLE6e1n8Xc.hQ18he5CYFLemZ42NLVc0tue9pVmPblbV0Wj93BpRGI’,
u’uri’:
u’https://acme-v01.api.letsencrypt.org/acme/challenge/kx3Q06w9_8DST282aKfszz36QC2P73HzEJMPiNW0-LM/2277194330’,
u’token’: u’9JqbnzsHAxPpb6-coj_hgy-H3HxnVQsQeeLE6e1n8Xc’, u’error’:
{u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’:
u’Fetching
http://sauron2.nohost.me/.well-known/acme-challenge/9JqbnzsHAxPpb6-coj_hgy-H3HxnVQsQeeLE6e1n8Xc:
Timeout’}, u’type’: u’http-01’}

My web server is (include version):
yunohost 2.7.2

The operating system my web server runs on is (include version):
Debian Jessie

My hosting provider, if applicable, is:
self

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes, yunohost

I’ve largely given up trying to reach my server via port 80, and started looking into alternative verification methods. Consequently, I found and ran:

apt-get install -y git ruby letsencrypt
git clone https://github.com/lukas2511/dehydrated.git
git clone https://github.com/jbjonesjr/letsencrypt-manual-hook.git dehydrated/hooks/manual
generate certificate with manual DNS challenge confirmation for www.example.com (replace with your domain):

./dehydrated/dehydrated -c -t dns-01 -d www.example.com -k ./dehydrated/hooks /manual/manual_hook.rb

Output:

mike@sauron:~$ ./dehydrated/dehydrated -c -t dns-01 -d www.sauron2.nohost.me -k ./dehydrated/hooks/manual/manual_hook.rb

!! WARNING !! No main config file found, using default config!

To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf

To accept these terms of service run ./dehydrated/dehydrated --register --accept-terms.
mike@sauron:~$ ./dehydrated/dehydrated --register --accept-terms

!! WARNING !! No main config file found, using default config!

  • Generating account key…
  • Registering account key with ACME server…
  • Done!

I have no idea what to do at this point. It looks successful, but my server is still self-signed. What do I have to do? I have been struggling with this for 3 days now. I hope someone can help :slight_smile:

LE is unable to find the vhost file for
sauron2.nohost.me

And the Internet can't find the site: http://downforeveryoneorjustme.com/sauron2.nohost.me

I don’t know where the vhost file should be, or even what it is :stuck_out_tongue:

And yes, my site is inaccessible via http (why I can’t use the built-in letsencrypt tool on yunohost), but it is accessible via https.

Talk with the provider about how to get authenticated via https
And where the vhost config files are stored

I have not found anyone who can tell me how to get authenticated via https over there. Is /etc/nginx/ a likely location for my vhost config files? I’m sorry for my low level of understanding here :slight_smile:

You say you can log in as root.
Do you run the LetsEncrypt command from a Linux prompt or control panel menu?

From a ssh linux prompt.

What is the complete command you ran?

I have pasted them above. My first attempt was via yunohost control panel menu. This is failing due to problems with port 80.

After repeated failures trying to install letsencrypt like that, I sought out alternative methods. I found one utilizing dehydrated which looked promising, so I tried that. I ssh’d into my server and ran:

apt-get install -y git ruby letsencrypt
git clone https://github.com/lukas2511/dehydrated.git
git clone https://github.com/jbjonesjr/letsencrypt-manual-hook.git dehydrated/hooks/manual

./dehydrated/dehydrated -c -t dns-01 -d www.example.com -k ./dehydrated/hooks /manual/manual_hook.rb

mike@sauron:~$ ./dehydrated/dehydrated -c -t dns-01 -d www.sauron2.nohost.me -k ./dehydrated/hooks/manual/manual_hook.rb
!! WARNING !! No main config file found, using default config!

To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf

To accept these terms of service run ./dehydrated/dehydrated --register --accept-terms.
mike@sauron:~$ ./dehydrated/dehydrated --register --accept-terms
!! WARNING !! No main config file found, using default config!

Generating account key…
Registering account key with ACME server…
Done!

That’s it. That is all I have done. Thanks you for your help and patience.

I’m sorry I’m not familiar with dehydrated.
I’ve updated the post topic to include it - maybe someone who is more familiar will see it and help.

Thank you. I am also completely open to help implementing any other technique resulting in a successful cert.

I would try certbot-auto.
And I would start here https://certbot.eff.org/all-instructions/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.