Error during cert renewal

Hi all

I have an error during the cert renew process.

Performing the following challenges:
http-01 challenge for mail.pirboazo.net
Using the webroot path /var/snap/platform/common/certbot/www for all unmatched domains.
Waiting for verification…
Challenge failed for domain mail.pirboazo.net
http-01 challenge for mail.pirboazo.net

The domain mail.pirboazo.net it not manage on my syncloud platform :frowning: but by an email manager.

Actualy

for resolve this pb i must modify the IP on dns .

Questions
Can I change the http-01 challenge for “mail.pirboazo.net” by “pihole.pirboazo.net

Or

How can i suppress this domain in the list of renew ? …

2021-09-20 21:47:39,199 - certbot - INFO - /snap/platform/current/bin/certbot --logs-dir=/var/snap/platform/common/log --max-log-backups 5 --config-dir=/var/snap/platform/common/certbot --agree-tos --email root@pirboazo.net certonly --force-renewal --cert-name pirboazo.net --webroot --webroot-path /var/snap/platform/common/certbot/www -d pirboazo.net -d bitwarden.pirboazo.net -d diaspora.pirboazo.net -d files.pirboazo.net -d gogs.pirboazo.net -d home-assistant.pirboazo.net -d installer.pirboazo.net -d mail.pirboazo.net -d nextcloud.pirboazo.net -d notes.pirboazo.net -d openvpn.pirboazo.net -d pihole.pirboazo.net -d platform.pirboazo.net -d plex.pirboazo.net -d rocketchat.pirboazo.net -d syncthing.pirboazo.net -d users.pirboazo.net -d wordpress.pirboazo.net

Maybe i need to do both?

Merci, Thanks
Pierre

Hi Pierre,

What you are looking for is this instruction Custom domain · syncloud/platform Wiki · GitHub

In short to get a valod certificate for custom domains where Syncloud does not maintain DNS you need two things:

  1. Setup DNS wildcard to point at your IP on your DNS provider.
  2. Open (port forward on your router) port 80 to allow Let’s Encrypt to do it’s http-01 challenge validation.

Of course I want to tell you that our Premium Service already covers the first part and will cover the second part automatically soon.

Hi Boris,

You said me :

It done but as i need to have a record mail.pirboazo.net who point an another IP address, the challenge do not work.
I didn’t need of certificate for this sub-domain.

I have a workaround but it not satisfactory because it ask a manual intervention

Regards
Pierre

I see, unfortunately right now we try to generate a certificate for all the apps in the store regardless if it is installed or not. This is done so user does not wait for a certificate after installing an app. Also mail is one of the apps. This process uses http validation of every app domain name.

So this is not supported at the moment.

Also we are moving to a wildcard certificate but that will only be available in free and premium modes where we control dns.

Hi Boris ,

Thanks a lot for your answer.

It’s clear , so i will continue to manage manually this small problem.

Good day to you.

Pierre