Error during cert renewal

pirboazo · 21 September 2021 12:47

Hi all

I have an error during the cert renew process.

Performing the following challenges:
http-01 challenge for mail.pirboazo.net
Using the webroot path /var/snap/platform/common/certbot/www for all unmatched domains.
Waiting for verification…
Challenge failed for domain mail.pirboazo.net
http-01 challenge for mail.pirboazo.net

The domain mail.pirboazo.net it not manage on my syncloud platform but by an email manager.

Actualy

for resolve this pb i must modify the IP on dns .

Questions
Can I change the http-01 challenge for “mail.pirboazo.net” by “pihole.pirboazo.net”

Or

How can i suppress this domain in the list of renew ? …

2021-09-20 21:47:39,199 - certbot - INFO - /snap/platform/current/bin/certbot --logs-dir=/var/snap/platform/common/log --max-log-backups 5 --config-dir=/var/snap/platform/common/certbot --agree-tos --email root@pirboazo.net certonly --force-renewal --cert-name pirboazo.net --webroot --webroot-path /var/snap/platform/common/certbot/www -d pirboazo.net -d bitwarden.pirboazo.net -d diaspora.pirboazo.net -d files.pirboazo.net -d gogs.pirboazo.net -d home-assistant.pirboazo.net -d installer.pirboazo.net -d mail.pirboazo.net -d nextcloud.pirboazo.net -d notes.pirboazo.net -d openvpn.pirboazo.net -d pihole.pirboazo.net -d platform.pirboazo.net -d plex.pirboazo.net -d rocketchat.pirboazo.net -d syncthing.pirboazo.net -d users.pirboazo.net -d wordpress.pirboazo.net

Maybe i need to do both?

Merci, Thanks
Pierre

boris · 21 September 2021 19:59

Hi Pierre,

What you are looking for is this instruction Custom domain · syncloud/platform Wiki · GitHub

In short to get a valod certificate for custom domains where Syncloud does not maintain DNS you need two things:

Setup DNS wildcard to point at your IP on your DNS provider.
Open (port forward on your router) port 80 to allow Let’s Encrypt to do it’s http-01 challenge validation.

Of course I want to tell you that our Premium Service already covers the first part and will cover the second part automatically soon.

pirboazo · 22 September 2021 08:24

Hi Boris,

You said me :

It done but as i need to have a record mail.pirboazo.net who point an another IP address, the challenge do not work.
I didn’t need of certificate for this sub-domain.

I have a workaround but it not satisfactory because it ask a manual intervention

Regards
Pierre

boris · 22 September 2021 17:09

I see, unfortunately right now we try to generate a certificate for all the apps in the store regardless if it is installed or not. This is done so user does not wait for a certificate after installing an app. Also mail is one of the apps. This process uses http validation of every app domain name.

So this is not supported at the moment.

Also we are moving to a wildcard certificate but that will only be available in free and premium modes where we control dns.

pirboazo · 23 September 2021 08:08

Hi Boris ,

Thanks a lot for your answer.

It’s clear , so i will continue to manage manually this small problem.

Good day to you.

Pierre

Topic		Replies	Views
Problem updating system Access Issues	11	250	6 January 2022
Bug: Expired cert used after renewal Certificate	22	715	26 January 2022
Failed upgrade to 2112291188 (resolved with 1203 update) System Updates	17	354	6 January 2022
Let's encrypt email expired certs? Certificate	2	235	22 October 2021
Cannot access Syncloud.it server due to ERR_CERT_COMMON_NAME_INVALID Syncloud.it	10	248	26 September 2023

Error during cert renewal

Actualy

Related topics