Thank you Yunohost (Part 2)

This is a bit of a continuation on my previous thank you post, since I received a lot of help and it deserves proper credit, this post is to be taken as part thank you note and part summary of the whole SSL certificate issue ordeal:

First things first, in short Yunohost is an easy solution to get started with self hosting without dealing with the more technical side of things, it’s easy to install apps and I’ve been running a yunohost server on my raspberry pi 4 for months now.

The problem was that my SSL certificate from Let’s Encrypt expired at the beginning of November and I wasn’t able to renew it. Yunohost provides a way to renew or install SSL certificates via CLI or admin webpage, both methods were failing: SSL Certificates Expired: Challenge did not pass for xmpp-upload.maindomain.tld

The problem is very well documented here if it is of any interest 😛

Yesterday I was thinking of using the nuclear option: nuking the whole server installation and starting over from scratch (as humanity should), I voiced my opinion on Mastodon but then @yunohost offered some help and after some intensive debugging copy-pasting commands prompted by some hero (Aleks, if you’re reading this you’re awesome) on the yunohost support matrix room we were able to find the problem:

Turns out that my “blog optimization” (documented here), in particular this code block added to nginx.conf:

gzip on;

add_header Content-Encoding "gzip2";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript

kind of broke the whole setup to automatically renew the SSL certificate. This is quite funny because they provide a way to regenerate nginx.conf, I incorrectly assumed yunohost tools regen-conf nginx --force would fix this but then again, I didn’t really check so… *facepalm*

The problem was solved by adding gzip off; to /etc/nginx/conf.d/

        default_type "text/plain";
        alias /tmp/acme-challenge-public/;
        gzip off;

this fix will be part of a future release of yunohost, 4.1 if I’m not mistaken (see this commit to their github repo) to prevent others from running into the same problem 😀

This has been a bit frustrating but a learning experience, I can’t thank you enough @yunohost!

Day 36 of

2 responses to “Thank you Yunohost (Part 2)”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Proud member of the 512kb club, blue team