On my Yunohost server, with plain default configuration files, Let's Encrypt certificate renewing failed with "yunuhost domain cert-renew" :
# yunohost domain cert-renew mail.domain.tld
Succès ! La configuration a été mise à jour pour le service « dnsmasq »
Erreur : Wrote file to /tmp/acme-challenge-public/H3fu6Dom6wx_YvaJSEn-wvo3FDvsdd5Tz0wPGDGa7xg, but couldn't download http://mail.domain.tld/.well-known/acme-challenge/H3fu6Dom6wx_YvaJSEn-wvo3FDvsdd5Tz0wPGDGa7xg
Erreur : Certificate renewing for mail.domain.tld failed !
Erreur : Traceback (most recent call last):
File "/usr/lib/moulinette/yunohost/certificate.py", line 382, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging)
File "/usr/lib/moulinette/yunohost/certificate.py", line 567, in _fetch_and_enable_new_certificate
'certmanager_cert_signing_failed'))
MoulinetteError: [Errno 22] La signature du nouveau certificat a échoué
Erreur : [Errno 22] La signature du nouveau certificat a échoué
On my Yunohost server, with plain default configuration files, Let's Encrypt certificate renewing failed with "yunuhost domain cert-renew" :
In nginx error.log:
By removing (temporarily renaming) the roundcube.conf configuration file and reloading nginx configuration, certificate renewing worked as expected.
I suspect some "deny all" rule in the file is the source of the problem.