Petit problème de configuration let's encrypt

Bonjour,

je viens d’acheter un NDD OVH car la configuration par DUCKDNS je ne convenais plus.
J’ai donc supprimé DUCKDNS et fais la mise en place d’OVH (en supprimant les fichiers fullchain et privkey).
Cependant en suivant les instructions dans la doc de let’s encrypt et en démarrant l’addon aucun nouveau fichier n’est créé et je ne comprends pas pourquoi.
Quelqu’un aurait-il une idée ?

Bonjour,
il faut regarder les logs de Let’s Encrypt. Ça dit quoi ?

Exemple de ma configuration de Let’s Encrypt :

domains:
  - xxxxxxx.xxxxxxx.fr
email: xxxxxxxx@xxxxxxx.com
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
  provider: dns-ovh
  ovh_endpoint: ovh-eu
  ovh_application_key: 2f4xxxxxxxxxxx
  ovh_application_secret: dexxxxxxxxxxxxxxxxxxx
  ovh_consumer_key: 48xxxxxxxxxxxxxxxxxxxxxxxxx

Hello,
ma configuration ressemble à la tienne :

domains:
  - xxx.ovh
email: xxx@xxx.com
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
  provider: dns-ovh
  ovh_endpoint: ovh-eu
  ovh_application_key: 46fxxx
  ovh_application_secret: ec3xxxx
  ovh_consumer_key: 665xxx

la console me dit

[10:38:43] INFO: Selected DNS Provider: dns-ovh
[10:38:43] INFO: Use propagation seconds: 60
[10:38:43] INFO: Detecting existing certificate type for xxxxxxx.ovh
Saving debug log to /var/log/letsencrypt/letsencrypt.log

et aucun certificat n’est créer lorsque je lance let’s encrypt dans le dossier /ssl
Je précise que j’ai changé les DNS de OVH par ceux de cloudflare je ne sais pas si ça change quelque chose à la configuration de let’s encrypt

Attention à ton dns, je l’ai effacé :wink:

je ne sais pas , je n’utilise pas cloudflare et pas doué sur les DNS .

[10:48:48] INFO: Selected DNS Provider: dns-ovh
[10:48:48] INFO: Use propagation seconds: 60
[10:48:48] INFO: Detecting existing certificate type for xxxxxx.xxxxxx.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[10:48:53] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

montre tout les logs .

ha mince merci et du coup tu as configuré comment OVH ?
J’ai suivis ce tuto : https://youtu.be/oqO9c4aNaAU?si=Xgp-16nmqgNoQq23
mais je n’ai pas trouvé la suite pour configurer le https

comme dans la doc ( avec les dns de OVH, j’ai rien changer ):

après j’utilise nginx home assistant ssl proxy, pour avoir du http en local et https en externe.

mais c’est comme pour duckdns. il te faut ces lignes dans ton configuration.yaml:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

le problème c’est que quand je rajoute ces lignes dans la configuration le redémarrage n’est pas possible car les fichiers ne sont pas créer

mets les logs au complet pour voir.

Mais on dirait qu’il existe
[10:38:43] INFO: Detecting existing certificate type for xxxxxxx.ovh

Comment tu accèdes à ton dossier /SSL ?

j’y accès via l’addon samba share mais je n’ai pas accès au dossier /var/log

c’est pas grave, dans les logs de let’s encrypt tu devrais voir des informations.

tu n’as pas que 3 lignes, ca dit quoi après ces lignes ?

Ma console dit ça :

[10:51:04] INFO: Selected DNS Provider: dns-cloudflare
[10:51:04] INFO: Use propagation seconds: 60
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>xxx.ovh | 524: A timeout occurred</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
    <div id="cf-error-details" class="p-0">
        <header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
            <h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
              <span class="inline-block">A timeout occurred</span>
              <span class="code-label">Error code 524</span>
            </h1>
            <div>
               Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_524&utm_campaign=xxx.ovh" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
            </div>
            <div class="mt-3">2025-01-11 10:09:52 UTC</div>
        </header>
        <div class="my-8 bg-gradient-gray">
            <div class="w-240 lg:w-full mx-auto">
                <div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
  <div class="relative mb-10 md:m-0">
    <span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
    <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
  </div>
  <span class="md:block w-full truncate">You</span>
  <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
    Browser
  </h3>
  <span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
  <div class="relative mb-10 md:m-0">
    <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_524&utm_campaign=xxx.ovh" target="_blank" rel="noopener noreferrer">
    <span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
    <span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
    </a>
  </div>
  <span class="md:block w-full truncate">Frankfurt</span>
  <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
    <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_524&utm_campaign=xxx.ovh" target="_blank" rel="noopener noreferrer">
    Cloudflare
    </a>
  </h3>
  <span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
  <div class="relative mb-10 md:m-0">
    <span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
    <span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
  </div>
  <span class="md:block w-full truncate">xxx.ovh</span>
  <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
    Host
  </h3>
  <span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
                </div>
            </div>
        </div>
        <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
            <div class="clearfix">
                <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
                    <h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
                    <p>The origin web server timed out responding to this request.</p>
                </div>
                <div class="w-1/2 md:w-full float-left leading-relaxed">
                    <h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
                          <h3 class="text-15 font-semibold mb-2">If you're a visitor of this website:</h3>
      <p class="mb-6">Please try again in a few minutes.</p>
      <h3 class="text-15 font-semibold mb-2">If you're the owner of this website:</h3>
      <p><span>The connection to the origin web server was made, but the origin web server timed out before responding. The likely cause is an overloaded background task, database or application, stressing the resources on your web server. To resolve, please work with your hosting provider or web development team to free up resources for your database or overloaded application.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171926-Error-524">Additional troubleshooting information here.</a></p>
                </div>
            </div>
        </div>
        <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">90041aae7f0730cf</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
      Your IP:
      <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
      <span class="hidden" id="cf-footer-ip">2a01:cb10:262:cd00:eceb:47bd:8cdd:bb35</span>
      <span class="cf-footer-separator sm:hidden">&bull;</span>
    </span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_524&utm_campaign=xxx.ovh" id="brand_link" target="_blank">Cloudflare</a></span>
  </p>
  <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
    </div>
</div>
</body>
</html>

Si je met les DNS de base de OVH ça pourrait régler le problème ?
Ça à l’air de venir de la il me semble

c’est quoi ces logs, tu regardes bien dans le module let’s encrypt et journal ?

oui mdr c’est la première fois que je vois ça aussi.
J’ai refresh la page et j’ai ça maintenant dans les logs :

[10:51:04] INFO: Selected DNS Provider: dns-cloudflare
[10:51:04] INFO: Use propagation seconds: 60
[10:51:04] INFO: Use CloudFlare token
[10:51:04] INFO: Detecting existing certificate type for xxx.ovh
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[10:51:05] INFO: No certificate found - using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxx.ovh
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.19.4)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
1 « J'aime »

Ce sont ces journaux-là que je veux que tu montres.

Oui, c’est bien un soucis de cloudflare.

Donc, les DNS autoritaires pour ton domaine sont ceux de cloudflare ?
Si, c’est le cas, et vu que tu utilises le challenge DNS pour créer les certificats, il faut dire que ton provider c’est cloudflare et créer le token chez cloudflare et pas chez OVH.

2 « J'aime »

J’avais déjà essayé cela mais j’ai cette erreur :

Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.19.4)

je ne comprends pas de quelle version il parle ?

Salut

Si tu utilises OVH avec Cloudflare, tu dois configurer les NS de cloudflare dans OVH.
Du côté de HA, tu dois configurer l’intégration Cloudflare et l’addon Let’s encrypt avec ça :

domains:
  - "*.nomdedomaine"
email: email@email.net
keyfile: privkey.pem
certfile: fullchain.pem
challenge: dns
dns:
  provider: dns-cloudflare
  cloudflare_email: email@email.net
  cloudflare_api_key: 383xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  cloudflare_api_token: 2yxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
key_type: rsa

Les NS de cloudflare sont bien faite de mon côté cependant je ne sais pas ou trouver ces api_key et token.
Est ce qu’il s’agit de ceux là ?

RTFM ?