Chatroom logs for support@conference.yunohost.org (Friday, February 06, 2026)

February
Mon	Tue	Wed	Thu	Fri	Sat	Sun
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28

[06:45:43] <Solrac> hello... Im a bit stuck on reverse-proxy .... I have it working, but the certificate fails...

I get an SSL_ERROR_INTERNAL_ERROR_ALERT on Firefox;

and when I try to re-do the certificate on Yunohost Admin; I get this.

```
Challenge did not pass for domainName.tld: {'identifier': {'type': 'dns', 'value': 'domainName.tld'}, 'status': 'invalid', 'expires': '2026-02-13T03:06:01Z', 'challenges': [{'type': 'http-01', 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall/3035468676/654372659506/AfmfVQ', 'status': 'invalid', 'validated': '2026-02-06T03:06:05Z', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': '100.101.102.103: Invalid response from http://domainName.tld/.well-known/acme-challenge/lXCk3GaHNtAytwvaYch5zqpEjxWJKpy61YGD-ZSSEBg: 404', 'status': 403}, 'token': 'lXCk3GaHNtAytwvaYch5zqpEjxWJKpy61YGD-ZSSEBg', 'validationRecord': [{'url': 'http://domainName.tld/.well-known/acme-challenge/lXCk3GaHNtAytwvaYch5zqpEjxWJKpy61YGD-ZSSEBg', 'hostname': 'domainName.tld', 'port': '80', 'addressesResolved': ['100.101.102.103'], 'addressUsed': '100.101.102.103'}]}]}
Certificate renewing for domainName.tld failed!

Please consider checking the 'DNS records' (basic) and 'Web' categories of the diagnosis to check for possible issues that may prevent installing a Let's Encrypt certificate on domain domainName.tld.
```
[06:46:39] <Solrac> Im not exactly sure what might've change from one server to another, or from one reverse-proxy vps to another (both have nginx with acme module, and they redirect fine)
[09:20:54] <rainer.szs> Edit: I logged in with root and the default password in filezilla, for some reason I remembered it didn't work. Anyway I think it's better and more secure to use ssh keys as Chatpitaine Caverne said
[09:28:16] <rainer.szs> - The key has been generated by the client laptop with this command: `ssh-keygen -t rsa -b 2048 -f my-ssh-key`. Both the user on the client and on the server share the same name
- No I don't

- By writing `ssh -vvv (user)@(my domain)`:
1. the warning @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED @ .
2. Add correct host key in /home/(user)/.ssh/known_hosts to get rid of this message
3. the last line in the terminal is Host key verification failed.
[09:30:26] <rainer.szs> In known_hosts there are 7 keys
[09:39:28] <rainer.szs> Should I delete all of them and retry to connect with filezilla with keys?
[09:41:16] <otm33> You should have `my-ssh-key.pub` content in `/home/(user)/.ssh/authorized_keys`
[09:45:12] <rainer.szs> done
[09:50:47] <rainer.szs> I'll delete the keys in known_hosts and try to reconnect then
[09:52:32] <rainer.szs> "server refused our key" in filezilla, but why?
[10:06:02] <taziden> Hi, I have this error since I migrated my yunohost instance : https://paste.sysnove.net/paste/cxjGuOZh#FSt0tnBYxfiA3Pp2VtFfmIV5uxOAr8Bvn351DvxuFWc
Does that ring a bell to someone?
(I probably migrated a bit … violently)
[10:09:10] <otm33> @rainer.szs:matrix.org: could you try `ssh -i path/to/yourkey -vvv user@server` ?
[10:09:45] <sch> https://radicle.xyz
Radicle is an open source, peer-to-peer code collaboration stack built on Git. Unlike centralized code hosting platforms, there is no single entity controlling the network. Repositories are replicated across peers in a decentralized manner, and users are in full control of their data and workflow.
[10:11:30] <rainer.szs> Ok, btw what does -vvv do?
[10:12:06] <otm33> Verbose mode
[10:12:07] <rainer.szs> ok
[10:12:08] <sch> Is Radicle included in YuNoHost?
[10:12:19] <rainer.szs> also private key or public key?
[10:12:30] <otm33> private
[10:14:10] <rainer.szs> done, I managed to log in the server
[10:15:17] <rainer.szs> but still "server refused our key" in filezilla
[10:33:36] <otm33> rainer.szs: which key can you load in filezilla ?
[10:35:25] <rainer.szs> PPK files and PEM files. The private key I generated among the public one doesn't have an extension but it get loaded. If I choose any other files the error is: "the file could not be loaded or doesn't contain a private key"
[10:36:34] <rainer.szs> https://aria.im/_bifrost/v1/media/download/ATLGBjKvX3tw1TZYtMZewQQ09aFW8vdRfLLUrtOttTZezIUPTGodj5tP_tsW94-WsUcyMGdwSJS6OQ1h-9Jbi2dCecN6y_swAG1hdHJpeC5vcmcvRVlsVldiQ2hsdHdadnRsRHpiUGd6WHhN
[10:41:06] <otm33> 🤔... You could try `cp -pr /home/user/my-ssh-key /home/user/my-ssh-key.pem` and then load the pem key but I guess it will throw the same error
[10:43:05] <rainer.szs> I'll try
[10:43:39] <rainer.szs> I'm afraid I'm missing something important or that the issue will be something stupid at the end 😭
[10:45:32] <rainer.szs> nope, it didn't work :(
[10:46:03] <iamthebriefcase> I had similar problem with filezilla the other day. I had to generate the key via puttygen to make it work as far as i remember.
[10:50:18] <otm33> rainer.szs: windows or linux machine ?
[10:52:01] <rainer.szs> linux ubuntu
[10:52:27] <rainer.szs> ah, that's weird
[10:53:00] <otm33> Sorry, this was a stupid question 🤪 : `/home/user...`
I'm running out of ideas
[10:53:25] <rainer.szs> it's ok ^^
[10:53:43] <rainer.szs> me too
[10:54:10] <rainer.szs> i think i'll try puttygen like iamthebriefcase said, now i need a break
[11:02:01] <otm33> rainer.szs: It won't solve the problem but may help to understand it : you can activate debug mode in filezilla (edition>settings>log>debug).
[11:20:08] <miro5001> I didn't read the whole thing but did you try to use ssh-copy-id user@hostname
To send your key to the server?
[11:22:38] <rainer.szs> I already sent the key to the server
[11:27:48] <otm33> miro5001: `ssh -i /path/to/key user@server` works but filezilla connection is rejected using the same key
[11:33:39] <rainer.szs> can the passphrase for the key be empty?
[11:37:21] <rainer.szs> ok, I generated the key with putty and pasted it into authorized_keys
[11:42:47] <otm33> yes
[11:47:56] <rainer.szs> https://aria.im/_bifrost/v1/media/download/ASAkfHczYdN9KSrRsNfH3CPNpdFU7Rt0y8_G_ompOUAfwsk7h0IPYxHt-ewTNob77vWVvhBVzQumM8atOAQQ649CecN-4X0AAG1hdHJpeC5vcmcvUnZNQnpCeXlleWRPTmJldlJDVmRRbEtm
[11:48:01] <rainer.szs> Am i doint it right at least?
[11:58:53] <rainer.szs> I'm reading [this explanation](https://askubuntu.com/questions/46424/how-do-i-add-ssh-keys-to-authorized-keys-file) and "The permissions of the (private) key on the client-side should be 600".

Does the private key need to be in /home/user/.ssh/authorized_keys on the CLIENT too? Does it require a specific directory to be read from the server (?)
[12:10:26] <tituspijean> The location is up to you, and you can use the ssh config file to have it load your private key without adding the `-i` flag: https://superuser.com/questions/263405/how-do-we-specify-an-ssh-default-identity
[12:11:36] <rodinux> j'ai une erreur `Votre serveur web n’est pas configuré correctement pour résoudre les URL `.well-known`, a échoué sur : `/.well-known/caldav` ` en passant nextcloud à 32.0.5...
[12:27:30] <rodinux> résolu... il manquait les lignes dans nginx
```
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }

[13:10:54] <lautre> Tu es passé de Nextcloud 32.0.5 depuis quelle version?
[13:45:44] <rainer.szs> Ok, so I need to do IdentityFile /home/user/.ssh/my-ssh-key on the server right?
[13:46:32] <rainer.szs> or client
[13:53:32] <rainer.szs> I moved my private key my-ssh-key on the server (in home/user/.ssh). If I write `ssh-add /home/user/.ssh/my-ssh-key` the error is "Could not open a connection to your authentication agent."
[13:55:25] <rainer.szs> As a test I added the private key on my client (ik it's useless), the result was `"Identity added: /home/user/.ssh/my-ssh-key (user@name of the laptop)"`
[13:57:49] <rainer.szs> it doesn't work even with sudo
[14:01:49] <rainer.szs> what happens if i generate the keys on the server and not the client? Could it work?
[14:36:10] <otm33> rainer.szs: From time to time, check your ssh jail `sudo fail2ban-client status sshd`: after multiple failed authentications, your ip get banned.
[14:44:09] <@olivier:axac.org> Bonjour, quelqu'un aurais des références pour un petit serveur (8Go de RAM et un disque d'un tera) relativement silencieux pour un coût max de 250€, je garde mon disque SSD. Raspberry 5 ?. J'ai un yunohost avec Nextcloud/Vaultwarden/Wallabag/Tunuwel/Immich/Adguard avec 2/3 utilisareurs
[14:53:29] <rainer.szs> Ok so

Currently failed: 2
Total failed: 7663 (DAMN)
Currently banned: 0
Total banned: 484
Banned IP list: (nothing shows)
[14:54:13] <rainer.szs> I still need to make everything more secure
Anyway, the IP isn't banned
[16:39:20] <otm33> rainer.szs: Did you retry with filezilla debug mode enabled ?
[17:50:48] <trendless> @olivier:axac.org: a used Lenovo Thinkcentre Tiny? or perhaps a mini pc with an Intel N100/N150?
[17:59:17] <rainer.szs> No i didn't
[18:00:19] <rainer.szs> Anyway

How can I change owncloud configuration so that it archives the files on another partition?
[18:03:37] <trendless> rainer.szs: what user account are you trying to login with in filezilla?
[18:06:12] <rainer.szs> I wanted to log with root access until this morning because I forgot the default password

Then chatpitaine caverne said it's best to log as the main user but with keys. Now technically I could just log in as root and that'it, but I wanted to try to log with keys
[18:06:32] <rainer.szs> ssh key is recognized but refused from the server
[18:06:38] <rainer.szs> While I log as my user
[18:07:11] <trendless> you can login as any user including root using keys. iirc though, you might've needed root because of permissions issues managing files?
[18:07:24] <rainer.szs> Yes
[18:07:51] <rainer.szs> I can't move files from client to server, without root
[18:08:21] <rainer.szs> Because of denied permission
[18:08:56] <trendless> client is linux or windows?
[18:09:24] <Chatpitaine Caverne>
> Then chatpitaine caverne said it's best to log as the main user but with keys

With keys, yes I said it, as the main user, no, I just told you how to regain root cause you said it was not available after post-install.
[18:17:32] <rainer.szs> My bad
[18:17:39] <rainer.szs> Linux
[18:18:54] <rainer.szs> Still even if keys were the only way to login, it's weird that they don't work as intended
[18:19:56] <trendless> yeah, probably one small step just needs to be tweaked
[18:21:18] <otm33> rainer.szs: But you can ssh with one of the keys, right ?
[18:23:56] <trendless> right, so maybe filezilla has a previously tried privkey or a different username?
[18:25:07] <rainer.szs> I don't think so, I deleted the old keys from the client, so in filezilla I only loaded the new ones
[18:30:47] <Chatpitaine Caverne> Pour les apps installées, un Pi4 suffit. Un Pi5 aurait toutefois l'avantage d'apporter un port PCIe 2.0 (peu passer à 3.0 par raspi-config).

Sinon, des PC Intel N100 se trouvent à la pelle en occasion.

Sinon, il y a pas mal de config possibles chez youyeetoo (fournisseur chinois direct ShenZhen). Le Mini PC youyeetoo BY52 - Intel N100 de 12e génération, TDP 6 W, jusqu'à 16 Go de RAM me ferait de l'œil pour sa consommation minuscule, son prix et ses 3 ports USB 3.2.
Ils ont aussi des PC monocarte (type Pi) en stock et en général au meilleur prix possible.

J'ai un peu l'impression de faire de la pub pour Youyeetoo... 😅
[18:40:43] <rainer.szs> ?
[18:59:22] <trendless> to solve the permissions issue?
[19:25:51] <rainer.szs> No, I was just wondering if owncloud could store files on a bigger partition :)
[19:26:15] <rainer.szs> Rather than the one on which is installed, it has only 18 gb left
[19:27:30] <rainer.szs> Just a moment
[19:30:02] <rainer.szs> I actually found the documentation for doing something like that, but only for owncloud kiteworks company
[19:30:41] <trendless> ah gotcha. I'm not familiar with owncloud.
[19:31:35] <rainer.szs> No problem
[19:31:47] <rainer.szs> I'll do some research tomorrow
[19:45:04] <Chatpitaine Caverne> rainer.szs: https://doc.yunohost.org/fr/admin/tutorials/moving_app_folder

Les données des apps sont en principe dans /home/yunohost.app/ID-application/

[19:45:50] <Chatpitaine Caverne> Sinon, il y a aussi possibilité de monter tout le /home sur une autre partition.
[19:47:47] <Chatpitaine Caverne> rainer.szs:
Sorry I switched to french.
Here is the doc in english https://doc.yunohost.org/en/admin/tutorials/moving\_app\_folder/

[19:48:18] <Chatpitaine Caverne> Or you can mount the wool /home in another partition.
[20:21:48] <Martin> Hi,
i love ynh and use it for years.
But now, i have a problem and hope anyone could help.

i have my domain (example.com) there runs synapse (because it needs it own domain and can´t move to another...)
and i have serveral subdomains. One of them (apps.example.com) is defined as main-domain.
Everthing works fine and looks good. BUT now i want to establish a reverse-proxy in front of my ynh-host and see an issue:

apps.example.com ist my main-domain. But if i have to authenticate, it switch to example.com/yunohost/sso
thats a problem, because my reverse-proxy didn´t like that.
i try to add

```
{
"domain_portal_urls": {
"apps.example.com": "apps.example.com/yunohost/sso"
}
}
and/or
{
"portal_domain": "apps.example.com"
}
```

in
> /etc/ssowat/conf.json.persistent

but it doesn't work.😕

[21:22:27] <rainer.szs> Thank you!!
[21:22:37] <rainer.szs> You're the best
[21:27:12] <otm33> Try adding keys in Filezilla>Edit>Settings>SFTP
[22:26:04] <rainer.szs> Please help... I assigned the symbolic link in the wrong way by error for bookstack (I typed ln -s /mnt/MEDIA_165_GB/ instead of /mnt/MEDIA_165_GB/bookstacks). I removed the folder from that partition instead of just removing the link because I got anxious, but that didn't work.

Long story short, now I have a copy of the bookstack folder on my client pc, I reinstalled it on the server and tried to move just the most important ones (according to the documentation: .env, public/uploads, storage/uploads and themes).
By moving these folders with filezilla, when I try to launch bookstack again, I get error 500 internal server error
[22:27:02] <rainer.szs> I'm sorry if I'm texting since this morning, I hope to do better next time and to not panic again
[22:37:00] <rainer.szs> Rn I'm trying to fix with chatgpt too
[22:38:25] <Chatpitaine Caverne> Maybe a matter of rights on the files after SFTP (filezilla).
According to the install script of this app, the privileges should be like this :

```
#=================================================
# SET PERMISSIONS
#=================================================

chmod -R 775 $install_dir/storage $install_dir/bootstrap/cache $install_dir/public/uploads
chown -R $app:www-data $install_dir/public/uploads && chmod -R 775 $install_dir/public/uploads
```

Where $install\_dir can be confirmed by :
`sudo yunohost app setting bookstack install_dir`
and $app is bookstack

But, if you have a backup of this app and you didn't do a lot of modifications since backup, it could be easier to restore it.
[22:42:32] <Chatpitaine Caverne> Maybe a matter of rights on the files after SFTP (filezilla).
According to the install script of this app, the privileges should be like this :

```
#=================================================
# SET PERMISSIONS
#=================================================

chmod -R 775 $install_dir/storage $install_dir/bootstrap/cache $install_dir/public/uploads
chown -R $app:www-data $install_dir/public/uploads && chmod -R 775 $install_dir/public/uploads
```

Where $install\_dir can be confirmed by :
`sudo yunohost app setting bookstack install_dir`
it should be /var/www/bookstack
and $app is bookstack

But, if you have a backup of this app and you didn't do a lot of modifications since backup, it could be easier to restore it.
[22:43:19] <Chatpitaine Caverne> Cause I'm a bit <del>affraid</del> concerned by

> tried to move just the most important ones

Every file can be important to get proper functionalities.
[22:49:42] <rainer.szs> Chmod command is fine

Chown results in "Cannot access var/www/bookstack/public/uploads: No such file or directory
[22:49:50] <rainer.szs> Chmod command is fine

Chown results in "Cannot access var/www/bookstack/public/uploads: No such file or directory"
[22:55:26] <Chatpitaine Caverne> Difficult to say.
I'm surprised it doesn't seem to exist a data folder in /home/yunohost.app/bookstack for this app, but maybe I don't see it in the scripts and it exists...

Maybe send us the result of
`ls -al /var/www/bookstack/`
and
`ls -al /var/www/bookstack/public/`

But I say again, if you have a recent backup, that's much easier.
[22:57:41] <rainer.szs> Results of ls -al /var/www/bookstack/
```
total 4360
drwxr-x--- 16 bookstack www-data 4096 Feb 6 23:55 .
drwxr-xr-x+ 5 root root 4096 Feb 6 23:16 ..
drwxr-xr-x 3 bookstack bookstack 4096 Feb 6 23:16 .composer
-rw------- 1 bookstack bookstack 2976 Feb 6 23:19 .env
-rw-r----- 1 bookstack www-data 2009 Jan 29 16:19 .env.example
-rw-r----- 1 bookstack www-data 14163 Jan 29 16:19 .env.example.complete
-rw-r----- 1 bookstack www-data 61 Jan 29 16:19 .gitattributes
drwxr-x--- 4 bookstack www-data 4096 Jan 29 16:19 .github
-rw-r----- 1 bookstack www-data 461 Jan 29 16:19 .gitignore
-rw-r----- 1 bookstack www-data 1122 Jan 29 16:19 LICENSE
drwxr-x--- 23 bookstack www-data 4096 Jan 29 16:19 app
-rwxr-x--- 1 bookstack www-data 1685 Jan 29 16:19 artisan
-rwxr-x--- 1 bookstack www-data 393659 Jan 29 16:19 bookstack-system-cli
drwxr-x--- 3 bookstack www-data 4096 Jan 29 16:19 bootstrap
-rw-r----- 1 bookstack www-data 3651 Jan 29 16:19 composer.json
-rw-r----- 1 bookstack www-data 400990 Jan 29 16:19 composer.lock
-rw-r----- 1 bookstack www-data 3125332 Feb 6 23:16 composer.phar
-rw-r----- 1 bookstack www-data 325 Jan 29 16:19 crowdin.yml
drwxr-x--- 5 bookstack www-data 4096 Jan 29 16:19 database
drwxr-x--- 8 bookstack www-data 4096 Jan 29 16:19 dev
-rw-r----- 1 bookstack www-data 1370 Jan 29 16:19 docker-compose.yml
-rw-r----- 1 bookstack www-data 1689 Jan 29 16:19 eslint.config.mjs
-rw-r----- 1 bookstack www-data 6833 Jan 29 16:19 jest.config.ts
drwxr-x--- 54 bookstack www-data 4096 Jan 29 16:19 lang
-rw-r----- 1 bookstack www-data 361368 Jan 29 16:19 package-lock.json
-rw-r----- 1 bookstack www-data 2314 Jan 29 16:19 package.json
-rw-r----- 1 bookstack www-data 1044 Jan 29 16:19 phpcs.xml
-rw-r----- 1 bookstack www-data 465 Jan 29 16:19 phpstan.neon.dist
-rw-r----- 1 bookstack www-data 3385 Jan 29 16:19 phpunit.xml
drwxr-x--- 5 bookstack www-data 4096 Jan 29 16:19 public
-rw-r----- 1 bookstack www-data 15161 Jan 29 16:19 readme.md
drwxr-x--- 6 bookstack www-data 4096 Jan 29 16:19 resources
drwxr-x--- 2 bookstack www-data 4096 Jan 29 16:19 routes
drwxrwxr-x 9 bookstack www-data 4096 Jan 29 16:19 storage
drwxr-x--- 20 bookstack www-data 4096 Jan 29 16:19 tests
drwxr-x--- 2 bookstack www-data 4096 Jan 29 16:19 themes
-rw-r----- 1 bookstack www-data 640 Jan 29 16:19 tsconfig.json
drwxr-xr-x 48 bookstack bookstack 4096 Feb 6 23:16 vendor
-rw-r----- 1 bookstack www-data 9 Jan 29 16:19 version
```
[22:58:42] <rainer.szs> results of ls -al /var/www/bookstack/public/
```
total 100
drwxr-x--- 5 bookstack www-data 4096 Jan 29 16:19 .
drwxr-x--- 16 bookstack www-data 4096 Feb 6 23:55 ..
-rw-r----- 1 bookstack www-data 603 Jan 29 16:19 .htaccess
-rw-r----- 1 bookstack www-data 3232 Jan 29 16:19 book_default_cover.png
drwxr-x--- 2 bookstack www-data 4096 Jan 29 16:19 dist
-rw-r----- 1 bookstack www-data 2965 Jan 29 16:19 icon-128.png
-rw-r----- 1 bookstack www-data 5744 Jan 29 16:19 icon-180.png
-rw-r----- 1 bookstack www-data 746 Jan 29 16:19 icon-32.png
-rw-r----- 1 bookstack www-data 1367 Jan 29 16:19 icon-64.png
-rw-r----- 1 bookstack www-data 10614 Jan 29 16:19 icon.ico
-rw-r----- 1 bookstack www-data 6350 Jan 29 16:19 icon.png
-rw-r----- 1 bookstack www-data 675 Jan 29 16:19 index.php
drwxr-x--- 3 bookstack www-data 4096 Jan 29 16:19 libs
-rw-r----- 1 bookstack www-data 8986 Jan 29 16:19 loading.gif
-rw-r----- 1 bookstack www-data 1156 Jan 29 16:19 loading_error.png
-rw-r----- 1 bookstack www-data 3256 Jan 29 16:19 logo.png
drwxrwxr-x 3 bookstack www-data 4096 Feb 6 23:17 uploads
-rw-r----- 1 bookstack www-data 3180 Jan 29 16:19 user_avatar.png
-rw-r----- 1 bookstack www-data 1182 Jan 29 16:19 web.config
```

[22:59:26] <rainer.szs> Yeah maybe recovering it from the yunohost backup is better
[23:00:27] <rainer.szs> I didn't lose that much honestly but I regret trying to move everything to a new partition without a backup, my bad
[23:01:50] <rainer.szs> I will do it tomorrow, I think the problem is the server refusing the connection anyway
[23:01:53] <Chatpitaine Caverne> Maybe wait someone else has some better inspiration. I'm also tired and ideas are not coming as I'd like to.
[23:02:22] <rainer.szs> I understand, I'm tired too
[23:03:44] <rainer.szs> Goodnight