Error: Letsencrypt nonce request status vestacp
Error: Letsencrypt nonce request status vestacp
Good morning
We run sites on both cloud servers with Ubuntu
on Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64) with all latest update installed.
Yesterday we received email from root:
domain Error: lets encrypt nonce request status
I went to terminal and run
./v-add-letsencrypt-domain and got same error:
let's encrypt nonce status
How can i resolve the issue ?
Thanks
We run sites on both cloud servers with Ubuntu
on Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64) with all latest update installed.
Yesterday we received email from root:
domain Error: lets encrypt nonce request status
I went to terminal and run
./v-add-letsencrypt-domain and got same error:
let's encrypt nonce status
How can i resolve the issue ?
Thanks
-
- Posts: 2
- Joined: Fri Sep 27, 2019 5:52 am
- Os: Debian 8x
- Web: apache + nginx
Re: Error: Letsencrypt nonce request status vestacp
For those who encounter subj message while trying to install let's encrypt certificate on vesta cp (especially on *.com domains).
The main problem lies into lets encrypt response message which was changed (for all or some requests?) to HTTP/2 protocol.
New response format looks like this:
But /usr/local/vesta/bin/v-add-letsencrypt-domain script expects HTTP/1.1 response.
There are two fields what parsed wrong: HTTP/1.1 response code, which should looking by HTTP/2 pattern, and Nonce field - which was changed to replay-nonce.
But I think it should be additional protocol version check, to leave HTTP/1.1 as fallback.
I cant paste full diff here due to spam suspiction.
The main problem lies into lets encrypt response message which was changed (for all or some requests?) to HTTP/2 protocol.
New response format looks like this:
Code: Select all
HTTP/2 200
server: nginx
date: Fri, 27 Sep 2019 05:32:16 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: XXXXXXxxxxxxxxxxxx01234567790XXXXXXX
x-frame-options: DENY
strict-transport-security: max-age=604800
There are two fields what parsed wrong: HTTP/1.1 response code, which should looking by HTTP/2 pattern, and Nonce field - which was changed to replay-nonce.
But I think it should be additional protocol version check, to leave HTTP/1.1 as fallback.
I cant paste full diff here due to spam suspiction.
-
- Posts: 2
- Joined: Fri Sep 27, 2019 5:52 am
- Os: Debian 8x
- Web: apache + nginx
Re: Error: Letsencrypt nonce request status vestacp
Draft diff. Dont use it if you have more then one domain, because it broke HTTP/1.1 compatibility
https://paste.debian.net/1102900/
https://paste.debian.net/1102900/
Re: Error: Letsencrypt nonce request status vestacp
Looks like Serghey made this fix - https://github.com/serghey-rodin/vesta/ ... 6c2295aa7f
Re: Error: Letsencrypt nonce request status vestacp
Quick way to apply this fix:
Code: Select all
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user -O $VESTA/bin/v-add-letsencrypt-user
chmod +x $VESTA/bin/v-add-letsencrypt-domain
chmod +x $VESTA/bin/v-add-letsencrypt-user
Re: Error: Letsencrypt nonce request status vestacp
It works fine, thanks!dpeca wrote: ↑Fri Sep 27, 2019 2:18 pmQuick way to apply this fix:Code: Select all
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user -O $VESTA/bin/v-add-letsencrypt-user chmod +x $VESTA/bin/v-add-letsencrypt-domain chmod +x $VESTA/bin/v-add-letsencrypt-user
Re: Error: Letsencrypt nonce request status vestacp
I can also confirm, that the fix worked for me.
-
- Posts: 1
- Joined: Fri Jan 10, 2020 8:17 pm
- Os: Ubuntu 17x
- Web: apache + nginx
Re: Error: Letsencrypt nonce request status vestacp
This was also happening because CURL had been uninstalled from my server for some reason. Once I got CURL installed again with this fix everything worked.
-
- Posts: 38
- Joined: Tue Aug 16, 2016 4:58 pm
Re: Error: Letsencrypt nonce request status vestacp
This might be out of the ordinary, But i will state what i found with this same error code.
My situation when adding a new domain weather being top level or sub domain.
After receiving "Letsencrypt nonce request status"
I eventually started looking to find a lot of these replies have different answers on how to fix them, and some WAY beyond the fix it solution using github.
Randomly i decided to try and see if i could access one of my websites under ssl with working certificate. Using mobile device off LAN
NO, did not receive any response.
logged into terminal using putty.
Ping 10.10.10.1 Received all packets 0% loss.
Ping google.com Received 0 packets 100% loss.
hmmmmmmmm....... interesting!
using ubuntu 16.04,
sudo nano /etc/network/interfaces
the Gateway Address was blank,
DNS-Nameservers address also blank!
Quickly filled them both in,
sudo reboot
After restart,
logged into Vesta Panel, Enabled lets encrypt and BAM! instant success.
What strikes me with the nonce request status code, this can also be due to having the following.
Conflicting ip address,
DNS server failure or no posted gateway & DNS address
DHCP has changed vesta ip address and was not set to static, but browser cache can allow you to vesta panel and cached websites under ssl.
First time using lets encrypt?
Check your A records under your domain register, make sure everything is in tack,
Check your TCP and UDP ports in your firewall make sure all the ones VESTA uses (8083 optional) are opened and pointing to Vesta.
Hope this helps anyone who wants to try this as a solution before modifying any scripts such as curl, apache, nginx, bind, etc.
My situation when adding a new domain weather being top level or sub domain.
After receiving "Letsencrypt nonce request status"
I eventually started looking to find a lot of these replies have different answers on how to fix them, and some WAY beyond the fix it solution using github.
Randomly i decided to try and see if i could access one of my websites under ssl with working certificate. Using mobile device off LAN
NO, did not receive any response.
logged into terminal using putty.
Ping 10.10.10.1 Received all packets 0% loss.
Ping google.com Received 0 packets 100% loss.
hmmmmmmmm....... interesting!
using ubuntu 16.04,
sudo nano /etc/network/interfaces
the Gateway Address was blank,
DNS-Nameservers address also blank!
Quickly filled them both in,
sudo reboot
After restart,
logged into Vesta Panel, Enabled lets encrypt and BAM! instant success.
What strikes me with the nonce request status code, this can also be due to having the following.
Conflicting ip address,
DNS server failure or no posted gateway & DNS address
DHCP has changed vesta ip address and was not set to static, but browser cache can allow you to vesta panel and cached websites under ssl.
First time using lets encrypt?
Check your A records under your domain register, make sure everything is in tack,
Check your TCP and UDP ports in your firewall make sure all the ones VESTA uses (8083 optional) are opened and pointing to Vesta.
Hope this helps anyone who wants to try this as a solution before modifying any scripts such as curl, apache, nginx, bind, etc.
-
- Posts: 38
- Joined: Tue Aug 16, 2016 4:58 pm
Re: Error: Letsencrypt nonce request status vestacp
dpeca wrote: ↑Fri Sep 27, 2019 2:18 pmQuick way to apply this fix:Code: Select all
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user -O $VESTA/bin/v-add-letsencrypt-user chmod +x $VESTA/bin/v-add-letsencrypt-domain chmod +x $VESTA/bin/v-add-letsencrypt-user
Does not work, receive Lets encrypt error 400