We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Error: Letsencrypt nonce request status vestacp
Re: Error: Letsencrypt nonce request status vestacp
Hello,
could such error happen due to DST Root CA X3 Expiration (September 30, 2021) ?
could such error happen due to DST Root CA X3 Expiration (September 30, 2021) ?
-
- Posts: 1
- Joined: Tue Oct 12, 2021 1:08 pm
- Os: Debian 6x
- Web: apache
Re: Error: Letsencrypt nonce request status vestacp
Yes, in my case on debian 7 server ISRG Root X1 wasn't trusted so letsencrypt refreshes started failing.
To check you can try to run in SSH
curl -I "https://acme-v02.api.letsencrypt.org/directory"
If that fails with cert error you probably need to update ca certificates list
Re: Error: Letsencrypt nonce request status vestacp
Thank you for confirmation.
I've just guessed. Maybe that post will be useful for other people who will face with this error, since the solution few posts above WILL NOT solve this problem with expired DST Root CA X3
I've just guessed. Maybe that post will be useful for other people who will face with this error, since the solution few posts above WILL NOT solve this problem with expired DST Root CA X3
Re: Error: Letsencrypt nonce request status vestacp
Did you work out how to get this sorted? We seem to have the same CA issue:
Code: Select all
curl -I "https://acme-v02.api.letsencrypt.org/directory"
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLf ile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Re: Error: Letsencrypt nonce request status vestacp
tail -f /var/log/vesta/letsencrypt.log
[Tue Nov 9 12:37:04 UTC 2021] : --- Requesting nonce / STEP 1 ---
[Tue Nov 9 12:37:04 UTC 2021] : curl -s -I "https://acme-v02.api.letsencrypt.org/directory"
[Tue Nov 9 12:37:04 UTC 2021] : answer=
[Tue Nov 9 12:37:04 UTC 2021] : nonce=
[Tue Nov 9 12:37:04 UTC 2021] : status=
[Tue Nov 9 12:37:04 UTC 2021] : EXIT=Let's Encrypt nonce request status
Solved: apt-get install curl
[Tue Nov 9 12:37:04 UTC 2021] : --- Requesting nonce / STEP 1 ---
[Tue Nov 9 12:37:04 UTC 2021] : curl -s -I "https://acme-v02.api.letsencrypt.org/directory"
[Tue Nov 9 12:37:04 UTC 2021] : answer=
[Tue Nov 9 12:37:04 UTC 2021] : nonce=
[Tue Nov 9 12:37:04 UTC 2021] : status=
[Tue Nov 9 12:37:04 UTC 2021] : EXIT=Let's Encrypt nonce request status
Solved: apt-get install curl
-
- Posts: 3
- Joined: Mon Jan 22, 2018 6:52 pm
- Os: Ubuntu 13x
- Web: apache + nginx
Re: Error: Letsencrypt nonce request status vestacp
None of the solutions I found solved this problem.
Does this mean we need to update the ca certificate list?
How do we do that?
I will soon have several sites without SSL, one of which has a lot of traffic!
Any help is appreciated.
Running curl -l "https://acme-v02.api.letsencrypt.org/directory" outputs the following:I've just guessed. Maybe that post will be useful for other people who will face with this error, since the solution few posts above WILL NOT solve this problem with expired DST Root CA X3
Code: Select all
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
How do we do that?
I will soon have several sites without SSL, one of which has a lot of traffic!
Any help is appreciated.
Re: Error: Letsencrypt nonce request status vestacp
What OS are you on? It looks like you need to update your root CA certificates. I did this on my server with:
Then restart the server. If it fixed it, you should be able to `curl` again like your test, but this time without an error. Hope that helps! (I spent hours and hours trying to figure that out)
Code: Select all
apt-get update
sudo apt-get install ca-certificates -y
sudo update-ca-certificates
-
- Posts: 38
- Joined: Tue Aug 16, 2016 4:58 pm
Re: Error: Letsencrypt nonce request status vestacp
Pinakas wrote: ↑Thu Sep 26, 2019 7:13 amGood morning
We run sites on both cloud servers with Ubuntu
on Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64) with all latest update installed.
Yesterday we received email from root:
domain Error: lets encrypt nonce request status
I went to terminal and run
./v-add-letsencrypt-domain and got same error:
let's encrypt nonce status
How can i resolve the issue ?
Thanks
This might sound crazy, i was facing nonce request error.
Error 503 nonce when trying to generate ssl certificate using vesta control panel.
I found that removing the www. domain .com in the subdomain's box under the root domain, save, refresh page,
then generate new ssl certificate fixed the issue.
Now,
Before anyone says my domain records were not set correctly, i will be first to say they were triple checked and everything was set correctly.
No i did not change the A records prior to this issue.
This issue also did not happen until after vesta made a new update and the control panel theme was different.