Page 1 of 2
Error: Letsencrypt nonce request status vestacp
Posted: Thu Sep 26, 2019 7:13 am
by Pinakas
Good morning
We run sites on both cloud servers with Ubuntu
on Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64) with all latest update installed.
Yesterday we received email from root:
domain Error: lets encrypt nonce request status
I went to terminal and run
./v-add-letsencrypt-domain and got same error:
let's encrypt nonce status
How can i resolve the issue ?
Thanks
Re: Error: Letsencrypt nonce request status vestacp
Posted: Fri Sep 27, 2019 6:16 am
by playingbogart
For those who encounter subj message while trying to install let's encrypt certificate on vesta cp (especially on *.com domains).
The main problem lies into lets encrypt response message which was changed (for all or some requests?) to HTTP/2 protocol.
New response format looks like this:
Code: Select all
HTTP/2 200
server: nginx
date: Fri, 27 Sep 2019 05:32:16 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: XXXXXXxxxxxxxxxxxx01234567790XXXXXXX
x-frame-options: DENY
strict-transport-security: max-age=604800
But /usr/local/vesta/bin/v-add-letsencrypt-domain script expects HTTP/1.1 response.
There are two fields what parsed wrong: HTTP/1.1 response code, which should looking by HTTP/2 pattern, and Nonce field - which was changed to replay-nonce.
But I think it should be additional protocol version check, to leave HTTP/1.1 as fallback.
I cant paste full diff here due to spam suspiction.
Re: Error: Letsencrypt nonce request status vestacp
Posted: Fri Sep 27, 2019 6:24 am
by playingbogart
Draft diff. Dont use it if you have more then one domain, because it broke HTTP/1.1 compatibility
https://paste.debian.net/1102900/
Re: Error: Letsencrypt nonce request status vestacp
Posted: Fri Sep 27, 2019 11:30 am
by dpeca
Re: Error: Letsencrypt nonce request status vestacp
Posted: Fri Sep 27, 2019 2:18 pm
by dpeca
Quick way to apply this fix:
Code: Select all
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user -O $VESTA/bin/v-add-letsencrypt-user
chmod +x $VESTA/bin/v-add-letsencrypt-domain
chmod +x $VESTA/bin/v-add-letsencrypt-user
Re: Error: Letsencrypt nonce request status vestacp
Posted: Sat Sep 28, 2019 1:49 pm
by scristi
dpeca wrote: ↑Fri Sep 27, 2019 2:18 pm
Quick way to apply this fix:
Code: Select all
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user -O $VESTA/bin/v-add-letsencrypt-user
chmod +x $VESTA/bin/v-add-letsencrypt-domain
chmod +x $VESTA/bin/v-add-letsencrypt-user
It works fine, thanks!
Re: Error: Letsencrypt nonce request status vestacp
Posted: Sun Sep 29, 2019 5:10 pm
by cfrickler
I can also confirm, that the fix worked for me.
Re: Error: Letsencrypt nonce request status vestacp
Posted: Fri Jan 10, 2020 8:18 pm
by clicksimply
This was also happening because CURL had been uninstalled from my server for some reason. Once I got CURL installed again with this fix everything worked.
Re: Error: Letsencrypt nonce request status vestacp
Posted: Mon Mar 23, 2020 6:33 am
by Vegas10128
This might be out of the ordinary, But i will state what i found with this same error code.
My situation when adding a new domain weather being top level or sub domain.
After receiving "Letsencrypt nonce request status"
I eventually started looking to find a lot of these replies have different answers on how to fix them, and some WAY beyond the fix it solution using github.
Randomly i decided to try and see if i could access one of my websites under ssl with working certificate. Using mobile device off LAN
NO, did not receive any response.
logged into terminal using putty.
Ping 10.10.10.1 Received all packets 0% loss.
Ping google.com Received 0 packets 100% loss.
hmmmmmmmm....... interesting!
using ubuntu 16.04,
sudo nano /etc/network/interfaces
the Gateway Address was blank,
DNS-Nameservers address also blank!
Quickly filled them both in,
sudo reboot
After restart,
logged into Vesta Panel, Enabled lets encrypt and BAM! instant success.
What strikes me with the nonce request status code, this can also be due to having the following.
Conflicting ip address,
DNS server failure or no posted gateway & DNS address
DHCP has changed vesta ip address and was not set to static, but browser cache can allow you to vesta panel and cached websites under ssl.
First time using lets encrypt?
Check your A records under your domain register, make sure everything is in tack,
Check your TCP and UDP ports in your firewall make sure all the ones VESTA uses (8083 optional) are opened and pointing to Vesta.
Hope this helps anyone who wants to try this as a solution before modifying any scripts such as curl, apache, nginx, bind, etc.
Re: Error: Letsencrypt nonce request status vestacp
Posted: Thu Apr 01, 2021 11:22 am
by Vegas10128
dpeca wrote: ↑Fri Sep 27, 2019 2:18 pm
Quick way to apply this fix:
Code: Select all
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-domain -O $VESTA/bin/v-add-letsencrypt-domain
wget https://raw.githubusercontent.com/serghey-rodin/vesta/master/bin/v-add-letsencrypt-user -O $VESTA/bin/v-add-letsencrypt-user
chmod +x $VESTA/bin/v-add-letsencrypt-domain
chmod +x $VESTA/bin/v-add-letsencrypt-user
Does not work, receive Lets encrypt error 400