Page 2 of 2
Re: Error: Letsencrypt nonce request status vestacp
Posted: Sat Oct 09, 2021 11:59 am
by Messiah
Hello,
could such error happen due to DST Root CA X3 Expiration (September 30, 2021) ?
Re: Error: Letsencrypt nonce request status vestacp
Posted: Tue Oct 12, 2021 1:17 pm
by electricsheep
Messiah wrote: ↑Sat Oct 09, 2021 11:59 am
Hello,
could such error happen due to DST Root CA X3 Expiration (September 30, 2021) ?
Yes, in my case on debian 7 server ISRG Root X1 wasn't trusted so letsencrypt refreshes started failing.
To check you can try to run in SSH
curl -I "
https://acme-v02.api.letsencrypt.org/directory"
If that fails with cert error you probably need to update ca certificates list
Re: Error: Letsencrypt nonce request status vestacp
Posted: Sat Oct 16, 2021 11:57 pm
by Messiah
Thank you for confirmation.
I've just guessed. Maybe that post will be useful for other people who will face with this error, since the solution few posts above WILL NOT solve this problem with expired DST Root CA X3
Re: Error: Letsencrypt nonce request status vestacp
Posted: Tue Nov 02, 2021 6:58 am
by youradds
Did you work out how to get this sorted? We seem to have the same CA issue:
Code: Select all
curl -I "https://acme-v02.api.letsencrypt.org/directory"
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLf ile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Re: Error: Letsencrypt nonce request status vestacp
Posted: Tue Nov 09, 2021 1:00 pm
by donriga
tail -f /var/log/vesta/letsencrypt.log
[Tue Nov 9 12:37:04 UTC 2021] : --- Requesting nonce / STEP 1 ---
[Tue Nov 9 12:37:04 UTC 2021] : curl -s -I "
https://acme-v02.api.letsencrypt.org/directory"
[Tue Nov 9 12:37:04 UTC 2021] : answer=
[Tue Nov 9 12:37:04 UTC 2021] : nonce=
[Tue Nov 9 12:37:04 UTC 2021] : status=
[Tue Nov 9 12:37:04 UTC 2021] : EXIT=Let's Encrypt nonce request status
Solved: apt-get install curl
Re: Error: Letsencrypt nonce request status vestacp
Posted: Wed Nov 17, 2021 8:22 pm
by stephensaid
None of the solutions I found solved this problem.
I've just guessed. Maybe that post will be useful for other people who will face with this error, since the solution few posts above WILL NOT solve this problem with expired DST Root CA X3
Running curl -l "
https://acme-v02.api.letsencrypt.org/directory" outputs the following:
Code: Select all
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Does this mean we need to update the ca certificate list?
How do we do that?
I will soon have several sites without SSL, one of which has a lot of traffic!
Any help is appreciated.
Re: Error: Letsencrypt nonce request status vestacp
Posted: Thu Nov 18, 2021 6:27 am
by youradds
What OS are you on? It looks like you need to update your root CA certificates. I did this on my server with:
Code: Select all
apt-get update
sudo apt-get install ca-certificates -y
sudo update-ca-certificates
Then restart the server. If it fixed it, you should be able to `curl` again like your test, but this time without an error. Hope that helps! (I spent hours and hours trying to figure that out)
Re: Error: Letsencrypt nonce request status vestacp
Posted: Thu Jan 20, 2022 5:32 pm
by Vegas10128
Pinakas wrote: ↑Thu Sep 26, 2019 7:13 am
Good morning
We run sites on both cloud servers with Ubuntu
on Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64) with all latest update installed.
Yesterday we received email from root:
domain Error: lets encrypt nonce request status
I went to terminal and run
./v-add-letsencrypt-domain and got same error:
let's encrypt nonce status
How can i resolve the issue ?
Thanks
This might sound crazy, i was facing nonce request error.
Error 503 nonce when trying to generate ssl certificate using vesta control panel.
I found that removing the www. domain .com in the subdomain's box under the root domain, save, refresh page,
then generate new ssl certificate fixed the issue.
Now,
Before anyone says my domain records were not set correctly, i will be first to say they were triple checked and everything was set correctly.
No i did not change the A records prior to this issue.
This issue also did not happen until after vesta made a new update and the control panel theme was different.