ACME log Could not get nonce, let's try again

NullRoute · November 25, 2021, 7:06pm

Hello,

This error goes as far back as Nov 20, unfortunately I have nothing earlier to reference. No changes on acme package configuration no DNS provider (Cloudflare).

pfsense 21.05.1-RELEASE on SG-5100
acme 0.6.10

My domain is: hamies.world

I ran this command: Acme cron auto renew

Checked  acme_issuecert.log
[Thu Nov 25 00:47:15 EST 2021] readlink exists=0
[Thu Nov 25 00:47:15 EST 2021] dirname exists=0
[Thu Nov 25 00:47:15 EST 2021] Lets find script dir.
[Thu Nov 25 00:47:15 EST 2021] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Thu Nov 25 00:47:15 EST 2021] _script='/usr/local/pkg/acme/acme.sh'
[Thu Nov 25 00:47:15 EST 2021] _script_home='/usr/local/pkg/acme'
[Thu Nov 25 00:47:15 EST 2021] Using config home:/tmp/acme/WildCardCert.hamies.world/
[Thu Nov 25 00:47:15 EST 2021] ACCOUNT_CONF_PATH='/tmp/acme/WildCardCert.hamies.world/accountconf.conf'
[Thu Nov 25 00:47:15 EST 2021] APP
[Thu Nov 25 00:47:15 EST 2021] 3:LOG_FILE='/tmp/acme/WildCardCert.hamies.world/acme_issuecert.log'
[Thu Nov 25 00:47:15 EST 2021] APP
[Thu Nov 25 00:47:15 EST 2021] 4:LOG_LEVEL='3'
[Thu Nov 25 00:47:15 EST 2021] LE_WORKING_DIR='/tmp/acme/WildCardCert.hamies.world/'
[Thu Nov 25 00:47:15 EST 2021] Running cmd: issue
[Thu Nov 25 00:47:15 EST 2021] _main_domain='*.hamies.world'
[Thu Nov 25 00:47:15 EST 2021] _alt_domains='no'
[Thu Nov 25 00:47:15 EST 2021] Using config home:/tmp/acme/WildCardCert.hamies.world/
[Thu Nov 25 00:47:15 EST 2021] ACCOUNT_CONF_PATH='/tmp/acme/WildCardCert.hamies.world/accountconf.conf'
[Thu Nov 25 00:47:15 EST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:15 EST 2021] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Thu Nov 25 00:47:15 EST 2021] CA_CONF='/tmp/acme/WildCardCert.hamies.world//ca/acme-v02.api.letsencrypt.org/ca.conf'
[Thu Nov 25 00:47:15 EST 2021] DOMAIN_PATH='/tmp/acme/WildCardCert.hamies.world//*.hamies.world'
[Thu Nov 25 00:47:15 EST 2021] 'dns_cf' does not contain 'dns'
[Thu Nov 25 00:47:15 EST 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Nov 25 00:47:15 EST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Nov 25 00:47:15 EST 2021] GET
[Thu Nov 25 00:47:15 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:15 EST 2021] timeout=
[Thu Nov 25 00:47:15 EST 2021] curl exists=0
[Thu Nov 25 00:47:15 EST 2021] wget exists=127
[Thu Nov 25 00:47:15 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:15 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:15 EST 2021] ret='35'
[Thu Nov 25 00:47:15 EST 2021] response
[Thu Nov 25 00:47:15 EST 2021] Can not init api.
[Thu Nov 25 00:47:15 EST 2021] Le_NextRenewTime
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 1:Le_Domain='*.hamies.world'
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 2:Le_Alt='no'
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 3:Le_Webroot='dns_cf'
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 4:Le_PreHook=''
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 5:Le_PostHook=''
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 6:Le_RenewHook=''
[Thu Nov 25 00:47:15 EST 2021] OK
[Thu Nov 25 00:47:15 EST 2021] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:15 EST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Nov 25 00:47:15 EST 2021] _on_before_issue
[Thu Nov 25 00:47:15 EST 2021] _chk_main_domain='*.hamies.world'
[Thu Nov 25 00:47:15 EST 2021] _chk_alt_domains
[Thu Nov 25 00:47:15 EST 2021] 'dns_cf' does not contain 'no'
[Thu Nov 25 00:47:15 EST 2021] Le_LocalAddress
[Thu Nov 25 00:47:15 EST 2021] d='*.hamies.world'
[Thu Nov 25 00:47:15 EST 2021] Check for domain='*.hamies.world'
[Thu Nov 25 00:47:15 EST 2021] _currentRoot='dns_cf'
[Thu Nov 25 00:47:15 EST 2021] d
[Thu Nov 25 00:47:15 EST 2021] 'dns_cf' does not contain 'apache'
[Thu Nov 25 00:47:15 EST 2021] _saved_account_key_hash
[Thu Nov 25 00:47:15 EST 2021] Using config home:/tmp/acme/WildCardCert.hamies.world/
[Thu Nov 25 00:47:15 EST 2021] ACCOUNT_CONF_PATH='/tmp/acme/WildCardCert.hamies.world/accountconf.conf'
[Thu Nov 25 00:47:15 EST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:15 EST 2021] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Thu Nov 25 00:47:15 EST 2021] CA_CONF='/tmp/acme/WildCardCert.hamies.world//ca/acme-v02.api.letsencrypt.org/ca.conf'
[Thu Nov 25 00:47:15 EST 2021] _regAccount
[Thu Nov 25 00:47:15 EST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Nov 25 00:47:15 EST 2021] GET
[Thu Nov 25 00:47:15 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:15 EST 2021] timeout=
[Thu Nov 25 00:47:15 EST 2021] curl exists=0
[Thu Nov 25 00:47:15 EST 2021] wget exists=127
[Thu Nov 25 00:47:15 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:15 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:15 EST 2021] ret='35'
[Thu Nov 25 00:47:15 EST 2021] response
[Thu Nov 25 00:47:15 EST 2021] Can not init api.
[Thu Nov 25 00:47:15 EST 2021] RSA key
[Thu Nov 25 00:47:15 EST 2021] pub_exp='010001'
[Thu Nov 25 00:47:15 EST 2021] xxd exists=127
[Thu Nov 25 00:47:15 EST 2021] base64 single line.
[Thu Nov 25 00:47:15 EST 2021] _URGLY_PRINTF='1'
[Thu Nov 25 00:47:15 EST 2021] e='AQAB'
[Thu Nov 25 00:47:15 EST 2021] modulus='CA84E973FEBEB9B29B2EFB75577D31F6E7B6993A8640DC73DC1D58ED58845031458CFC539FDA985983DE23AEF93F7E847F4F835D93617BBA757F5B86289EAD29B999704FA36C74DB19C90C5779DA6C25C627AF77753F82855C32B3E197312B60BEC8548134522CF35BD2EFE8291987FC65EB623C3AB07C1BB1AA1E7C822643E302291AF46F830D0244217D3CF249EE43C634F767E75905A42E421D5829DD340545881462E7D992A9C788918A277D0DA401A098D65EC777688695E21600B3983CF2D675EE8E01515AE05EBD01C114F18175FD250F6F26B5B66BF0A2474AE57BE8DF7CF7F9D4BD59C2E96FCA9B949EAA30C489C2E6E8FA6FE51CC9FADAB9B071A4BD1AE2CC384133693F6D1A7C91FBDBC364AB4B73056ECBEB620F1BFFC8806EC9CCA874752901BCEACC531DC5A0AEA6B3DCBB17BE4FDA7EC8ACF8551C2BC51C933D9651E8AD948374764862CE6EBFEFBF782F45DB2F47CB6D091BF61B8DFCD043FB0FE8550C08861BA1805DBA7A8A5D7FFDF4C469925F8F6317F5DF91A4660BBE167B7ECCC0BCA8DE71D04F85C733379400CE39D9F7906A452864AE25A0B3CB9B89FBD5622F511ACD8A97FF05C0B319F05F5B0B39A8088AD4BBA4EA8F5AA111EB1474CCCCECA4B4CBAB36894E0C2BE13C54477EB48DF2AB97D7026B7367C1A6EC3FCAADFEE5392F5F4B4F4C45574DFE38C47D029764BCF990B0E1443DB7610F2B'
[Thu Nov 25 00:47:15 EST 2021] xxd exists=127
[Thu Nov 25 00:47:15 EST 2021] base64 single line.
[Thu Nov 25 00:47:15 EST 2021] _URGLY_PRINTF='1'
[Thu Nov 25 00:47:16 EST 2021] n='yoTpc_6-ubKbLvt1V30x9ue2mTqGQNxz3B1Y7ViEUDFFjPxTn9qYWYPeI675P36Ef0-DXZNhe7p1f1uGKJ6tKbmZcE-jbHTbGckMV3nabCXGJ693dT-ChVwys-GXMStgvshUgTRSLPNb0u_oKRmH_GXrYjw6sHwbsaoefIImQ-MCKRr0b4MNAkQhfTzySe5DxjT3Z-dZBaQuQh1YKd00BUWIFGLn2ZKpx4iRiid9DaQBoJjWXsd3aIaV4hYAs5g88tZ17o4BUVrgXr0BwRTxgXX9JQ9vJrW2a_CiR0rle-jffPf51L1ZwulvypuUnqowxInC5uj6b-UcyfraubBxpL0a4sw4QTNpP20afJH728Nkq0tzBW7L62IPG__IgG7JzKh0dSkBvOrMUx3FoK6ms9y7F75P2n7IrPhVHCvFHJM9llHorZSDdHZIYs5uv--_eC9F2y9Hy20JG_YbjfzQQ_sP6FUMCIYboYBdunqKXX_99MRpkl-PYxf135GkZgu-Fnt-zMC8qN5x0E-FxzM3lADOOdn3kGpFKGSuJaCzy5uJ-9ViL1EazYqX_wXAsxnwX1sLOagIitS7pOqPWqER6xR0zMzspLTLqzaJTgwr4TxUR360jfKrl9cCa3NnwabsP8qt_uU5L19LT0xFV03-OMR9ApdkvPmQsOFEPbdhDys'
[Thu Nov 25 00:47:16 EST 2021] jwk='{"e": "AQAB", "kty": "RSA", "n": "yoTpc_6-ubKbLvt1V30x9ue2mTqGQNxz3B1Y7ViEUDFFjPxTn9qYWYPeI675P36Ef0-DXZNhe7p1f1uGKJ6tKbmZcE-jbHTbGckMV3nabCXGJ693dT-ChVwys-GXMStgvshUgTRSLPNb0u_oKRmH_GXrYjw6sHwbsaoefIImQ-MCKRr0b4MNAkQhfTzySe5DxjT3Z-dZBaQuQh1YKd00BUWIFGLn2ZKpx4iRiid9DaQBoJjWXsd3aIaV4hYAs5g88tZ17o4BUVrgXr0BwRTxgXX9JQ9vJrW2a_CiR0rle-jffPf51L1ZwulvypuUnqowxInC5uj6b-UcyfraubBxpL0a4sw4QTNpP20afJH728Nkq0tzBW7L62IPG__IgG7JzKh0dSkBvOrMUx3FoK6ms9y7F75P2n7IrPhVHCvFHJM9llHorZSDdHZIYs5uv--_eC9F2y9Hy20JG_YbjfzQQ_sP6FUMCIYboYBdunqKXX_99MRpkl-PYxf135GkZgu-Fnt-zMC8qN5x0E-FxzM3lADOOdn3kGpFKGSuJaCzy5uJ-9ViL1EazYqX_wXAsxnwX1sLOagIitS7pOqPWqER6xR0zMzspLTLqzaJTgwr4TxUR360jfKrl9cCa3NnwabsP8qt_uU5L19LT0xFV03-OMR9ApdkvPmQsOFEPbdhDys"}'
[Thu Nov 25 00:47:16 EST 2021] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "yoTpc_6-ubKbLvt1V30x9ue2mTqGQNxz3B1Y7ViEUDFFjPxTn9qYWYPeI675P36Ef0-DXZNhe7p1f1uGKJ6tKbmZcE-jbHTbGckMV3nabCXGJ693dT-ChVwys-GXMStgvshUgTRSLPNb0u_oKRmH_GXrYjw6sHwbsaoefIImQ-MCKRr0b4MNAkQhfTzySe5DxjT3Z-dZBaQuQh1YKd00BUWIFGLn2ZKpx4iRiid9DaQBoJjWXsd3aIaV4hYAs5g88tZ17o4BUVrgXr0BwRTxgXX9JQ9vJrW2a_CiR0rle-jffPf51L1ZwulvypuUnqowxInC5uj6b-UcyfraubBxpL0a4sw4QTNpP20afJH728Nkq0tzBW7L62IPG__IgG7JzKh0dSkBvOrMUx3FoK6ms9y7F75P2n7IrPhVHCvFHJM9llHorZSDdHZIYs5uv--_eC9F2y9Hy20JG_YbjfzQQ_sP6FUMCIYboYBdunqKXX_99MRpkl-PYxf135GkZgu-Fnt-zMC8qN5x0E-FxzM3lADOOdn3kGpFKGSuJaCzy5uJ-9ViL1EazYqX_wXAsxnwX1sLOagIitS7pOqPWqER6xR0zMzspLTLqzaJTgwr4TxUR360jfKrl9cCa3NnwabsP8qt_uU5L19LT0xFV03-OMR9ApdkvPmQsOFEPbdhDys"}}'
[Thu Nov 25 00:47:16 EST 2021] _eab_id='[hidden](please add '--output-insecure' to see this value)'
[Thu Nov 25 00:47:16 EST 2021] _eab_hmac_key='[hidden](please add '--output-insecure' to see this value)'
[Thu Nov 25 00:47:16 EST 2021] OK
[Thu Nov 25 00:47:16 EST 2021] 1:CA_EMAIL='VALID EMAIL'
[Thu Nov 25 00:47:16 EST 2021] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Thu Nov 25 00:47:16 EST 2021] url
[Thu Nov 25 00:47:16 EST 2021] payload='{"contact": ["mailto:VALID EMAIL"], "termsOfServiceAgreed": true}'
[Thu Nov 25 00:47:16 EST 2021] Use cached jwk for file: /tmp/acme/WildCardCert.hamies.world//ca/acme-v02.api.letsencrypt.org/account.key
[Thu Nov 25 00:47:16 EST 2021] base64 single line.
[Thu Nov 25 00:47:16 EST 2021] payload64='eyJjb250YWN0IjogWyJtYWlsdG86cG9zaXg0MEB5YWhvby5jb20iXSwgInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjogdHJ1ZX0'
[Thu Nov 25 00:47:16 EST 2021] _request_retry_times='1'
[Thu Nov 25 00:47:16 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:16 EST 2021] GET
[Thu Nov 25 00:47:16 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:16 EST 2021] timeout=
[Thu Nov 25 00:47:16 EST 2021] curl exists=0
[Thu Nov 25 00:47:16 EST 2021] wget exists=127
[Thu Nov 25 00:47:16 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:16 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:16 EST 2021] ret='35'
[Thu Nov 25 00:47:16 EST 2021] _headers
[Thu Nov 25 00:47:16 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:16 EST 2021] nonce
[Thu Nov 25 00:47:16 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:18 EST 2021] _request_retry_times='2'
[Thu Nov 25 00:47:18 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:18 EST 2021] GET
[Thu Nov 25 00:47:18 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:18 EST 2021] timeout=
[Thu Nov 25 00:47:18 EST 2021] curl exists=0
[Thu Nov 25 00:47:18 EST 2021] wget exists=127
[Thu Nov 25 00:47:18 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:18 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:18 EST 2021] ret='35'
[Thu Nov 25 00:47:18 EST 2021] _headers
[Thu Nov 25 00:47:18 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:18 EST 2021] nonce
[Thu Nov 25 00:47:18 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:20 EST 2021] _request_retry_times='3'
[Thu Nov 25 00:47:20 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:20 EST 2021] GET
[Thu Nov 25 00:47:20 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:20 EST 2021] timeout=
[Thu Nov 25 00:47:20 EST 2021] curl exists=0
[Thu Nov 25 00:47:20 EST 2021] wget exists=127
[Thu Nov 25 00:47:20 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:20 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:20 EST 2021] ret='35'
[Thu Nov 25 00:47:20 EST 2021] _headers
[Thu Nov 25 00:47:20 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:20 EST 2021] nonce
[Thu Nov 25 00:47:20 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:22 EST 2021] _request_retry_times='4'
[Thu Nov 25 00:47:22 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:22 EST 2021] GET
[Thu Nov 25 00:47:22 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:22 EST 2021] timeout=
[Thu Nov 25 00:47:22 EST 2021] curl exists=0
[Thu Nov 25 00:47:22 EST 2021] wget exists=127
[Thu Nov 25 00:47:22 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:22 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:22 EST 2021] ret='35'
[Thu Nov 25 00:47:22 EST 2021] _headers
[Thu Nov 25 00:47:22 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:22 EST 2021] nonce
[Thu Nov 25 00:47:22 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:24 EST 2021] _request_retry_times='5'
[Thu Nov 25 00:47:24 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:24 EST 2021] GET
[Thu Nov 25 00:47:24 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:24 EST 2021] timeout=
[Thu Nov 25 00:47:24 EST 2021] curl exists=0
[Thu Nov 25 00:47:24 EST 2021] wget exists=127
[Thu Nov 25 00:47:24 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:24 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:24 EST 2021] ret='35'
[Thu Nov 25 00:47:24 EST 2021] _headers
[Thu Nov 25 00:47:24 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:24 EST 2021] nonce
[Thu Nov 25 00:47:24 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:26 EST 2021] _request_retry_times='6'
[Thu Nov 25 00:47:26 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:26 EST 2021] GET
[Thu Nov 25 00:47:26 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:26 EST 2021] timeout=
[Thu Nov 25 00:47:26 EST 2021] curl exists=0
[Thu Nov 25 00:47:26 EST 2021] wget exists=127
[Thu Nov 25 00:47:26 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:26 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:26 EST 2021] ret='35'
[Thu Nov 25 00:47:26 EST 2021] _headers
[Thu Nov 25 00:47:26 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:26 EST 2021] nonce
[Thu Nov 25 00:47:26 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:28 EST 2021] _request_retry_times='7'
[Thu Nov 25 00:47:28 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:28 EST 2021] GET
[Thu Nov 25 00:47:28 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:28 EST 2021] timeout=
[Thu Nov 25 00:47:28 EST 2021] curl exists=0
[Thu Nov 25 00:47:28 EST 2021] wget exists=127
[Thu Nov 25 00:47:28 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:28 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:28 EST 2021] ret='35'
[Thu Nov 25 00:47:28 EST 2021] _headers
[Thu Nov 25 00:47:28 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:28 EST 2021] nonce
[Thu Nov 25 00:47:28 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:30 EST 2021] _request_retry_times='8'
[Thu Nov 25 00:47:30 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:30 EST 2021] GET
[Thu Nov 25 00:47:30 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:30 EST 2021] timeout=
[Thu Nov 25 00:47:30 EST 2021] curl exists=0
[Thu Nov 25 00:47:30 EST 2021] wget exists=127
[Thu Nov 25 00:47:30 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:30 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:30 EST 2021] ret='35'
[Thu Nov 25 00:47:30 EST 2021] _headers
[Thu Nov 25 00:47:30 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:30 EST 2021] nonce
[Thu Nov 25 00:47:30 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:32 EST 2021] _request_retry_times='9'
[Thu Nov 25 00:47:32 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:32 EST 2021] GET
[Thu Nov 25 00:47:32 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:32 EST 2021] timeout=
[Thu Nov 25 00:47:32 EST 2021] curl exists=0
[Thu Nov 25 00:47:32 EST 2021] wget exists=127
[Thu Nov 25 00:47:32 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:32 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:32 EST 2021] ret='35'
[Thu Nov 25 00:47:32 EST 2021] _headers
[Thu Nov 25 00:47:32 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:32 EST 2021] nonce
[Thu Nov 25 00:47:32 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:35 EST 2021] _request_retry_times='10'
[Thu Nov 25 00:47:35 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:35 EST 2021] GET
[Thu Nov 25 00:47:35 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:35 EST 2021] timeout=
[Thu Nov 25 00:47:35 EST 2021] curl exists=0
[Thu Nov 25 00:47:35 EST 2021] wget exists=127
[Thu Nov 25 00:47:35 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:35 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:35 EST 2021] ret='35'
[Thu Nov 25 00:47:35 EST 2021] _headers
[Thu Nov 25 00:47:35 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:35 EST 2021] nonce
[Thu Nov 25 00:47:35 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:37 EST 2021] _request_retry_times='11'
[Thu Nov 25 00:47:37 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:37 EST 2021] GET
[Thu Nov 25 00:47:37 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:37 EST 2021] timeout=
[Thu Nov 25 00:47:37 EST 2021] curl exists=0
[Thu Nov 25 00:47:37 EST 2021] wget exists=127
[Thu Nov 25 00:47:37 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:37 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:37 EST 2021] ret='35'
[Thu Nov 25 00:47:37 EST 2021] _headers
[Thu Nov 25 00:47:37 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:37 EST 2021] nonce
[Thu Nov 25 00:47:37 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:39 EST 2021] _request_retry_times='12'
[Thu Nov 25 00:47:39 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:39 EST 2021] GET
[Thu Nov 25 00:47:39 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:39 EST 2021] timeout=
[Thu Nov 25 00:47:39 EST 2021] curl exists=0
[Thu Nov 25 00:47:39 EST 2021] wget exists=127
[Thu Nov 25 00:47:39 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:39 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:39 EST 2021] ret='35'
[Thu Nov 25 00:47:39 EST 2021] _headers
[Thu Nov 25 00:47:39 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:39 EST 2021] nonce
[Thu Nov 25 00:47:39 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:41 EST 2021] _request_retry_times='13'
[Thu Nov 25 00:47:41 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:41 EST 2021] GET
[Thu Nov 25 00:47:41 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:41 EST 2021] timeout=
[Thu Nov 25 00:47:41 EST 2021] curl exists=0
[Thu Nov 25 00:47:41 EST 2021] wget exists=127
[Thu Nov 25 00:47:41 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:41 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:41 EST 2021] ret='35'
[Thu Nov 25 00:47:41 EST 2021] _headers
[Thu Nov 25 00:47:41 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:41 EST 2021] nonce
[Thu Nov 25 00:47:41 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:43 EST 2021] _request_retry_times='14'
[Thu Nov 25 00:47:43 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:43 EST 2021] GET
[Thu Nov 25 00:47:43 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:43 EST 2021] timeout=
[Thu Nov 25 00:47:43 EST 2021] curl exists=0
[Thu Nov 25 00:47:43 EST 2021] wget exists=127
[Thu Nov 25 00:47:43 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:43 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:43 EST 2021] ret='35'
[Thu Nov 25 00:47:43 EST 2021] _headers
[Thu Nov 25 00:47:43 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:43 EST 2021] nonce
[Thu Nov 25 00:47:43 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:45 EST 2021] _request_retry_times='15'
[Thu Nov 25 00:47:45 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:45 EST 2021] GET
[Thu Nov 25 00:47:45 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:45 EST 2021] timeout=
[Thu Nov 25 00:47:45 EST 2021] curl exists=0
[Thu Nov 25 00:47:45 EST 2021] wget exists=127
[Thu Nov 25 00:47:45 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:45 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:45 EST 2021] ret='35'
[Thu Nov 25 00:47:45 EST 2021] _headers
[Thu Nov 25 00:47:45 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:45 EST 2021] nonce
[Thu Nov 25 00:47:45 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:47 EST 2021] _request_retry_times='16'
[Thu Nov 25 00:47:47 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:47 EST 2021] GET
[Thu Nov 25 00:47:47 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:47 EST 2021] timeout=
[Thu Nov 25 00:47:47 EST 2021] curl exists=0
[Thu Nov 25 00:47:47 EST 2021] wget exists=127
[Thu Nov 25 00:47:47 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:47 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:47 EST 2021] ret='35'
[Thu Nov 25 00:47:47 EST 2021] _headers
[Thu Nov 25 00:47:47 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:47 EST 2021] nonce
[Thu Nov 25 00:47:47 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:49 EST 2021] _request_retry_times='17'
[Thu Nov 25 00:47:49 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:49 EST 2021] GET
[Thu Nov 25 00:47:49 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:49 EST 2021] timeout=
[Thu Nov 25 00:47:49 EST 2021] curl exists=0
[Thu Nov 25 00:47:49 EST 2021] wget exists=127
[Thu Nov 25 00:47:49 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:49 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:49 EST 2021] ret='35'
[Thu Nov 25 00:47:49 EST 2021] _headers
[Thu Nov 25 00:47:49 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:49 EST 2021] nonce
[Thu Nov 25 00:47:49 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:51 EST 2021] _request_retry_times='18'
[Thu Nov 25 00:47:51 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:51 EST 2021] GET
[Thu Nov 25 00:47:51 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:51 EST 2021] timeout=
[Thu Nov 25 00:47:51 EST 2021] curl exists=0
[Thu Nov 25 00:47:51 EST 2021] wget exists=127
[Thu Nov 25 00:47:51 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:51 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:51 EST 2021] ret='35'
[Thu Nov 25 00:47:51 EST 2021] _headers
[Thu Nov 25 00:47:51 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:51 EST 2021] nonce
[Thu Nov 25 00:47:51 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:53 EST 2021] _request_retry_times='19'
[Thu Nov 25 00:47:53 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:53 EST 2021] GET
[Thu Nov 25 00:47:53 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:53 EST 2021] timeout=
[Thu Nov 25 00:47:53 EST 2021] curl exists=0
[Thu Nov 25 00:47:53 EST 2021] wget exists=127
[Thu Nov 25 00:47:53 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:53 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:53 EST 2021] ret='35'
[Thu Nov 25 00:47:53 EST 2021] _headers
[Thu Nov 25 00:47:53 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:53 EST 2021] nonce
[Thu Nov 25 00:47:53 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:55 EST 2021] _request_retry_times='20'
[Thu Nov 25 00:47:55 EST 2021] Get nonce with GET. ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:55 EST 2021] GET
[Thu Nov 25 00:47:55 EST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Nov 25 00:47:55 EST 2021] timeout=
[Thu Nov 25 00:47:55 EST 2021] curl exists=0
[Thu Nov 25 00:47:55 EST 2021] wget exists=127
[Thu Nov 25 00:47:55 EST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/WildCardCert.hamies.world//http.header '
[Thu Nov 25 00:47:55 EST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Thu Nov 25 00:47:55 EST 2021] ret='35'
[Thu Nov 25 00:47:55 EST 2021] _headers
[Thu Nov 25 00:47:55 EST 2021] _CACHED_NONCE
[Thu Nov 25 00:47:55 EST 2021] nonce
[Thu Nov 25 00:47:55 EST 2021] Could not get nonce, let's try again.
[Thu Nov 25 00:47:57 EST 2021] Giving up sending to CA server after 20 retries.
[Thu Nov 25 00:47:57 EST 2021] Register account Error:
[Thu Nov 25 00:47:57 EST 2021] _on_issue_err
[Thu Nov 25 00:47:57 EST 2021] Please check log file for more details: /tmp/acme/WildCardCert.hamies.world/acme_issuecert.log
[Thu Nov 25 00:47:57 EST 2021] _chk_vlist

rg305 · November 25, 2021, 8:24pm

Try:
curl -Ii https://acme-v02.api.letsencrypt.org/directory

NullRoute · November 26, 2021, 7:30am

Tried and got this error:
curl -Ii https://acme-v02.api.letsencrypt.org/directory
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

NullRoute · November 29, 2021, 7:22pm

Can anyone assist?

rg305 · November 30, 2021, 1:21am

You may need to update:

ca-certificates
openssl

JimPas · November 30, 2021, 5:54am

I came across this similar problem that turned out to be the system clock was not synchronized (the time was off by too much). In this link it shows the query results showing the time problem. If your system clock is fine, we can continue on from here.

Certificate Expiring Soon | ACME log Could not get nonce, let's try again. | Netgate Forum

JimPas · December 3, 2021, 2:06am

@null , Have you gotten anywhere with this - successful or otherwise?

rg305 · December 3, 2021, 6:06am

... and we wait for a @null response ...

NullRoute · December 19, 2021, 6:27pm

Hello,

No change in behavior. Reinstalled software fresh install. Still seeing same behavior.

rg305 · December 19, 2021, 6:38pm

Please show the output of:
echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head

JimPas · December 19, 2021, 10:27pm

There's a misconfiguration which returns a 400 and 499 error.

Cloudfare gives a 1020 error.

If you have access, you can try going to your Cloudfare Dashboard and adjust the firewall settings which are affecting your domain. I found one solution for the 1020 Access Denied here:

NullRoute · December 20, 2021, 3:45pm

Hello,
This is the output:

34371072000:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 80

CONNECTED(00000003)

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 7 bytes and written 332 bytes

Verification: OK

---

New, (NONE), Cipher is (NONE)

NullRoute · December 20, 2021, 3:53pm

The only rule I have is challenging IP addresses NOT in US.

(ip.geoip.country ne "US")

orangepizza · December 20, 2021, 4:06pm

while it's not current problem. that'd like break challange because IIRC LE has some vantage point in europe. they don't publish there they are looking from so i can't really prove it though

JimPas · December 20, 2021, 6:00pm

As @orangepizza points out, blocking IP addresses from other than the USA will break the challenge as LE does check from a list of multiple IPs around the world. If an IP is blocked, the challenge will fail. This is especially important for auto-renewal of your cert.

rg305 · December 20, 2021, 7:23pm

Is that an inbound or outbound or bothbound block?
[I don't agree with blocking HTTP, just trying to understand what you've done]

NullRoute · December 20, 2021, 10:11pm

It is an inbound rule and I have disabled it. However still no change.

MikeMcQ · December 21, 2021, 12:01am

Are you still having a problem? I see a fresh wildcard cert issued today crt.sh | hamies.world

I also do not get any server errors from Cloudflare as seen earlier. I get valid 302 or 200 responses for apex and www domains - pretty normal looking.

Well, mostly normal, I was surprised to see x-served-by: Namecheap URL Forward response header for curl -I hamies.world requests when the DNS records pointed to Cloudflare edge servers. But, it does not look to be interfering with my simple tests.

And, you might want to check Cloudflare settings as your http://www.hamies.world does not redirect to https. Not required but is almost always best.

NullRoute · December 21, 2021, 2:46am

That fresh wild card cert is from different hardware I was testing to verify the configuration. The delta is that the SG-5100 does not work with configuration.

My hunch is that it is hardware issue and not configuration. I will be testing further. Namecheap is the domain registrar but I forwarded DNS to cloudflare.

MikeMcQ · December 21, 2021, 3:12am

If your Namecheap DNS is using proper A records for Cloudflare you can remove the URL redirect in Namecheap. You use one or the other - not both. And, URL Redirect usually causes problems by itself.