ACME log Could not get nonce, let's try again

And yet what shows on your homepage for https://www.hamies.world is a foot banner for ParkingCrew.com- without any advertising above it.

You have a redirect from one http domain to another http domain which would cause another DNS lookup.

You also have a wrong redirect - https to http - for

Never redirect https back to http and make your redirects for Port 80, but not for Port 443.

Cloudflare's Amsterdam and Frankfurt's servers are returning an error code of 520 on http requests to www.hamies.world. There's a problem between your original server and the cache on Cloudflare's servers.

You do have a Cloudflare certs for hamies.world and a wildcard *.hamies.worldthat's good until July, 2022. However, secure connections are being aborted. You have to have Cloudflare's IPs on your allowed list for your firewall. Why not use Cloudflare's certs which covers both your apex domain and the wildcard (*.hamies.world)?

A way to start overcoming your problem would be to

  1. Decide on one domain to serve your content (either the www or apex (non-www);

  2. Clean up your redirects;

  3. Check that your domain (both the www and the apex) is reachable with a web browser. You'll have to wait a bit for the changes above to propagate; and

  4. See if Cloudflare's cert is being served (https). (Cloudflare has supplied you with certs already.)

  5. If everything is fine, you're back in business.

If you see the lock but it still it still shows as insecure, most likely there is content being served over http - most likely some ads being served by ParkingCrew. You can check for unsecure content by using this tool https://www.whynopadlock.com/ .

Please let us know how you make out. :slightly_smiling_face:

6 Likes

@JimPas thanks for the thorough response and insight.

So I thought for me *.hamies.world lookup I would be fine since I am using DDNS to update the DNS record on cloudflare.

Would that still impact the cert account for *.hamies.world? (DNS is not my strong suite) I know what it is and what is used for. But in the ACME logs did not see any error related to DNS/lookup failures. Only error code 35.

2 Likes

I think I have resolved the #1, #2, and #4 - . The www now shows secure. I changed it to the cloudflare SSL.

The apex domain is used for management and locally hosted services behind the pfsense firewall. Cloudflare does not have a redirect capability. So my goal is that the apex domain foo.hamies.world will redirect to the pfsense firewall and from there it will send traffic to its destination. But what I want is for pfsesne using ACME package to renew the SSL cert automatically so that all traffic from the outside to pfsese is secure.

1 Like

I finally resolved the issue. Turns out this was a 3rd party application on PFSENSE used for web filtering.

Saw the same issue as noted in

Disabled the application causing it to verify then and added the .letsencrypt.org to a whitelist to prevent this from happening.

3 Likes

Glad you got it straightened out - using the link posted in Post #6.
ACME log Could not get nonce, let's try again - #6 by JimPas

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.