Ansible Let's Encrypt Module - Bad Nonces

Hi guys,

I’m running into some issues automating certificates using Ansible, and I’m not sure if I’m doing anything wrong. I’ve tried requesting certificates against staging without succes. I’ve also tried production 2 times, also without succes, but a different error.

I’ve checked some other posts on the forum, but as far as I can see everything checks out (DNSSEC is properly set up, the TXT record is found). However, the only difference I found was that my domains are signed with algorithm 13 ( ECDSA Curve P-256 with SHA-256).

Can you assist me getting this show on the road? :slight_smile:

Thanks!

Details:

My domain is: elementnetworks.nl, DNSSEC enabled with algorithm 13, no errors a.t.m. : http://dnsviz.net/d/elementnetworks.nl/dnssec/

I ran this command: Ansible’s letsencrypt module: https://docs.ansible.com/ansible/letsencrypt_module.html with the DNS-01 challenge

It produced this output:
On staging:
msg": “Authorization for ******** returned invalid: CHALLENGE: ******** DETAILS: DNS problem: SERVFAIL looking up CAA for ********;”

On production:
“msg”: "Error validating challenge: CODE: 4**************** RESULT: {\n “type”: “urn:acme:error:badNonce”,\n “detail”: “JWS has invalid anti-replay nonce iHIHfxYi_ZAjUpkwJuRBq9lsZSVNGLFVv4FvVqUczk",\n “status”: 4********\n}”

My operating system is (include version): Debian 8.8

My DNS server is (include version): PowerDNS 4.0.3

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’ve placed another challenge, the details are:

domainname: www.elementnetworks.nl
challenge record: _acme-challenge.www.elementnetworks.nl descriptive text “lP4X8h4IO9EkU0gY6kSCRDJ8rY9zBtd9EE912ld2JIA”

Output from the letsencrypt module for Ansible:
=== 8< ===
“status”: “pending”,
“token”: “azahHThI7W-pw-5rsxawKchaAI6iHVxtxfAYpvLaJSo”,
“type”: “dns-01”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/f8j5Sc5ednzeB0pUyPlIsUzKQ0sZeNPVdy1kxqw4Y6I/39664269
}
=== 8< ===

hi @Thulium-Drake

There was a service outage a few days ago which could explain the bad nonce problem

Have you tried recently?

If you are still having issues then log it with the developers of the Ansible Module.

Andrei

Hi @ahaw021,

Thanks for the reply! I have tried the staging API last weekend with succes. It seems the changes/fixes made during the disruption did solve the CAA errors.

I’ve just tried the production API, it works! :slight_smile:

Case closed!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.