Certes.AcmeException: Fail to fetch new nonce

My domain is: neptrix.com
I just updated the latest certifytheweb application and intend to renew a wildcard cert for *.neptrix.com. I followed the on screen instruction to introduce a TXT record in our DNS zone, then attempt to proceed with the renewal but some cryptic error message came up:


2022-10-31 02:04:58.808 +08:00 [INF] ---- Beginning Request [Wildcard Neptrix] ----
2022-10-31 02:04:58.810 +08:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
2022-10-31 02:04:58.810 +08:00 [INF] Created ACME Order: https://acme.zerossl.com/v2/DV90/order/z5zpxvXR3hThHN1wDo3_gQ
2022-10-31 02:05:03.717 +08:00 [INF] Fetching Authorizations.
2022-10-31 02:05:28.135 +08:00 [INF] Got dns-01 challenge https://acme.zerossl.com/v2/DV90/chall/gryFlxcLEgxgMhitdfQo-g
2022-10-31 02:05:28.135 +08:00 [INF] Attempting Challenge Response Validation for Domain: *.neptrix.com
2022-10-31 02:05:28.135 +08:00 [INF] Registering and Validating *.neptrix.com
2022-10-31 02:05:28.136 +08:00 [INF] Checking automated challenge response for Domain: *.neptrix.com
2022-10-31 02:05:52.056 +08:00 [INF] A problem occurred while checking challenge responses: Certes.AcmeException: Fail to fetch new nonce.
at Certes.Acme.AcmeHttpClient.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.AcmeHttpClient.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.AcmeContext.d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.IAcmeHttpClientExtensions.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Certes.Acme.EntityContext1.d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.ACME.Certes.CertesACMEProvider.d__34.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 1061
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.d__23.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 877
2022-10-31 02:05:53.040 +08:00 [INF] Validation of the required challenges did not complete successfully. A problem occurred while checking challenge responses: Certes.AcmeException: Fail to fetch new nonce.
at Certes.Acme.AcmeHttpClient.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.AcmeHttpClient.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.AcmeContext.d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.IAcmeHttpClientExtensions.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Certes.Acme.EntityContext1.d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.ACME.Certes.CertesACMEProvider.d__34.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 1061
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.d__23.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 877
2022-10-31 02:05:53.040 +08:00 [INF] Validation of the required challenges did not complete successfully. A problem occurred while checking challenge responses: Certes.AcmeException: Fail to fetch new nonce.
at Certes.Acme.AcmeHttpClient.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.AcmeHttpClient.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.AcmeContext.d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.IAcmeHttpClientExtensions.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Certes.Acme.EntityContext1.d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.ACME.Certes.CertesACMEProvider.d__34.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 1061
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.d__23.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 877
2022-10-31 02:05:53.041 +08:00 [INF] Validation of the required challenges did not complete successfully. A problem occurred while checking challenge responses: Certes.AcmeException: Fail to fetch new nonce.
at Certes.Acme.AcmeHttpClient.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.AcmeHttpClient.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.AcmeContext.d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.Acme.IAcmeHttpClientExtensions.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Certes.Acme.EntityContext1.d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.ACME.Certes.CertesACMEProvider.d__34.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 1061
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.d__23.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 877

@webprofusion Can you make anything from this terrible amount of debug trace log stuff? Meine liebe..

Hi @yeenfei, and welcome to the LE community forum :slight_smile:

The problem appears to be:

But this isn't really the best place to get support with Certify the Web.
@webprofusion might respond here but I'd open a ticket within their support channel just to be sure.

Unfortunately the entire trace does not mention WHY CtW cannot fetch a new nonce, making the entire stack trace utterly useless.. Windows programming :roll_eyes:

not sure if this is good news: I noticed the certificate authorities was somehow set to zerossl, i switched them back to LE and its working xD.

Yes, you've been using ZeroSSL for the past year or so (see crt.sh history)

Glad you got your cert and now see the new LE wildcard in that history

I'm not that familiar with ZeroSSL and their ACME implementation, but perhaps it can have some issues with nonces in combination with CtW? I dunno..

Just keep using Let's Encrypt, stay with the winning team :stuck_out_tongue:

As you can connect to the directory but not fetch a "nonce" (which is a temporary random number thing that Let's Encrypt generate to avoid replay attacks) I'd guess this request was happening during a Let's Encrypt API maintenance window.

Checking https://letsencrypt.status.io/ I can see there is planned maintenance in progress.

[Edit: ah it's ZeroSSL, well that's a shame because they don't offer a status page]

Yes, the Certes library is catching the error which makes diagnostics a little more difficult, there is however debug logging available for API calls if anyone ever needs it, they would edit C:\ProgramData\certify\serviceconfig.json and set "LogLevel" to "debug".

Does that make the log file even less comprehensive?

yea LE community is awesome.