Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
visualyont.tk
I ran this command:
acme.sh --issue -d visualyont.tk -w /var/www/acme-challenge
It produced this output:
Could not get nonce, let's try again.
[Mon Nov 16 02:35:45 PM UTC 2020] GET
[Mon Nov 16 02:35:45 PM UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Nov 16 02:35:45 PM UTC 2020] timeout=
[Mon Nov 16 02:35:45 PM UTC 2020] _CURL='curl -L --silent --dump-header /home/acme/.acme.sh/http.header -g '
[Mon Nov 16 02:35:45 PM UTC 2020] ret='0'
[Mon Nov 16 02:35:45 PM UTC 2020] Could not get nonce, let's try again.
[Mon Nov 16 02:35:48 PM UTC 2020] GET
[Mon Nov 16 02:35:48 PM UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Nov 16 02:35:48 PM UTC 2020] timeout=
[Mon Nov 16 02:35:48 PM UTC 2020] _CURL='curl -L --silent --dump-header /home/acme/.acme.sh/http.header -g '
[Mon Nov 16 02:35:48 PM UTC 2020] ret='0'
[Mon Nov 16 02:35:48 PM UTC 2020] Could not get nonce, let's try again.
[Mon Nov 16 02:35:51 PM UTC 2020] GET
[Mon Nov 16 02:35:51 PM UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Nov 16 02:35:51 PM UTC 2020] timeout=
[Mon Nov 16 02:35:51 PM UTC 2020] _CURL='curl -L --silent --dump-header /home/acme/.acme.sh/http.header -g '
[Mon Nov 16 02:35:52 PM UTC 2020] ret='0'
[Mon Nov 16 02:35:52 PM UTC 2020] Could not get nonce, let's try again.
[Mon Nov 16 02:35:55 PM UTC 2020] Giving up sending to CA server after 20 retries.
[Mon Nov 16 02:35:55 PM UTC 2020] Register account Error: {"type": "urn:ietf:params:acme:error:rateLimited", "detail": "Your IP, 45.77.190.231, has been blocked due to ridiculously excessive traffic. Once corrected, request a review by emailing unblock-request@letsencrypt.org"}
[Mon Nov 16 02:35:55 PM UTC 2020] _on_issue_err
[Mon Nov 16 02:35:55 PM UTC 2020] Please check log file for more details: /home/acme/.acme.sh/acme.sh.log
My web server is (include version):
The operating system my web server runs on is (include version):
Unbuntu 20
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Yep! This is the message you get when we've manually blocked an IP address for - you guessed it - ridiculously excessive traffic. @kyon12345 can you send mail to that address with info about your setup and steps you've taken to fix the excessive traffic? That's the process to get unblocked.
Also worth noting: It's possible, with cloud providers, that you've inherited an IP address that someone else was using previously and got blocked. If you've only had this IP address for a short while, that is also useful to convey in your email.
It looks like they're trying to get a nonce from the directory endpoint. That won't work to my knowledge. They need to hit the newNonce endpoint. Or maybe it's just a linear process restarting over and over again and failing at different points.
It's a holdover from ACMEv1, but you can still get a nonce by sending a HEAD request to any resource, including the directory.
Edit: on second review, I don't think that's what's happening anyway, it's probably first trying to find the newNonce URL in the first place by downloading the directory!
My last response about memoryless script is most likely accurate.