Could not get nonce, let's try again

billy0 · August 27, 2021, 8:15pm

I ran this command:
Built in "Request TLS Certificate" function this shows in the logs:
Running sudo -u admin /usr/local/bin/ghe-ssl-acme -p -i and writing log to /tmp/acme-issue.log.20210827-2312-1t53k6i, pid=19740
---> Running sudo -u acme-client acme.sh --allow-sudo --syslog 6 --config-home /tmp/tmp.acme-workdir.VipIZT6946 --register-account --accountkeylength 4096

It produced this output:
[Fri Aug 27 19:37:37 UTC 2021] Please refer to libcurl - Error Codes for error code: 7
[Fri Aug 27 19:37:37 UTC 2021] Can not init api.
[Fri Aug 27 19:37:39 UTC 2021] Create account key ok.
[Fri Aug 27 19:37:39 UTC 2021] Registering account
[Fri Aug 27 19:39:48 UTC 2021] Please refer to libcurl - Error Codes for error code: 7
[Fri Aug 27 19:39:48 UTC 2021] Could not get nonce, let's try again.

Last 2 lines repeat every few min

My web server is (include version): GitHub Enterprise virtual machine

The operating system my web server runs on is (include version): unknown

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): should be able to SSH in

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): unknown

rg305 · August 27, 2021, 8:36pm

Hi @billy0, welcome to the LE community forum

I'm not familiar with:

client.

Are you using their latest version?
Does that version support ACMEv2?

billy0 · August 27, 2021, 8:44pm

Latest version from GitHub, just setup a few days ago. Unsure on how to determine what version of ACME the tool is using.

Phil · August 27, 2021, 10:02pm

Here's some documentation that may be of use for ghe-ssl-acme.

petercooperjr · August 27, 2021, 10:09pm

Well, from the linked list of libcurl error codes, 7 means "CURLE_COULDNT_CONNECT (7): Failed to connect() to host or proxy." So it sounds like you just can't connect to the Let's Encrypt API from your server.

Is there some firewall in the way, or a proxy configuration you need to set up to be able to have your server connect to the outside world?

billy0 · August 27, 2021, 10:30pm

And its been a bit since I started up a fresh EC2 instance... outbound rules, kinda necessary.

system · September 26, 2021, 10:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.