Curl returned with 35

My domain is:leah.majer.fr

I ran this command:dehydrated -c

It produced this output:
ERROR: Problem connecting to server (head for https://acme-v02.api.letsencrypt.org/acme/new-nonce; curl returned with 35)

Details:
HTTP/2 400
server: nginx
date: Mon, 08 Jul 2024 23:46:41 GMT
content-type: application/problem+json
content-length: 112
boulder-requester: 623559376
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: eFSVlf8Um2R-FPNdQidTyoY9-cFb0Rz4efFqyvffRSBgxK9ChVo

{
"type": "urn:ietf:params:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}

My web server is (include version):
apache 2.4

The operating system my web server runs on is (include version):
debian bullseyes

My hosting provider, if applicable, is:ovh

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):Dehydrated version: 0.7.0

i've tried again and i've got another error

`Processing leah.majer.fr

Details:
HTTP/2 400
server: nginx
date: Tue, 09 Jul 2024 00:03:54 GMT
content-type: application/problem+json
content-length: 112
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: eFSVlf8Uycm1fN4izfNwr4YoLVouA7OP8u1iUnbvcKmcXo7ODe8

{
"type": "urn:ietf:params:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}

EXPECTED value GOT EOF
`

Could you try updating to 0.7.1? Might fix known problem in 0.7.0

4 Likes

unfortunately, the package 0.7.1 is not available on debian repository for bullseye !

Should i use certbot instead ?

strange ! i retried a last time, and it worked.
But i'll have the same issue with each renewal ?

Hard to know. Looks like older dehydrated did not properly retry requests. So, if you get similar errors in future it will fail again.

Isn't it just a bash script? Can't you just download it from its github and replace yours?

3 Likes

Looks like there may be something on Let's Encrypt side causing more frequent connection problems than normal. Is being investigated after several other comms failures reported.

Follow status below. Still, would not hurt to upgrade your dehydrated to get improved retry.

3 Likes

I'll look at it for the upgrade of dehydrated. It's a production server and usually i stick with debian repositories for installs / upgrades.

We've had some reports of network trouble from some users reaching Let's Encrypt. We saw a small dip in traffic, but it has since recovered.

Can you let us know if you're still seeing this problem after about 14:20 UTC, about 1 hour ago?

3 Likes