Hey there! I'm running a few websites which all use TurnkeyLinux Wordpress systems. Configuring and renewing Letsencrypt via their ConfConsole used to be a breeze, but has stopped since maybe a month. There is a discussion going on there, but it doesn't look like their is a clean fix to this. Can anybody here help on what needs updating?
My domain is:
undercover-media.co.nz
I ran this command:
/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper
It produced this output:
[2019-11-10 00:15:19] dehydrated-wrapper: INFO: started
[2019-11-10 00:15:20] dehydrated-wrapper: INFO: found apache2 listening on port 80
[2019-11-10 00:15:20] dehydrated-wrapper: INFO: stopping apache2
[2019-11-10 00:15:21] dehydrated-wrapper: INFO: running dehydrated
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 400)
Details:
{
"type": "urn:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
[2019-11-10 00:15:26] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-11-10 00:15:26] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-11-10 00:15:26] dehydrated-wrapper: INFO: starting apache2
[2019-11-10 00:15:26] dehydrated-wrapper: INFO: starting stunnel4
[2019-11-10 00:15:26] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
My web server is (include version):
Apache 2.4.25
The operating system my web server runs on is (include version):
Debian 9.6
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
confconsole 1.1.0
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
(dehydrated 0.3.1)
EDIT: dehydrated 0.6.2
I did try to add the following lines to /etc/dehydrated/confconsole.config
CA="https://acme-v02.api.letsencrypt.org/directory"
CA_TERMS="https://acme-v02.api.letsencrypt.org/terms"
which then raised the following error
ERROR: Certificate authority doesn't allow certificate signing