This is not the best time to continue debugging. Let us wait until this outage is resolved. These kinds of outages are rare and usually not very long (hours at most).
# INFO: Using main config file /shared/letsencrypt/config Processing origin-01.epassport.gov.bd with alternative names: origin-www.epassport.gov.bd + Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Mar 13 16:47:11 2025 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
ERROR: Problem connecting to server (head for https://acme-v02.api.letsencrypt.org/acme/new-nonce; curl returned with 35)
+ ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)
Details:
HTTP/1.1 200 Connection established
HTTP/1.1 100 Continue
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 06 Mar 2025 08:11:06 GMT
Content-Type: application/problem+json
Content-Length: 112
Connection: keep-alive
Boulder-Requester: 305902250
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 7Mi0XlJl-TaNuFQNLkzK4go1D1AWlLm2VPlv-52_cmCohb0Kvn8
{
"type": "urn:ietf:params:acme:error:badNonce",
"detail": "JWS has no anti-replay nonce",
"status": 400
}
now we get this badNonce error:
./dehydrated.sh -c
# INFO: Using main config file /shared/letsencrypt/config
Processing origin-01.epassport.gov.bd with alternative names: origin-www.epassport.gov.bd
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Mar 13 16:47:11 2025 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
ERROR: Problem connecting to server (head for https://acme-v02.api.letsencrypt.org/acme/new-nonce; curl returned with 35)
! Request failed (badNonce), retrying request...
ERROR: Problem connecting to server (post for https://acme-v02.api.letsencrypt.org/acme/order/305902250/360722294881; curl returned with 35)
EXPECTED value GOT EOF
if you are short of time you can try one of those sidesteps:
- as acme request itself doesn't need to come from IP address DNS points to (even in http/tls challenge) you can throw some VPN on that to get request from: or
- you can any of other free acme server if you are short of time
docs/list-of-acme-servers.md at master · https-dev/docs · GitHub
Do you have a network support team you can ask for help? Because you have inconsistent problems connecting to the Let's Encrypt API server. I am not sure what more I can do to help. As @orangepizza suggested you could try using a different ACME CA. BuyPass is probably the easiest as it does not require EAB registration.
Your first failure was for the /directory which is usually the first request. But, sometimes that has worked and you get failures after one or more successful requests to the LE API.
The below error only occurs after several earlier successful requests to the LE API