I’ve been receiving 400 responses to requests coming from Europe. This happened highly inconsistently and at various stages of the certificate issuance process. Eventually my certificate did get issued after about 16 retries, by luck I didn’t get any 400 errors on the last run. So I don’t need help issuing a certificate. But I think there is one or more unhealthy components serving requests in Europe.
I issued six other certificates in the U.S. at the same time, and none of them had an issue.
Hard coding the address in /etc/hosts for acme-v02.api.letsencrypt.org to an IP that was used in another region did not help, I still received 400 errors.
I’m using dns-01 challenges. The client IP making the API requests is not associated with the DNS name for the certificate being issued.
My domain is: cmon.eu-ams-1.triton.zone
I ran this command:
dehydrated -c
It produced this output:
- ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)
Details:
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 169
Boulder-Requester: 43620828
Replay-Nonce: REDACTED
Expires: Wed, 10 Oct 2018 16:54:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 10 Oct 2018 16:54:43 GMT
Connection: close
{
“type”: “urn:ietf:params:acme:error:badNonce”,
“detail”: “JWS has an invalid anti-replay nonce: “REDACTED””,
“status”: 400
}
My web server is (include version):
N/A
The operating system my web server runs on is (include version):
SmartOS (Illumos)
My hosting provider, if applicable, is:
Joyent
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No