Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secr…

Well, the CA thinks that the client's request is missing one field. [image] connaryscott: My web server is (include version): The operating system my web server runs on is (include version): My hosting provider, if applicable, is: I can login to a root shell on my machine (yes or no, or I do…

It happens on our server too, just started from today. What can we do to solve this?

@connaryscott : It shouldn’t have anything to do with this issue, but why are you using --ca to use the acme-v01 API? Why not use acme-v02? @ronaldgetz : Please answer the questions below: Please fill out the fields below so we can help you better. Note: you must provide your domain name to get he…

Hi this is my environment for your reference. My domain is: order.nicethingstoshare.com I ran this command: I am using Openresty with lua-resty-auto-ssl ( https://github.com/GUI/lua-resty-auto-ssl ) It produced this output: 2019/09/24 07:11:51 [error] 2298#2298: 5 [lua] ssl_certificate.lua:97: iss…

grep "VERSION=" /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated | head -n 1

[image] _az: grep "VERSION=" /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated | head -n 1 The result is VERSION="0.5.0"

[image] ronaldgetz: VERSION=“0.5.0” Great. I can 100% reproduce the issue at 0.5.0: alex at x1 in ~/Downloads/dehydrated (tags/v0.5.0) $ ./dehydrated -6 -f config -c -x # INFO: Using main config file config Processing 80755380.ngrok.io + Checking domain name(s) of existing cert... unchanged.…

excuse me, but how to update the dehydrated to 0.6.5? Since it comes with openresty, I am not sure how.

That is going to be a question that you will need to pose to the openresty project. What I would try doing is replacing the contents of /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated with the contents of https://raw.githubusercontent.com/lukas2511/dehydrated/v0.6.5/dehydrated . It shoul…

There is also a second, less invasive change you can try. On line 485 (of 0.5.0) you will find this line: nonce="$(http_request head "${CA}" | grep Replay-Nonce: | awk -F ': ' '{print $2}' | tr -d '\n\r')" If you add a -i after the grep, like below: nonce="$(http_request head "${CA}" | grep -i R…

Trying to understand urn:acme:error:badNonce

Help

ronaldgetz September 24, 2019, 8:25am 16

Not sure about that, but their build keep failing on their Github. They should aware of this issue.

Topic		Replies	Views
JWS has no anti-replay nonce Help	19	12368	November 8, 2019
Curl returned with 35 Help	9	742	August 8, 2024
Getting The client sent an unacceptable anti-replay nonce Help	24	23417	May 2, 2017
Dehydrated: curl returned with 35 Help	15	1366	May 7, 2022
"curl returned with 35" + anti-replay nonce (seems IPv6-related) Help	14	3581	November 17, 2016

Trying to understand urn:acme:error:badNonce

Related topics