When Generate certificate,An unexpected error occurred

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --nginx

It produced this output: Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
An unexpected error occurred:
The client sent an unacceptable anti-replay nonce :: JWS has an invalid anti-replay nonce: "01046InS_If89cnvaQhZP0Po5K49plN0xNeUTAiVvl33CL4"
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): ngnix

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like


1 Like


That probably shouldn't happen - Certbot is supposed to try again if it encounters a bad nonce error.

Could you try again right now?

If this happens repeatedly, could you please the contents of /var/log/letsencrypt/letsencrypt.log?

1 Like

it's ok now.
After another half an hour

Perhaps @dojobwill is running an older/ancient version of certbot? I didn't see a version number in the OP unfortunately.

Possibly! Can't really infer the version from the posted output.

Another possibility: checking the acme module again, Certbot will only retry a badNonce error once. It's possible that OP ran into back-to-back nonce errors due to random chance, or maybe there was something happening on the CA side.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.