Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org

When creating a certificate, if you get the error:

Getting challenge for server.yourhost.com from acme-server...
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org:
api.letsencrypt.org.edgekey.net.
e981.dscb.akamaiedge.net.
1.2.3.4
Full nonce request output:

a report shows that it can be due to

"FULL_NONCE="`${CURL} ${CURL_OPTIONS} --silent -I ${API}/directory`": /usr/local/bin/curl --connect-timeout 15 -k -I https://acme-v01.api.letsencrypt.org/directory

throwing the error

curl: (43) CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!

which likely means your version of curl is old and should be updated.  You can do this with custombuild:

cd /usr/local/directadmin/custombuild
./build update
./build curl

 

As similar report is related to the CustomBuild curl linking against an RPM based curl library, eg:

[root@server scripts]# /usr/local/bin/curl --connect-timeout 15 -k -I https://acme-v01.api.letsencrypt.org/directory
curl: (48) An unknown option was passed in to libcurl
[root@server scripts]# ldd /usr/local/bin/curl | grep curl
       libcurl.so.4 => /lib64/libcurl.so.4 (0x00007fdd1411a000)

where it should be /usr/local/lib/libcurl.so.4.
To resolve that, remove the libcurl-devel rpm, re-compile curl and run ldconfig

rpm -e libcurl-devel
cd /usr/local/directadmin/custombuild
./build curl
ldconfig

and confirm:

[root@server custombuild]# ldd /usr/local/bin/curl | grep curl
       libcurl.so.4 => /usr/local/lib/libcurl.so.4 (0x00007f17c3cd5000)



 

Reported error:

Requesting new certificate order...
Nonce is empty. Exiting. dig output of acme-v02.api.letsencrypt.org:
prod.api.letsencrypt.org.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
172.65.32.248
Full nonce request output:
HTTP/2 200
server: nginx
date: Thu, 10 Oct 2019 05:10:04 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 00013TyemkZQGnX2K1N4l76MLUN-WybdRuqsJjKWrYpsHWA
x-frame-options: DENY
strict-transport-security: max-age=604800

The solution to this one is simply grab an updated letsencrypt.sh script:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

Reported solution for Debian/Ubuntu

Edit

/etc/ld.so.conf

and change the order of the paths, so /usr/local/lib is higher up, so the file looks like:

/usr/local/lib/
include /etc/ld.so.conf.d/*.conf

save, then run

ldconfig

We've not tested this, as it could affect the libraries that system binaries use. Be sure to full test things, especially sshd (restart sshd server and test a login), before logging out of the current ssh session.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Cài đặt Apache, MySQL, phpmyadmin và vsFTP trên CentOS

Nếu bạn đang sở hữu một phiên bản VPS có cấu hình thấp, việc cài đặt Control Panel như Kloxo,...
Cài đặt phpMyAdmin trên CentOS

Bài hướng dẫn này chỉ cho các bạn cách cài phpMyAdmin trên server đã cài đặt LAMP. Xin lưu ý,...
Hướng dẫn cài đặt Plesk Panel trên Linux

Bài này hướng dẫn cho các bạn cách install Plesk trên linux.- Download all version Plesk ...
Hướng dẫn cài đặt Kloxo trên VPS - Centos

Kloxo là một chương trình  để quản trị máy chủ hosting Linux (Control Panel) miễn phí. Hiện...
Hướng dẫn cài đặt directadmin trên VPS Linux Centos

Bài này hướng dẫn các bạn cách cài đặt DA để quản lý hosting :Trước khi cài đặt phải install thêm...