LetsEncrypt Empty Nonce

LawsHosting

LawsHosting

Verified User
Joined
Sep 13, 2008
Messages
2,417
Location
London UK
Ok, so I use another CA, but due to their root being blocked by browsers (Mozilla/Chrome/Safari), I thought I'd used LE for my personal domains as a temporary measure..... However, I'm not getting no nonce back - Curl & LE up to date (alas https://help.directadmin.com/item.php?id=664 ).

Thought I'd ask here.


++ /usr/local/bin/curl --connect-timeout 15 -k --silent -I https://acme-v01.api.letsencrypt.org/directory+ FULL_NONCE=
++ tr -d '\n\r'
++ cut '-d ' -f2
++ grep '^Replay-Nonce:'
++ echo ''
+ NONCE=
+ '[' '' = '' ']'
+ echo 'Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org: '
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org:
+ dig acme-v01.api.letsencrypt.org +short
api.letsencrypt.org.edgekey.net.
e981.dscb.akamaiedge.net.
23.214.165.196
+ echo 'Full nonce request output:'
Full nonce request output:
+ echo ''
Click to expand...
 
What happens if you run this manually?
/usr/local/bin/curl -I https://acme-v01.api.letsencrypt.org/directory+ FULL_NONCE=

I actually had a similar issue recently where I got a libcurl error when running curl - it wasn't shown because of the silent flags. In case you *do* also have the libcurl error when running curl you probably have the same issue I had - that is that when running a 32-bit architecture the library path is loaded in the wrong order.

The package libc-bin will add the config files in /etc/ld.so.conf.d/ and load them in alphabetical order. the file libc.conf in that directory will load /usr/local/lib and the file <architecture>-linux-gnu.conf will load the other library paths. in case of x86-64 it will be loaded after libc.conf - but if you have i386 / i486 it means libc.conf will be loaded last so curl will use the wrong libraries.

I fixed this by doing the following:
cd /etc/ld.so.conf.d/
ln -s libc.conf 00-libc.conf
ldconfig

After that it worked correctly again for us. It's actually a bug from what I could find that never got fixed:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685706
--
Your issue may be entirely different, but I had the exact same recently and this was the issue for me.
Let me know, interesting to see/hear if others encounter this since I did not expect it :)
 
Best solution!

nielsh said:
What happens if you run this manually?
/usr/local/bin/curl -I https://acme-v01.api.letsencrypt.org/directory+ FULL_NONCE=

I actually had a similar issue recently where I got a libcurl error when running curl - it wasn't shown because of the silent flags. In case you *do* also have the libcurl error when running curl you probably have the same issue I had - that is that when running a 32-bit architecture the library path is loaded in the wrong order.

The package libc-bin will add the config files in /etc/ld.so.conf.d/ and load them in alphabetical order. the file libc.conf in that directory will load /usr/local/lib and the file <architecture>-linux-gnu.conf will load the other library paths. in case of x86-64 it will be loaded after libc.conf - but if you have i386 / i486 it means libc.conf will be loaded last so curl will use the wrong libraries.

I fixed this by doing the following:
cd /etc/ld.so.conf.d/
ln -s libc.conf 00-libc.conf
ldconfig

After that it worked correctly again for us. It's actually a bug from what I could find that never got fixed:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685706
--
Your issue may be entirely different, but I had the exact same recently and this was the issue for me.
Let me know, interesting to see/hear if others encounter this since I did not expect it :)
Click to expand...

This solved my problem. Thanks a lot.
 
You must log in or register to reply here.
Back
Top