Acme.sh: Could not get nonce, let's try again

Created on 8 Oct 2019 · 3Comments · Source: acmesh-official/acme.sh

Steps to reproduce

Hi guys, my wildcard cert is not renewing automatically since 1 week.
I got the same folder running on another server without any problem.

Problem is "Could not get nonce, let's try again." infinite looping.

proxy:~# acme.sh --cron --force --debug 2
[Tue 08 Oct 2019 11:59:36 AM CEST] Lets find script dir.
[Tue 08 Oct 2019 11:59:36 AM CEST] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue 08 Oct 2019 11:59:36 AM CEST] _script='/root/.acme.sh/acme.sh'
[Tue 08 Oct 2019 11:59:36 AM CEST] _script_home='/root/.acme.sh'
[Tue 08 Oct 2019 11:59:36 AM CEST] Using config home:/root/.acme.sh
[Tue 08 Oct 2019 11:59:36 AM CEST] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.1
[Tue 08 Oct 2019 11:59:36 AM CEST] Using config home:/root/.acme.sh
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue 08 Oct 2019 11:59:36 AM CEST] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue 08 Oct 2019 11:59:36 AM CEST] ===Starting cron===
[Tue 08 Oct 2019 11:59:36 AM CEST] Using config home:/root/.acme.sh
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue 08 Oct 2019 11:59:36 AM CEST] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue 08 Oct 2019 11:59:36 AM CEST] _stopRenewOnError
[Tue 08 Oct 2019 11:59:36 AM CEST] di='/root/.acme.sh/*.example.com/'
[Tue 08 Oct 2019 11:59:36 AM CEST] d='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] Using config home:/root/.acme.sh
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue 08 Oct 2019 11:59:36 AM CEST] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue 08 Oct 2019 11:59:36 AM CEST] DOMAIN_PATH='/root/.acme.sh/*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] Renew: '*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Tue 08 Oct 2019 11:59:36 AM CEST] Using config home:/root/.acme.sh
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue 08 Oct 2019 11:59:36 AM CEST] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Tue 08 Oct 2019 11:59:36 AM CEST] _main_domain='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] _alt_domains='no'
[Tue 08 Oct 2019 11:59:36 AM CEST] 'dns_euserv' does not contain 'dns'
[Tue 08 Oct 2019 11:59:36 AM CEST] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue 08 Oct 2019 11:59:36 AM CEST] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue 08 Oct 2019 11:59:36 AM CEST] GET
[Tue 08 Oct 2019 11:59:36 AM CEST] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue 08 Oct 2019 11:59:36 AM CEST] timeout=
[Tue 08 Oct 2019 11:59:36 AM CEST] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.JM8K28qeXq  -g '
[Tue 08 Oct 2019 11:59:36 AM CEST] ret='0'
[Tue 08 Oct 2019 11:59:36 AM CEST] response='{
  "ADD7Fa0FqGw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_NEW_AUTHZ
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:36 AM CEST] ACME_VERSION='2'
[Tue 08 Oct 2019 11:59:36 AM CEST] Le_NextRenewTime='1574893161'
[Tue 08 Oct 2019 11:59:36 AM CEST] _on_before_issue
[Tue 08 Oct 2019 11:59:36 AM CEST] _chk_main_domain='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] _chk_alt_domains
[Tue 08 Oct 2019 11:59:36 AM CEST] 'dns_euserv' does not contain 'no'
[Tue 08 Oct 2019 11:59:36 AM CEST] Le_LocalAddress
[Tue 08 Oct 2019 11:59:36 AM CEST] d='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] Check for domain='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] _currentRoot='dns_euserv'
[Tue 08 Oct 2019 11:59:36 AM CEST] d
[Tue 08 Oct 2019 11:59:36 AM CEST] 'dns_euserv' does not contain 'apache'
[Tue 08 Oct 2019 11:59:36 AM CEST] _saved_account_key_hash='YPTdOLf9uvKxqeU/570RAQfIu0a3Smmxkjll/mIBuOE='
[Tue 08 Oct 2019 11:59:36 AM CEST] _saved_account_key_hash is not changed, skip register account.
[Tue 08 Oct 2019 11:59:36 AM CEST] Read key length:
[Tue 08 Oct 2019 11:59:36 AM CEST] _createcsr
[Tue 08 Oct 2019 11:59:36 AM CEST] domain='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] domainlist
[Tue 08 Oct 2019 11:59:36 AM CEST] csrkey='/root/.acme.sh/*.example.com/*.example.com.key'
[Tue 08 Oct 2019 11:59:36 AM CEST] csr='/root/.acme.sh/*.example.com/*.example.com.csr'
[Tue 08 Oct 2019 11:59:36 AM CEST] csrconf='/root/.acme.sh/*.example.com/*.example.com.csr.conf'
[Tue 08 Oct 2019 11:59:36 AM CEST] Single domain='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] _is_idn_d='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] _idn_temp
[Tue 08 Oct 2019 11:59:36 AM CEST] _csr_cn='*.example.com'
[Tue 08 Oct 2019 11:59:36 AM CEST] Getting domain auth token for each domain
[Tue 08 Oct 2019 11:59:36 AM CEST] d
[Tue 08 Oct 2019 11:59:36 AM CEST] _identifiers='{"type":"dns","value":"*.example.com"}'
[Tue 08 Oct 2019 11:59:36 AM CEST] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue 08 Oct 2019 11:59:36 AM CEST] payload='{"identifiers": [{"type":"dns","value":"*.example.com"}]}'
[Tue 08 Oct 2019 11:59:36 AM CEST] RSA key
[Tue 08 Oct 2019 11:59:36 AM CEST] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:36 AM CEST] HEAD
[Tue 08 Oct 2019 11:59:36 AM CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:36 AM CEST] body
[Tue 08 Oct 2019 11:59:36 AM CEST] _postContentType='application/jose+json'
[Tue 08 Oct 2019 11:59:36 AM CEST] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.YYUGcmMWau  -g '
[Tue 08 Oct 2019 11:59:37 AM CEST] _ret='0'
[Tue 08 Oct 2019 11:59:37 AM CEST] _headers='HTTP/2 200
server: nginx
date: Tue, 08 Oct 2019 09:59:37 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001pXR5TGwSTuNJVnWPOufpxPz-Miwf2tbFLuTgGHkSBO0
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue 08 Oct 2019 11:59:37 AM CEST] _CACHED_NONCE
[Tue 08 Oct 2019 11:59:37 AM CEST] nonce
[Tue 08 Oct 2019 11:59:37 AM CEST] Could not get nonce, let's try again.
[Tue 08 Oct 2019 11:59:40 AM CEST] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:40 AM CEST] HEAD
[Tue 08 Oct 2019 11:59:40 AM CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:40 AM CEST] body
[Tue 08 Oct 2019 11:59:40 AM CEST] _postContentType='application/jose+json'
[Tue 08 Oct 2019 11:59:40 AM CEST] Http already initialized.
[Tue 08 Oct 2019 11:59:40 AM CEST] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.YYUGcmMWau  -g '
[Tue 08 Oct 2019 11:59:41 AM CEST] _ret='0'
[Tue 08 Oct 2019 11:59:41 AM CEST] _headers='HTTP/2 200
server: nginx
date: Tue, 08 Oct 2019 09:59:41 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002siWzvE1UO4mku94dKV2OMJHITLRmKGYiNMY5tRczSiM
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue 08 Oct 2019 11:59:41 AM CEST] _CACHED_NONCE
[Tue 08 Oct 2019 11:59:41 AM CEST] nonce
[Tue 08 Oct 2019 11:59:41 AM CEST] Could not get nonce, let's try again.
[Tue 08 Oct 2019 11:59:44 AM CEST] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:44 AM CEST] HEAD
[Tue 08 Oct 2019 11:59:44 AM CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue 08 Oct 2019 11:59:44 AM CEST] body
[Tue 08 Oct 2019 11:59:44 AM CEST] _postContentType='application/jose+json'
[Tue 08 Oct 2019 11:59:44 AM CEST] Http already initialized.
[Tue 08 Oct 2019 11:59:44 AM CEST] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.YYUGcmMWau  -g '
[Tue 08 Oct 2019 11:59:44 AM CEST] _ret='0'
[Tue 08 Oct 2019 11:59:44 AM CEST] _headers='HTTP/2 200
server: nginx
date: Tue, 08 Oct 2019 09:59:44 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001QxWVQKgJCd5PRPd519N0_Mqzi9guiQL7ofY0O6GEREY
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue 08 Oct 2019 11:59:44 AM CEST] _CACHED_NONCE
[Tue 08 Oct 2019 11:59:44 AM CEST] nonce
[Tue 08 Oct 2019 11:59:44 AM CEST] Could not get nonce, let's try again.

Source