Error: Let's Encrypt nonce request status (your.domain.name)

JustSomeBritishGuy · August 23, 2024, 5:32am

Hi folk,
Having an issue when generating SSL with Let’s Encrypt

I have tried to use;
A: the normal tick box inside of web ui
B: the CLI v-add-letsencrypt-domain
C: I’ve also tried flushing DNS
D: I’ve also double checked my dns is pointing to the correct ip
While it is working for this website, Website 01 it will not allow me to add it to other subdomains.
and now i’m fresh out of ideas, would appreciate a hand

sahsanu · August 23, 2024, 5:51am

Hi @JustSomeBritishGuy,

Show the output of this command:

curl --user-agent "HestiaCP" -s -I "https://acme-v02.api.letsencrypt.org/directory"

JustSomeBritishGuy · August 23, 2024, 6:07am

This is the response i am getting, suggests some network issue.

sahsanu · August 23, 2024, 6:11am

Yes, you server can’t resolve the domain.

Check if you can resolve other domains:

dig debian.org +short
dig letsencrypt.org +short
dig acme-v02.api.letsencrypt.org +nocmd

JustSomeBritishGuy · August 23, 2024, 6:14am

Only Received a response from acme
DigResponse

edit
i corrected debian.org but no response

sahsanu · August 23, 2024, 6:18am

Yes, your dns resolver (127.0.0.53) is not working so you should try to debug and fix it.

I suppose you are using systemd-resolved so first check the service status:

systemctl status systemd-resolved

JustSomeBritishGuy · August 23, 2024, 6:20am

I am using a DDNS do you think this could be an issue?

edit
Though the site should be not running through it

sahsanu · August 23, 2024, 6:29am

It shouldn’t be an issue.

Show the output of these commands:

dig @76.76.2.0 debian.org +short
dig @76.76.2.0 debian.org +short +tcp
dig debian.org +trace +nocmd +nodo
dig debian.org +trace +nocmd +nodo +tcp

JustSomeBritishGuy · August 23, 2024, 6:31am

Screenshot_3

sahsanu · August 23, 2024, 6:34am

Ok, the problem seems the dns servers used by systemd-resolved:

ls -l /etc/resolv.conf
cat /etc/resolv.conf
resolvectl status
cat /etc/systemd/resolved.conf

JustSomeBritishGuy · August 23, 2024, 6:36am

edit
I originally had DNS as automatic however it also was not working,
so I had switched to 8.8.8.8/1.1.1.1

sahsanu · August 23, 2024, 6:37am

You missed the s in command resolvectl status

JustSomeBritishGuy · August 23, 2024, 6:38am

Screenshot_7

sahsanu · August 23, 2024, 6:38am

How did you do that change?

JustSomeBritishGuy · August 23, 2024, 6:39am

just via GUI
Screenshot_8

sahsanu · August 23, 2024, 6:50am

Try this as root:

sudo mkdir -p /etc/systemd/resolved.conf.d
echo -e '[Resolve]\nDNS=76.76.2.0 76.76.10.0' | sudo tee /etc/systemd/resolved.conf.d/custom-dns.conf
sudo systemctl restart systemd-resolved
dig debian.org +short

Edit to fix echo command.

JustSomeBritishGuy · August 23, 2024, 6:55am

(Quite new to linux i have sudo perm but still not working)

sahsanu · August 23, 2024, 6:57am

Sorry, my bad, I didn’t check that I was writing a redirect using sudo, use this:

echo -e '[Resolve]\nDNS=76.76.2.0 76.76.10.0' | sudo tee /etc/systemd/resolved.conf.d/custom-dns.conf

JustSomeBritishGuy · August 23, 2024, 7:00am

sahsanu · August 23, 2024, 7:01am

That looks good

Now, if this command works, you could try to get your certificates:

curl --user-agent "HestiaCP" -s -I "https://acme-v02.api.letsencrypt.org/directory"