Error: Let's Encrypt nonce request status (your.domain.name)

Hi folk,
Having an issue when generating SSL with Let’s Encrypt


I have tried to use;
A: the normal tick box inside of web ui
B: the CLI v-add-letsencrypt-domain
C: I’ve also tried flushing DNS
D: I’ve also double checked my dns is pointing to the correct ip
While it is working for this website, Website 01 it will not allow me to add it to other subdomains.
and now i’m fresh out of ideas, would appreciate a hand :slight_smile:

Hi @JustSomeBritishGuy,

Show the output of this command:

curl --user-agent "HestiaCP" -s -I "https://acme-v02.api.letsencrypt.org/directory"

This is the response i am getting, suggests some network issue.

Yes, you server can’t resolve the domain.

Check if you can resolve other domains:

dig debian.org +short
dig letsencrypt.org +short
dig acme-v02.api.letsencrypt.org +nocmd

Only Received a response from acme
DigResponse

edit
i corrected debian.org but no response

Yes, your dns resolver (127.0.0.53) is not working so you should try to debug and fix it.

I suppose you are using systemd-resolved so first check the service status:

systemctl status systemd-resolved

I am using a DDNS do you think this could be an issue?


edit
Though the site should be not running through it

It shouldn’t be an issue.

Show the output of these commands:

dig @76.76.2.0 debian.org +short
dig @76.76.2.0 debian.org +short +tcp
dig debian.org +trace +nocmd +nodo
dig debian.org +trace +nocmd +nodo +tcp

Screenshot_3

Ok, the problem seems the dns servers used by systemd-resolved:

ls -l /etc/resolv.conf
cat /etc/resolv.conf
resolvectl status
cat /etc/systemd/resolved.conf



edit
I originally had DNS as automatic however it also was not working,
so I had switched to 8.8.8.8/1.1.1.1

You missed the s in command resolvectl status

Screenshot_7

How did you do that change?

just via GUI
Screenshot_8

Try this as root:

sudo mkdir -p /etc/systemd/resolved.conf.d
echo -e '[Resolve]\nDNS=76.76.2.0 76.76.10.0' | sudo tee /etc/systemd/resolved.conf.d/custom-dns.conf
sudo systemctl restart systemd-resolved
dig debian.org +short

Edit to fix echo command.


(Quite new to linux i have sudo perm but still not working)

Sorry, my bad, I didn’t check that I was writing a redirect using sudo, use this:

echo -e '[Resolve]\nDNS=76.76.2.0 76.76.10.0' | sudo tee /etc/systemd/resolved.conf.d/custom-dns.conf
1 Like

That looks good :wink:

Now, if this command works, you could try to get your certificates:

curl --user-agent "HestiaCP" -s -I "https://acme-v02.api.letsencrypt.org/directory"