Solve the problem of massive "Error: Let's Encrypt nonce request status" for domains on the server

Community Support
1

Hello. Please help solve the problem of the massive “Error: Let’s Encrypt nonce request status” for domains on the server. Please tell me where to look at the logs.

2

=============================
Date Time: 2022-03-18 09:59:07
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: ecolife
domain: ecolife24.shop

  • aliases: www.ecolife24.shop
  • proto: http-01
  • wildcard:

==[Step 1]==

  • status: 200
  • nonce: 0101O6d0p1cfjYNfvSMqaZOr3SUmJwTZFa4kCM7rh99fKKU
  • answer: HTTP/2 200
    server: nginx
    date: Fri, 18 Mar 2022 06:59:19 GMT
    content-type: application/json
    content-length: 658
    cache-control: public, max-age=0, no-cache
    replay-nonce: 0101O6d0p1cfjYNfvSMqaZOr3SUmJwTZFa4kCM7rh99fKKU
    x-frame-options: DENY
    strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

{
“status”: “pending”,
“expires”: “2022-03-25T06:59:19Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “ecolife24.shop”
},
{
“type”: “dns”,
“value”: “www.ecolife24.shop”
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz-v3/88872433770”,
https://acme-v02.api.letsencrypt.org/acme/authz-v3/88872433780
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/362717890/72455067630
}

==[API call]==
exit status: 35

==[Step 3]==

  • status:
  • nonce:
  • url:
  • token:
  • answer:
3

Looked at the documentation. Logs found. Stop at step 3. The documentation says to look at step 5, but it doesn’t get to it. Apache2 restarts correctly. From the let’s encrypt website, the domain is successfully being tested …

4

Screenshot 2022-03-18 at 09.02.35
Screenshot 2022-03-18 at 09.02.351920×1014 59.9 KB

Probally why …

5

Yes, bad example. But there are other domains. All do not work, for example, agrotrans-rostov.ru

2022-03-18_11-36-38

=============================
Date Time: 2022-03-18 11:35:56
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: agrotrans
domain: agrotrans-rostov.ru

==[Step 1]==

  • status: 200
  • nonce: 0002pvYqfEqeUj7Pg2-1eceA1p0bTql1FNJuw9koiIkeymQ
  • answer: HTTP/2 200
    server: nginx
    date: Fri, 18 Mar 2022 08:36:07 GMT
    content-type: application/json
    content-length: 658
    cache-control: public, max-age=0, no-cache
    replay-nonce: 0002pvYqfEqeUj7Pg2-1eceA1p0bTql1FNJuw9koiIkeymQ
    x-frame-options: DENY
    strict-transport-security: max-age=604800

==[API call]==
exit status: 35

==[Step 2]==

6

Probaly there are some restrictions to russian domains due to the current sanctions, also heared there are changes needed to russian domains/infrastructure.

7

Thanks, I’ll contact let’s encrypt for clarification.

8

Good afternoon.

Thank you for your attention to me.

I learned the current situation with domains in Russia from Let’s Encrypt. At the moment, there are no restrictions, except for government sites.

I solved the problem based on the advice in the Hestia CP documentation “disable ipv6”.

Method (checklist, may be useful to someone):

  1. Make sure ipv6 is used on controllers:
    #ip addr show
    (the controllers will have an ipv6 address)

  2. Open system file:
    #vim /etc/sysctl.conf

  3. Insert lines:
    net.ipv6.conf.all.disable_ipv6=1
    net.ipv6.conf.default.disable_ipv6=1
    net.ipv6.conf.lo.disable_ipv6=1
    net.ipv6.conf.eth0.disable_ipv6=1

  4. Update and display status:
    #sysctl -p

  5. Make sure ipv6 is NOT used on controllers anymore:
    #ip addr show
    (controllers will not have an ipv6 address)

9

I have the problem too. After I recreated the certificate, everything works again.
Affected was with me a .es domain

10

HestiaCP does currently not ipv6 as long you don’t add the ipv6 / AAAA records to the DNS it should work fine

1 Like
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.