-
-
Notifications
You must be signed in to change notification settings - Fork 980
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWS has invalid anti-replay nonce #339
Comments
Same issue here with FreeBSD 10.3 (build with go get -u github.com/xenolf/lego) with same command
Get the same error:
Gandi's API are working fine : correct TXT record entry recorded Running without problem against staging server Regards |
This usually happens when you attempt to use an account from one ACME CA on another ACME CA. For example, if you use a staging endpoint account on the production endpoint (or vice-versa), you will get this error. So, make sure you are using the proper account. If it does not work after you confirm that you are using the right account for the endpoint, then feel free to re-open! |
@mholt I just retried deleting the accounts folder and I get the same error. renaming lego folder to force the creation of a new account:
Running lego in a docker container:
Log:
final lego folder content:
Everything looks like production letsencrytp environment, no trace of staging environement. Surely I'm doing something wrong, but I'm not able to find what |
Can, please, someone with the right privileges re-open the issue? |
Same issue here: I'm hitting the same problem with OpenBSD 6.0 for 2 different domains (without hitting the rate limit from Letsencrypt) Regards |
I am getting reports of this issue from multiple people at this point. But I really can't point my finger at anything which would cause this. We are not re-using nonces, we are getting them fresh on every invocation of lego and we are not persisting them anywhere... |
Can I execute the application with some debug enabled to help you find the
cause?
…On Sun, Jan 15, 2017, 14:55 xenolf ***@***.***> wrote:
I am getting reports of this issue from multiple people at this point. But
I really can't point my finger at anything which would cause this. We are
not re-using nonces, we are getting them fresh on every invocation of lego
and we are not persisting them anywhere...
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#339 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAQotYnHBwMBVn1LCGtp9670DW6Er3XSks5rSiVhgaJpZM4Legv_>
.
|
@jfisbein Perhaps some |
I am facing the same problem to get a certificate using the dns method with Gandi. It looks like this problem was fixed in certbot by retrying when getting this error: |
I will implement this over the weekend (retrying on nonce error). |
Hello everybody, Some news about this issue ? |
@systrace66 I'm sorry, work scored a critcal hit on my spare time :) I will finish it asap. |
@xenolf Not a problem :) Can we do some test or should we wait ? |
Are you going to create a new release with this fix? |
I tried to use the docker version of lego to create my certificates.
I executed this command:
(altered gandi key and changed domain for privacy)
docker run .-name lego -v /root/lego:/.lego --env "GANDI_API_KEY=xxxxxxxxxxxxxxxx" xenolf/lego --domains joan.mydomain.com --domains git.mydomain.com --domains joan-dyn.mydomain.com \ --email joan@mydomain.com --accept-tos --dns gandi --dns-resolvers a.dns.gandi.net run
And after the dns validation I get the error:
acme: Error 400 - urn:acme:error:badNonce - JWS has invalid anti-replay nonce
you can see the full log here:
When I run the same command against letsencrypt staging serverc (adding
--server=https://acme-staging.api.letsencrypt.org/directory
) I don't get this error and the certificates are generated flawlessly.I'm doing something wrong?
What can I do to make it work?
Thanks!
The text was updated successfully, but these errors were encountered: