New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
acme clients not working, bad nonce #85
Comments
Hi @DonOtuseGH , I fear I need further information here to get to the bottom of this. I validated that ACME nonce processing is working in principle using the development guide, but of course, something might always be different in the real world.
Looking forward to more information! Thanks + kr, Mat |
Hi @DonOtuseGH , ping? Any further information? |
Hi @mathiasertl, sorry for the late reply, I'm a bit busy at the moment, but i'll try to collect the requested information tomorrow or the day after. BR |
Hi Mat, i'd like to answer your questions...
in addition i have the following overwrites:
localsettings looks like so:
|
Hi @DonOtuseGH, thanks for the detailed report! I'm already trying to reproduce this. I'll come back if I have further questions! What I can see from a first look is that the requests/responses are consistent with a client not sending the correct replay nonce. But then of course: Why would certbot not do that? I'm sure the issue is somehow, somewhere on the django-ca side. Just out of curiosity - why remove the the kr, Mat |
Ah! NO WAIT! I found it. From your CACHES:
default:
BACKEND: django.core.cache.backends.locmem.LocMemCache The docker-compose setup includes a Redis instance precisely because the application server needs a cache that is shared between all processes that serve requests. uWSGI starts four processes by default. Likely you hit different uWSGI processes for each request, but each request has a different, independent (read: local memory) cache. Can you remove those lines and try again? By the way: I'm also extremely annoyed by this, but: you "might" want to include the changes from a0f1490 in your docker-compose.yml file. kr, Mat |
Closing this issue due to lack of further feedback. If you experience further issues, please don't hesitate to create a new issue or reopen this issue. |
Hello,
i tried to use
certbot
anduacme
clients to get certificates from django-ca (latest docker image), but without success. Both clients reportnonce
issues...certbot:
An unexpected error occurred: The client sent an unacceptable anti-replay nonce :: Bad or invalid nonce.
uacme:
uacme: acme_post: server rejected nonce, retrying
Any ideas, how to get this working?
The text was updated successfully, but these errors were encountered: