Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

failed to find newNonce URL in directory #14

Closed
sparkprime opened this issue Dec 4, 2019 · 8 comments
Closed

failed to find newNonce URL in directory #14

sparkprime opened this issue Dec 4, 2019 · 8 comments

Comments

@sparkprime
Copy link

I'm not sure why it says this, because curling the directory shows it contains newNonce.

dcunnin@dcunnin:~$ uacme -v -c uacme.d issue fractaldemo.comy
uacme: version 1.0.18 starting on Wed, 04 Dec 2019 18:39:08 +0000
uacme: loading key from uacme.d/private/key.pem
uacme: loading key from uacme.d/private/fractaldemo.com/key.pem
uacme: checking existence and expiration of uacme.d/fractaldemo.com/cert.pem
uacme: uacme.d/fractaldemo.com/cert.pem does not exist
uacme: fetching directory at https://acme-v02.api.letsencrypt.org/directory
uacme: failed to find newNonce URL in directory

dcunnin@dcunnin:~$ curl -i https://acme-v02.api.letsencrypt.org/directory
HTTP/2 200 
server: nginx
date: Wed, 04 Dec 2019 18:39:41 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "iiOi2bpTbTM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
@cpu
Copy link

cpu commented Dec 4, 2019

👋 @sparkprime Does this issue still occur for you if you try again now?

I'm wondering whether you saw this failure as a result of bad timing and a recent brief planned maintenance. Did you hit this error between December 4, 2019 17:45 - December 4, 2019 18:25 UTC?

@sparkprime
Copy link
Author

I started using this tool during their planned maintenance, so yes, but I also haven't got any experience of using it before.

@sparkprime
Copy link
Author

But the API appears to be working according to curl, no?

@sparkprime
Copy link
Author

It's still failing for me. Does it work for you?

@sparkprime
Copy link
Author

I just discovered you can do -v more than once:

dcunnin@dcunnin:~$ uacme -v -v -v -c uacme.d issue fractaldemo.com
uacme: version 1.0.18 starting on Wed, 04 Dec 2019 19:13:56 +0000
uacme: loading key from uacme.d/private/key.pem
uacme: loading key from uacme.d/private/fractaldemo.com/key.pem
uacme: checking existence and expiration of uacme.d/fractaldemo.com/cert.pem
uacme: uacme.d/fractaldemo.com/cert.pem does not exist
uacme: fetching directory at https://acme-v02.api.letsencrypt.org/directory
uacme: acme_get: url=https://acme-v02.api.letsencrypt.org/directory
uacme: acme_get: HTTP headers
HTTP/2 200 
server: nginx
date: Wed, 04 Dec 2019 19:13:57 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
x-frame-options: DENY
strict-transport-security: max-age=604800


uacme: acme_get: HTTP body
{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "oxhkRSXBs60": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
uacme: acme_get: return code 200
uacme: failed to find newNonce URL in directory

@cpu
Copy link

cpu commented Dec 4, 2019
edited

It's still failing for me. Does it work for you?

Sorry, I'm not a user of uacme. I work for Let's Encrypt on the CA software and happened to see your issue.

If it's still failing then it won't be related to the maintenance. I had theorized that perhaps you tried to use uacme during the maintenance and Let's Encrypt returned a /directory response with a JSON problem document describing the maintenance. I thought perhaps your test verification curl happened after the maintenance ended and so got the real directory response instead of the problem doc. We can discount that theory since the maintenance ended and your problem persists.

dcunnin@dcunnin:~$ uacme -v -v -v -c uacme.d issue fractaldemo.com
uacme: version 1.0.18 starting on Wed, 04 Dec 2019 19:13:56 +0000

@sparkprime One thing that stands out to me is that you're running v1.0.18 and the CHANGELOG mentions v1.0.20 fixing a bug related to fetching the server directory over HTTP/2:

2019-10-03 Nicola Di Lieto <nicola.dilieto@gmail.com>
	* Release 1.0.20
	- improved HTTP header parsing to fix problem that
	  can happen when retrieving directory over HTTP/2

Perhaps an upgrade will fix the problem for you?

@sparkprime
Copy link
Author

Worth a try!

@sparkprime
Copy link
Author

Yeah that seems to have fixed it. Thanks for the help :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sparkprime @cpu