Lets Encrypt returning 400 Bad Request for certificate signing requests? #583

New Issue

adam · 2025-12-29T01:27:32+01:00

adam commented

2025-12-29 01:27:32 +01:00

Originally created by @maxburke on GitHub (Sep 24, 2022).

I've been using dehydrated reliably for years, but noticed today when I went to renew some certs that the requests are failing with:

  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)

Details:
HTTP/2 400
server: nginx
date: Sat, 24 Sep 2022 00:20:50 GMT
content-type: application/problem+json
content-length: 107
boulder-requester: 609382046
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0101NNOevri97g8xtGCk0ljInrw7lgEUwLPOPHDbhXCpWX0

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "JWS verification error",
  "status": 400
}

Any idea what the culprit may be?

Originally created by @maxburke on GitHub (Sep 24, 2022). I've been using dehydrated reliably for years, but noticed today when I went to renew some certs that the requests are failing with: ``` + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400) Details: HTTP/2 400 server: nginx date: Sat, 24 Sep 2022 00:20:50 GMT content-type: application/problem+json content-length: 107 boulder-requester: 609382046 cache-control: public, max-age=0, no-cache link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" replay-nonce: 0101NNOevri97g8xtGCk0ljInrw7lgEUwLPOPHDbhXCpWX0 { "type": "urn:ietf:params:acme:error:malformed", "detail": "JWS verification error", "status": 400 } ``` Any idea what the culprit may be?

adam closed this issue

2025-12-29 01:27:33 +01:00

adam commented

2025-12-29 01:27:33 +01:00

@maxburke commented on GitHub (Sep 24, 2022):

FWIW I worked around this by deleting the certs/accounts directory for the domains. I guess the key got out of sync or something?

@maxburke commented on GitHub (Sep 24, 2022): FWIW I worked around this by deleting the `certs/accounts` directory for the domains. I guess the key got out of sync or something?

adam commented

2025-12-29 01:27:33 +01:00

@krbvroc1 commented on GitHub (Oct 28, 2022):

I got this today for the first time:

+ ERROR: An error occurred while sending head-request to https://acme-v02.api.letsencrypt.org/acme/new-nonce (Status 503)

Details:
HTTP/2 503 
server: nginx
date: Thu, 27 Oct 2022 23:50:04 GMT
content-type: application/problem+json
content-length: 90
cache-control: private
retry-after: 3



/dehydrated/dehydrated: line 737: 1: unbound variable
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/order/11690994/138565828467 (Status 400)

Details:
HTTP/2 400 
server: nginx
date: Thu, 27 Oct 2022 23:50:05 GMT
content-type: application/problem+json
content-length: 112
cache-control: public, max-age=0, no-cache
link: [<https://acme-v02.api.letsencrypt.org/directory>](https://acme-v02.api.letsencrypt.org/directory);rel="index"
replay-nonce: 1DFA7pHrb7cFoE2br2Rk-_Jc9orXrSwMLxT6afaeVk2IUzg

{
  "type": "urn:ietf:params:acme:error:badNonce",
  "detail": "JWS has no anti-replay nonce",
  "status": 400
}

/dehydrated/dehydrated: line 737: 1: unbound variable
EXPECTED value GOT EOF

@krbvroc1 commented on GitHub (Oct 28, 2022): I got this today for the first time: ``` + ERROR: An error occurred while sending head-request to https://acme-v02.api.letsencrypt.org/acme/new-nonce (Status 503) Details: HTTP/2 503 server: nginx date: Thu, 27 Oct 2022 23:50:04 GMT content-type: application/problem+json content-length: 90 cache-control: private retry-after: 3 /dehydrated/dehydrated: line 737: 1: unbound variable + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/order/11690994/138565828467 (Status 400) Details: HTTP/2 400 server: nginx date: Thu, 27 Oct 2022 23:50:05 GMT content-type: application/problem+json content-length: 112 cache-control: public, max-age=0, no-cache link: [<https://acme-v02.api.letsencrypt.org/directory>](https://acme-v02.api.letsencrypt.org/directory);rel="index" replay-nonce: 1DFA7pHrb7cFoE2br2Rk-_Jc9orXrSwMLxT6afaeVk2IUzg { "type": "urn:ietf:params:acme:error:badNonce", "detail": "JWS has no anti-replay nonce", "status": 400 } /dehydrated/dehydrated: line 737: 1: unbound variable EXPECTED value GOT EOF ```

adam commented

2025-12-29 01:27:34 +01:00

@Elkenfugel commented on GitHub (Oct 31, 2022):

Let's Encrypt had planned downtime on Oct 23, 2022 that got moved to this weekend:
October 28, 2022 20:00 - October 31, 2022 20:00 UTC

https://letsencrypt.status.io/pages/55957a99e800baa4470002da

I was getting tons of errors on staging (had numerous downtime periods) and one of two production endpoints were down at one point or another. Just a heads-up for anyone with errors recently.

@Elkenfugel commented on GitHub (Oct 31, 2022): Let's Encrypt had planned downtime on Oct 23, 2022 that got moved to this weekend: October 28, 2022 20:00 - October 31, 2022 20:00 UTC https://letsencrypt.status.io/pages/55957a99e800baa4470002da I was getting tons of errors on staging (had numerous downtime periods) and one of two production endpoints were down at one point or another. Just a heads-up for anyone with errors recently.

adam commented

2025-12-29 01:27:34 +01:00

@mckaygerhard commented on GitHub (May 3, 2024):

i cannot remembered the place to specific the challenge url.. by example to use acme-v02.api.letsencrypt.org event the default https://acme-v02.api.letsencrypt.org

@mckaygerhard commented on GitHub (May 3, 2024): i cannot remembered the place to specific the challenge url.. by example to use acme-v02.api.letsencrypt.org event the default https://acme-v02.api.letsencrypt.org

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#583