search

schubergphilis / chef-acme

Chef cookbook to request SSL certificates at Let's Encrypt
Apache License 2.0
112 stars 74 forks source link

Acme::Client::Error::BadNonce: JWS has an invalid anti-replay nonce #138

Closed jgao1025 closed 1 year ago

jgao1025 commented 1 year ago

Hi, all,

background

I have debugged for this for over a week and I still got a lot of errors. I am a bit sad.

I am very new to the cookbook/chef infra, so I am not sure if I did something wrong or there is a bug. Probably it's my fault. TT__TT

set up

I set up pebble in the docker container as said in the pebble repo. I also create an example chef recipe so that I can test chef-acme. My recipe is like this.

# Include the recipe to install the gems
include_recipe 'acme'

# Set up contact information. Note the mailto: notation
node.override['acme']['contact'] = ['mailto:jie@gmail.com']
# Real certificates please...
node.override['acme']['dir'] = 'https://pebble:14000/dir'

cookbook_file '/etc/ssl/certs/pebble.minica.pem' do
  source 'pebble.minica.pem'
  mode '0644'
  action :create
end

execute 'update-ca-certificates' do
  command 'update-ca-certificates --fresh'
  action :run
end

site = "jie.ccee.au"
sans = ["www.#{site}"]

#include_recipe 'letsencrypt::nginx'

## Set up your web server here...
#
# Get and auto-renew the certificate from Let's Encrypt
acme_certificate "#{site}" do
  crt               "/etc/ssl/#{site}.crt"
  key               "/etc/ssl/#{site}.key"
  wwwroot           '/var/www/html'
end

I am using the latest release 4.1.6.

issue

I got the following error when I try to do HTTP-01 challenge.

       [2023-10-04T09:50:30+00:00] ERROR: Exception handlers complete
       Infra Phase failed. 1 resources updated in 01 seconds
       [2023-10-04T09:50:30+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
       [2023-10-04T09:50:30+00:00] FATAL: ---------------------------------------------------------------------------------------
       [2023-10-04T09:50:30+00:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
       [2023-10-04T09:50:30+00:00] FATAL: ---------------------------------------------------------------------------------------
       [2023-10-04T09:50:30+00:00] FATAL: Acme::Client::Error::BadNonce: acme_certificate[jie.ccee.au] (letsencrypt::default line 31) had an error: Acme::Client::Error::BadNonce: JWS has an invalid anti-replay nonce: VLl7Wpo2x40-Ij1HozxTVQ

Does anyone know how to solve this? Thanks a lot.

jgao1025 commented 1 year ago

I guess this problem is also related to #139 ? I will mark this as closed.