Nonce is empty. Exiting. dig output of

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » SSL » Let's Encrypt

Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.orgLast Modified: Oct 10, 2019, 4:29 pm
When creating a certificate, if you get the error:

Getting challenge for from acme-server...
Nonce is empty. Exiting. dig output of
Full nonce request output:

a report shows that it can be due to

"FULL_NONCE="`${CURL} ${CURL_OPTIONS} --silent -I ${API}/directory`": /usr/local/bin/curl --connect-timeout 15 -k -I

throwing the error

curl: (43) CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!

which likely means your version of curl is old and should be updated.  You can do this with custombuild:

cd /usr/local/directadmin/custombuild
./build update
./build curl

As similar report is related to the CustomBuild curl linking against an RPM based curl library, eg:

[root@server scripts]# /usr/local/bin/curl --connect-timeout 15 -k -I
curl: (48) An unknown option was passed in to libcurl
[root@server scripts]# ldd /usr/local/bin/curl | grep curl => /lib64/ (0x00007fdd1411a000)

where it should be /usr/local/lib/
To resolve that, remove the libcurl-devel rpm, re-compile curl and run ldconfig

rpm -e libcurl-devel
cd /usr/local/directadmin/custombuild
./build curl

and confirm:

[root@server custombuild]# ldd /usr/local/bin/curl | grep curl => /usr/local/lib/ (0x00007f17c3cd5000)

Reported error:

Requesting new certificate order...
Nonce is empty. Exiting. dig output of
Full nonce request output:
HTTP/2 200
server: nginx
date: Thu, 10 Oct 2019 05:10:04 GMT
cache-control: public, max-age=0, no-cache
link: <>;rel="index"
replay-nonce: 00013TyemkZQGnX2K1N4l76MLUN-WybdRuqsJjKWrYpsHWA
x-frame-options: DENY
strict-transport-security: max-age=604800

The solution to this one is simply grab an updated script:

cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt

Reported solution for Debian/Ubuntu



and change the order of the paths, so /usr/local/lib is higher up, so the file looks like:

include /etc/*.conf

save, then run


We've not tested this, as it could affect the libraries that system binaries use. Be sure to full test things, especially sshd (restart sshd server and test a login), before logging out of the current ssh session.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST