Secondly the generation of the random number is centralized by the server so could be open to abuse of the server owner. How can we generate a true random number?
It is possible to securely generate a number with sufficient amount of randomness by applying the Diffie-Hellman key exchange when the server transmits the number to you, which is basically what HTTPS does already. So, you can load the server with enough entropy sources to get as much randomness as you need, without having to burden the client with this task and waiting disproportionate lengths of time to get a random number, since maybe the client runs out of randomness sources which makes reads to /dev/random wait.
But if you don't trust the server then you shouldn't be using random numbers from it in the first place. There is no way for a client to force a malicious server to generate a truly random number as all of that is controlled entirely by the server. For what it's worth, the server owner is free to bypass the safety measures with nonces and stuff you mentioned and return some degenerate primes. Diffie-Hellman is only foolproof if you trust the other party not to send you malicious data.
It is a little hard to give a summary, but basically we need to generate a truly random number (which is the hardest part) of sufficient length (over 100 digits so GNFS is used) and allow a person to prime factor it to verify they did work. The task is easy enough for them to complete on one computer in a reasonable time frame.
Normal computers cannot factor extremely large prime numbers in a reasonable amount of time. If your goal is to make another kind of consensus algorithm then it needs to be feasible to perform on all the nodes.
