Guest

Preview Tool

Cisco Bug: CSCvt34984 - ACME certificate signing failing (connection refused) if initially not correctly set up

Last Modified

Aug 20, 2020

Products (2)

  • Cisco TelePresence Video Communication Server (VCS)
  • Cisco Expressway

Known Affected Releases

X12.5.7

Description (partial)

Symptom:
After a failed attempt to sign a CSR with ACME, further attempts to sign the CSR present with a Connection Refused error, even if the initial issue is corrected.

Failed scenarios leading to the condition can vary. /mnt/harddisk/log/letsencrypt.log will have the reason for the initial failure, this can be obtained by SCP on the Expressway-E.

Example of an initial failure that can lead to the

Conditions:
Expressway X12.5.7. ACME Certificate Signing.

DNS problem: NXDOMAIN looking up A for collab-edge.example.com 

How the error Connection refused error presents after the initial issue:

Detail: Fetching <acme-url>: Connection refused

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

From a packet capture on the Expressway-E you will see TCP/RST for port 80.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.