Cisco Bug: CSCvt34984 - ACME certificate signing failing (connection refused) if initially not correctly set up
Aug 20, 2020
- Cisco TelePresence Video Communication Server (VCS)
- Cisco Expressway
Known Affected Releases
Symptom: After a failed attempt to sign a CSR with ACME, further attempts to sign the CSR present with a Connection Refused error, even if the initial issue is corrected. Failed scenarios leading to the condition can vary. /mnt/harddisk/log/letsencrypt.log will have the reason for the initial failure, this can be obtained by SCP on the Expressway-E. Example of an initial failure that can lead to the Conditions: Expressway X12.5.7. ACME Certificate Signing. DNS problem: NXDOMAIN looking up A for collab-edge.example.com How the error Connection refused error presents after the initial issue: Detail: Fetching <acme-url>: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. From a packet capture on the Expressway-E you will see TCP/RST for port 80.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases