Not able to enable ACME Cerificate Service in Cisco Expressway-E

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: petroretail.kz

I ran this command: Acme Providers Write request

It produced this output: ACME accept operation failed : Cannot connect to the ACME provider
management: Level="ERROR" Detail="Acme Providers Write failed", Reason="Cannot connect to the Acme Provider", ErrorCode="500"

My web server is (include version): Cisco Expressway-E version X12.5

The operating system my web server runs on is (include version): TANDBERG Video Communication Server X12.5SW Release date: 2018-12-17 16:24, build

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

First, the domain name you gave is an nginx server and is not using a Let's Encrypt certificate. It is using a Sectigo wildcard cert.

Are you sure you are even connecting to Let's Encrypt?

There is not very much info in that error. You might find better help at forum link below.

4 Likes
3

Hi @networkadmin, and welcome to the LE community forum :slight_smile:

What is the FQDN that you are trying to get a cert for OR are having trouble with?

4 Likes
4

My bad, I mentioned just the whole domain.
The domain name of the server I'm having trouble with is: ewaye.petroretail.kz

According to the configuration guide Cisco Expressway Certificate Creation And Use Deployment Guide (X12.5) - Use ACME on Expressway-E [Cisco Expressway Series] - Cisco I tried to follow the links provided and download cerificates mentioned in guide - but they were expired so I tried to find actual cetrificates versions.

I have appended 2 types of cerificates - Let's Encrypt Root CA Certificate (O=IdenTrust, CN=IdenTrust Commercial Root CA 1) and Let's Encrypt Intermediate CA Certificate. I wasn't sure which exact Intermediate CA Certificate I have to use here so I appended two Intermediate certificates (O=Digital Signature Trust Co., CN=DST Root CA X3 and O=Internet Security Research Group, CN=ISRG Root X1)

5

Screenshot_1
Screenshot_11923×437 88.1 KB

6

Hi,
ewaye.petroretail.kz

7

Unfortunately, I'm not familiar with that Cisco system :frowning:

3 Likes
8

For the benefit of the volunteers here this problem is now being handled at the Cisco Forum

5 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.