Not able to enable ACME Cerificate Service in Cisco Expressway-E

networkadmin · September 21, 2023, 12:25pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: petroretail.kz

I ran this command: Acme Providers Write request

It produced this output: ACME accept operation failed : Cannot connect to the ACME provider
management: Level="ERROR" Detail="Acme Providers Write failed", Reason="Cannot connect to the Acme Provider", ErrorCode="500"

My web server is (include version): Cisco Expressway-E version X12.5

The operating system my web server runs on is (include version): TANDBERG Video Communication Server X12.5SW Release date: 2018-12-17 16:24, build

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · September 21, 2023, 1:48pm

First, the domain name you gave is an nginx server and is not using a Let's Encrypt certificate. It is using a Sectigo wildcard cert.

Are you sure you are even connecting to Let's Encrypt?

There is not very much info in that error. You might find better help at forum link below.

rg305 · September 22, 2023, 2:41am

Hi @networkadmin, and welcome to the LE community forum

What is the FQDN that you are trying to get a cert for OR are having trouble with?

networkadmin · September 22, 2023, 5:04am

My bad, I mentioned just the whole domain.
The domain name of the server I'm having trouble with is: ewaye.petroretail.kz

According to the configuration guide Cisco Expressway Certificate Creation And Use Deployment Guide (X12.5) - Use ACME on Expressway-E [Cisco Expressway Series] - Cisco I tried to follow the links provided and download cerificates mentioned in guide - but they were expired so I tried to find actual cetrificates versions.

I have appended 2 types of cerificates - Let's Encrypt Root CA Certificate (O=IdenTrust, CN=IdenTrust Commercial Root CA 1) and Let's Encrypt Intermediate CA Certificate. I wasn't sure which exact Intermediate CA Certificate I have to use here so I appended two Intermediate certificates (O=Digital Signature Trust Co., CN=DST Root CA X3 and O=Internet Security Research Group, CN=ISRG Root X1)

networkadmin · September 22, 2023, 5:17am

networkadmin · September 22, 2023, 5:19am

Hi,
ewaye.petroretail.kz

rg305 · September 22, 2023, 5:48am

Unfortunately, I'm not familiar with that Cisco system

MikeMcQ · September 22, 2023, 2:09pm

For the benefit of the volunteers here this problem is now being handled at the Cisco Forum

system · October 22, 2023, 2:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.