Chris Marget
Chris Marget
Thanks for reporting this. How are you running the renewal, exactly? The command you cited is pretty much a one-shot thing. It won't do renewals by itself. The debugs indicate...
What arguments were used by the cronjob and the manual "certbot renew" command? Were the required options present? I'd like to reproduce your issue ... What exactly (beyond the plugin's...
I've seen this error myself recently. The issue was that when LE's authenticator connected to the ASA to validate the challenge certificate, it wasn't able to establish a TLS session...
So, if the failure is happening where I think it's happening... If you run 'show run | inc trustpoint|trust-point' repeatedly on the ASA while the plugin is operating, you should...
Yup, this is where I wound up last time it happened. It's not really an issue with the plugin, but the TLS service on the ASA rejecting LE's TLS client....
Pavel, can you test something for me? You'll have to be quick: During the interval when the ASA is configured to serve up the challenge certificate, but _before_ LE gets...
I think we're running into [this](https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve20346) Cisco bug. An ASA upgrade is going to be required.
I'm confident that the bug I mentioned is your problem. There's a couple of options for verifying that: 1. Downgrade to 9.3(2). The problem should go away. 2. Manually: -...
Using HTTP validation would require the ASA to serve arbitrary web pages at: `http:///.well-known/acme-challenge/ ` If that's possible with an ASA, I don't know how to do it.