Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2259
Views
25
Helpful
6
Replies

Expressway and support for ACMEv2

Go to solution
Michael.Heimann
Level 1
Level 1

‎10-19-2019 05:24 AM

Hi,

 

It's nice that Expressway supports certification renewal with ACME / Let's encrypt. Sadly even the current 12.5.5 is still using ACMEv1. This is an old version and is being replaced with ACMEv2 since 2018.

I've just had an issue where ACMEv1 didn't work and it was due to let's encrypt disabling that protocol from time to time to raise awareness: 

 

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/3

 

Please Cisco, update the certbot included and use ACMEv2.

 

Thanks,

Michael

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP
In response to Joel Frye

‎12-20-2019 06:42 AM - edited ‎12-20-2019 07:32 AM

To help someone else that might not, just like in my case, have all that much experience with REST POST.

 

I downloaded and installed Postman

And did these steps.

 

  1. Do a GET with basic authentication that use admin user/pw to this url, https://<FQDN of the E expressway>/api/management/configuration/acmeproviders/
  2. Look at the response and copy the uuid that you get back.
  3. Do a POST with basic authentication that use admin user/pw to this url, https://<FQDN of the E expressway>/api/management/configuration/acmeproviders/uuid/<UUID copyed in step 2>, create a body in raw text format with this content url=https://acme-v02.api.letsencrypt.org/directory
  4. Do another GET with basic authentication that use admin user/pw to this url, https://<FQDN of the E expressway>/api/management/configuration/acmeproviders/
  5. The url in the response should be updated from url "https://acme-v01.api.letsencrypt.org/directory" to url "https://acme-v02.api.letsencrypt.org/directory"

Best of luck with this



Response Signature


View solution in original post

6 Replies 6

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎10-19-2019 01:13 PM

This forum is not monitored by the product team, I suggest you engage your SE/AM for this matter.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Joel Frye

‎12-20-2019 06:42 AM - edited ‎12-20-2019 07:32 AM

To help someone else that might not, just like in my case, have all that much experience with REST POST.

 

I downloaded and installed Postman

And did these steps.

 

  1. Do a GET with basic authentication that use admin user/pw to this url, https://<FQDN of the E expressway>/api/management/configuration/acmeproviders/
  2. Look at the response and copy the uuid that you get back.
  3. Do a POST with basic authentication that use admin user/pw to this url, https://<FQDN of the E expressway>/api/management/configuration/acmeproviders/uuid/<UUID copyed in step 2>, create a body in raw text format with this content url=https://acme-v02.api.letsencrypt.org/directory
  4. Do another GET with basic authentication that use admin user/pw to this url, https://<FQDN of the E expressway>/api/management/configuration/acmeproviders/
  5. The url in the response should be updated from url "https://acme-v01.api.letsencrypt.org/directory" to url "https://acme-v02.api.letsencrypt.org/directory"

Best of luck with this



Response Signature


Go to solution
Mark Turpin
Level 5
Level 5
In response to Roger Kallberg

‎01-17-2020 03:20 AM

@Roger Kallberg wrote:

To help someone else that might not, just like in my case, have all that much experience with REST POST.

Thanks Roger, your instructions were accurate and certainly more helpful than instructing one to ask their account manager. The instructions from Cisco in their video on the same topic, are not correct. They do not include the uuid in the URL which was causing me frustration for quite some time.

 

+5 to you.

--
-Mark Turpin
0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Mark Turpin

‎01-17-2020 03:37 AM

@Mark Turpin wrote:

Thanks Roger, your instructions were accurate and certainly more helpful than instructing one to ask their account manager. The instructions from Cisco in their video on the same topic, are not correct. They do not include the uuid in the URL which was causing me frustration for quite some time.

 

+5 to you.

Thanks you Mark, I'm certainly glad that it was useful for you. :)



Response Signature


0 Helpful
Customers Also Viewed These Support Documents