Sometimes Let’s Encrypt changes their CA or intermediate certificates. If you don’t update them on both Cisco Expressway E and C, the services will fail.
Here is how to update:
- Download the latest certificates from Let’s Encrypt.
Go to this page to download the latest certificates:https://letsencrypt.org/certificates/ - Log in to Cisco Expressway-E and upload the certificates.
- Click “Choose File” to select the certificate.
- Click “Append CA certificates” to add this certificate to the trusted list.
- You can see the result that the certificate successfully added into the trusted list.
- Log in to Cisco Expressway-C and repeat from step 2 to step 5.
- That should work then, but if the server certificate has expired, you need to replace a new one by resign a new certificate on Cisco Expressway-E.
- Click “Discard Pending Cert” to remove the expired certificate.
- Click “Sign CSR with ACME Provider”.
- You can see the message indicates the the signing is in progress. Refresh the browser.
- After refreshing, you should see there are three buttons under “ACME Certificate Service”, click “Deploy Pending Cert”.
- The server certificate should be replaced as a valid one. You can check the expire date in the “Server certificate data” section.
- You can use Cisco’s TAC support tool: Collaboration Solutions Analyzer to test the result. (You need a Cisco’s CCO ID).
- In the CSA tool, choose “CollabEdge Validator” to run the validation.
- Enter the domain name, username, password to test login.
