Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,system is a FPR-1010 with ASA-SW 9.23(1)13.When enrolling LetsEncrypt certificates with ACME I noticed a strange timeout problem.Without "alt-fqdn" entries, everything works fine!crypto ca trustpoint LetsEncrypt_Trustpoint
enrollment interface...
Hello,on my FPR 1010 with ASA-Software 9.20(2)10 there are frequently these errors:3 Apr 29 09:36:41 firepower-1010 pidof[39335]: can't read from 39333/stat3 Apr 29 10:03:55 firepower-1010 pidof[19499]: can't read from 19501/stat3 Apr 29 10:45:15 fir...
Hello, since the last reload two days ago I have a lot of dnsproxy errors in my log3199015Jun 24 16:32:07 firepower-1010 dnsproxy: No server for ctx: 1, idx: 0working on a FPR-1010 with cisco-asa-fp1k.9.16.1.SPA installed.What does this error mean? T...
All three domains are resolved to a public IP. crypto ca trustpoint LetsEncrypt_Trustpoint
enrollment interface outside
enrollment protocol acme authentication http01 outside
enrollment protocol acme url https://acme-v02.api.letsencrypt.org:443/di...
Yes, all three real host-names can be resolved.ciscoasa(config)# ping asa.domain1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10...
Thank you for your reply. Sub-domain is always "asa.", the domain name is different.This should be a common task as RFC 5280 defines "Subject Alternative Names" (=alt-fqdn) to be expressed in the same manner as any other subject distinguished name.
it started after upgrade to latest ASA code (an is still reported repeatedly) but as of now I can say that it is apparently just an error (!) entry in ASA logthere is no obvious impact on ASA functionality
