Troubleshooting
Troubleshooting Guide
Section titled “Troubleshooting Guide”Short Summary: Solutions for common issues with Agents, Integrations, and Renewals.
1. Agent Issues
Section titled “1. Agent Issues”ERR_AGENT_OFFLINE
Section titled “ERR_AGENT_OFFLINE”Symptom: Agent is Red/Offline in the dashboard. Diagnosis:
- Check service status:
systemctl status ssl-clm-agent. - Check logs:
logs/agent.log. - Check connectivity:
curl -v https://backend-api/health. Fix:
- Restart service.
- Regenerate Agent Token if
401 Unauthorizedis seen in logs.
2. Renewal Failures
Section titled “2. Renewal Failures”ERR_CA_DENIED
Section titled “ERR_CA_DENIED”Symptom: Job fails with “Policy Violation”. Diagnosis:
- Did you request a restricted domain?
- Does the Key Size match the CA template? Fix: Update the Certificate Policy to match the CA’s requirements.
ERR_ACME_CHALLENGE
Section titled “ERR_ACME_CHALLENGE”Symptom: Let’s Encrypt validation fails. Diagnosis:
- HTTP-01: Can the world reach your server on Port 80?
- DNS-01: Did the TXT record propagate? Fix: Check firewall rules (Port 80) or DNS API credentials.
3. Integration Errors
Section titled “3. Integration Errors”MSCA: “RPC Server Unavailable”
Section titled “MSCA: “RPC Server Unavailable””Cause: Firewall blocking DCOM. Fix: Allow Port 135 and Dynamic RPC Range between Agent and CA.
F5: “Authentication Failed”
Section titled “F5: “Authentication Failed””Cause: Wrong credentials or insufficient permissions.
Fix: Ensure user has Resource Administrator role.