Last Modified: Sep 02, 2025
Affected Product(s):
BIG-IQ ADC
Known Affected Versions:
8.3.0
Opened: Apr 08, 2025 Severity: 3-Major
- LetsEncryptCertRequestTaskWorker throws an error similar to the following: "Task finished with status FAILED: Failed to validate challenge : Contents are not found for all challenge types on domain" - Using an instrumented debug JAR build from PD and looking at restjavad log, multiple 'new-order' requests that include the affected domain can be seen when creating/renewing the domain, resulting in multiple 'authorizations' and 'finalize' URLs. - No CSR is sent to LetsEncrypt ACME server, as a result, there would be no signed certificate for the affected domain.
Unsuccessful creation or renewal or signed SSL certificate for the domain.
- Create or renew a certificate for a domain that is managed through LetsEncrypt Third Party CA Management in the BIG-IQ - Domain connection status is other than 'valid' prior to creation or renewal of the certificate.
1. Delete the domain cert/key from Certificate Management -> Certificates & Keys page. This will need for the cert/key to be disassociated to traffic objects (SSL Profiles) and/or be unpinned from managed BIG-IP devices. 2. Delete the domain from LetsEncrypt Third Party CA Management. 3. Re-create the domain on LetsEncrypt Third Party CA Management. 4. Test & Deploy to ensure that the domain gets a 'valid' connection status. 5. Re-create the cert/key for the domain through the Certificate Management -> Certificates & Keys page. 6. Re-associate the newly created cert/key to traffic objects, and pin to managed BIG-IP devices, if necessary.
None