Knowledge Base

Scenario

Win-ACME automation is failing and showing the following error message:

“Error 12029 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A connection with the server could not be established'."

Solution

acme.digicert.com uses the following SSL ciphers (nmap output):

TLSv1.2

Ciphers:

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

These cipher suites need to be enabled within the server trying to do automation to be able to negotiate a TLS1.2 connection to utilize the acme protocol. If these are not allowed, automation fails with “Error 12029 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A connection with the server could not be established'.”

Once the registry on the server is updated to allow one of the SSL ciphers above, the SSL automation should work.