CloudPoint SSL Certificates Expire After One Year

CloudPoint SSL Certificates Expire After One Year

Article: 100045729
Last Published: 2019-06-12
Ratings: 1 0
Product(s): CloudPoint


The SSL certificates that CloudPoint's internal services need to communicate with each other are generated with a one-year lifetime when CloudPoint is first installed. It should automatically renew those certificates before they expire, but the code to do that doesn't work (C3PM-15243, STESC-3171). When the certificates expire, CloudPoint ceases to work.

This issue exists in all versions of CloudPoint from 2.0 through 2.2.1.

Error Message

1.       The customer installed CloudPoint a year or more ago.

2.       The customer may not be able to login to the CloudPoint console.

3.       If the customer is already logged in to the CloudPoint console, the UI shows busy spinners continuously as it tries to update the summary information.

4.       If the customer attempts to restart CloudPoint, it fails to start. “docker ps” shows several of the CloudPoint internal service containers continuously restarting.

5.       The CloudPoint logs show RabbitMQ and MongoDB connection errors like the following:

  • AMQPConnectionError: Connection to failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
  • AutoReconnect: flexsnap-mongodb:27017: [Errno -2] Name or service not known

These error messages may vary, but the parts highlighted in red are the key indicators of this problem.


The SSL certificates that CloudPoint's internal services need expires a year after deployment.


Download the diagnostic script, copy it to the customer’s CloudPoint server, and give it 755 permissions.

Run with no command line arguments to get a list of the CloudPoint SSL certificates and their expiration dates.
# ./

Here is an example of the output for one certificate. The last field, “notAfter” is the expiration date of the certificate.


subject= /CN=coordinator.0/O=coordinator

notBefore=Aug 6 00:31:43 2019 GMT

notAfter=Aug 5 00:31:43 2020 GMT


If any of the certificates are expired or will expire soon, then contact technical support for assistance renewing the certificates.



Was this content helpful?