# Agent Connectivity Issues The **Agent Connectivity Issues** section addresses problems where CERTInext Bots (Discovery or Provisioning agents) fail to communicate with the CERTInext platform or cannot reach configured target systems. Since bots operate within enterprise networks and initiate outbound communication, connectivity problems directly impact discovery scans, automated issuance, and deployment workflows. Timely resolution ensures uninterrupted certificate visibility and lifecycle automation.Common Symptoms Connectivity issues may appear as: * Bot status showing **Inactive**, **Stopped**, or **Pending** * Last Bot Update timestamp not refreshing * Discovery scans not running * Provisioning tasks stuck in queue * Renewal not triggering * Frequent timeout or network errors in logs #### Step 1: Verify Bot Status Navigate to:\ **Certificates → Discovery → Bots**\ or\ **Certificates → Provisioning → Bots** Check: * Bot Status = **Active** * Last Bot Update shows recent communication * Bot Version is current * Bot token has not expired If status is inactive: * Restart the bot service on the host * Confirm token validity * Re-register the bot if required #### Step 2: Validate Outbound Connectivity CERTInext bots require outbound HTTPS connectivity. Verify from the bot host: * Port **443 (HTTPS)** is open * DNS resolution to CERTInext API endpoint * Proxy configuration (if applicable) * No firewall blocks for outbound requests Test using:\ `curl https:///health` If proxy is required, confirm hostname, port, and authentication settings are correctly configured. #### Step 3: Check System-Level Requirements Ensure the bot host meets prerequisites: * Supported operating system * Administrator/root privileges * NTP time synchronization enabled * Minimum disk space available * Bot service running (Windows Service / systemctl) Time drift may cause authentication failures. #### Step 4: Validate Token and Activation Window Bots authenticate using a time-bound token. Check: * Activation window has not expired * Bot token matches the one generated in CERTInext * Token was not revoked If expired, regenerate and reinstall the bot. #### Step 5: Review Firewall and Security Controls Ensure: * No outbound HTTPS inspection blocking traffic * SSL inspection devices allow API traffic * Endpoint protection does not block bot process * Required internal ports (SSH, WinRM, LDAP) are accessible for target systems Blocked ports commonly cause scan and deployment failures. #### Step 6: Check Target Connectivity If bot is active but tasks fail: Verify connectivity to: * Target IP addresses * Required ports (443, 8443, 22, 5985, etc.) * Application service endpoints * HSM or KMS endpoints (if configured) Network segmentation or ACL misconfiguration may prevent internal access. #### Step 7: Review Bot Logs Check local logs on the bot host: * Installation log * Agent log * Error log Look for: * Authentication errors * Timeout exceptions * Permission denied messages * Proxy misconfiguration Logs provide detailed diagnostics beyond dashboard indicators. #### Step 8: Restart or Reinstall Bot If persistent issues occur: * Restart bot service * Re-register using valid token * Reinstall using automated or manual installation method For air-gapped environments, ensure offline bundle was correctly deployed. #### When to Escalate Provide: * Bot Name and IP address * Last Bot Update timestamp * Error log excerpts * Network topology details * Proxy or firewall configuration notes This helps isolate network vs configuration issues quickly. #### Best Practices * Monitor bot health daily * Use descriptive naming by environment * Keep bot version updated * Validate connectivity after firewall or proxy changes * Deploy separate bots per network segment where required --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/troubleshooting-and-faqs/agent-connectivity-issues.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.