Avi Virtual Service Health Score Reports '0' Due to Incorrect SSL Certificate Expiration Status
search cancel

Avi Virtual Service Health Score Reports '0' Due to Incorrect SSL Certificate Expiration Status

book

Article ID: 424215

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

Users may observe that the Virtual Service health score drops to 0, with the system reporting the SSL certificate as expired.

This occurs even when the certificate has been successfully renewed and is currently valid on the Avi Load Balancer.

Environment

Affected Avi versions:

  • 30.2.1 to 30.2.6
  • 31.2.1

Cause

This issue arises when the SSLKeyAndCertificate object is updated via the /renew API endpoint. While the certificate is renewed, the update is not correctly propagated to the internal Datastore.

Since the Datastore acts as the source of truth for the Virtual Service health score calculations, the UI continues to rely on the outdated certificate information, resulting in a reported health score of 0.

Resolution

The Bug ID for this issue is AV-259226.

Workaround:

To resolve the reporting discrepancy immediately, perform a "dummy update" (a no-operation PUT call) on the affected SSL object. This forces the Datastore to synchronize with the current certificate status.

  • Log in to the Controller CLI.
  • Execute the following commands for the affected certificate object: 
    • > configure sslkeyandcertificate <SSL_obj_name>
> save

Permanent Fix

A permanent resolution for this issue is included in the following Avi releases:

  • 30.2.7
  • 31.2.2
Powered by Wolken Software