Comments (13)
Also I implemented a small fix for the type-conversion (e.g string to state and string to identifier), which might also impact this issue and will be available in the next version somewhen this week.
from acme-ps.
from acme-ps.
I tried explicitly loading the ACME-PS Module (eg Import-Module 'ACME-PS' -Force
). This did not help.
There are 2 other relevant issues:
- Removing the ACME-PS module (eg
Remove-Module 'ACME-PS'
) after it is used does not immediately resolve the issue. - Commenting out all ACME-xxx cmdlets does not immediately resolve the issue.
Steps to reproduce:
- Execute unmodified Runbook script, as per my first comment.
- Edit script and comment out the
$state = New-ACMEState -Path $stateDir
line. - Publish updated script.
- Execute updated script.
Excepted behaviour:
Script throws exception at step 1.
Script does not throw exception at step 4.
Actual behaviour:
Script throws exception at both steps 1 and 4.
Note however that above cannot be always reproduced. Sometimes it is necessary to follow the Steps to reproduce two or more times.
from acme-ps.
My knowledge about Runbooks is very limited, nevertheless I can tell you, that the error occurs during module load of ACME-PS (that's the only location the type xml file is used).
Removing and adding the module again might do harm here, since ACME-PS makes heavy usage of powershell classes, which are - to me knowledge - not completely cleaned up during removal of a module. So if you once loaded the module in your powershell session, you should neither remove it nor import it again with using -force - that both will make an possibly undefined state for the classes.
from acme-ps.
Hi, I was wondering if this issue is still pending because I am going exactly through the same problems...
I have published a runbook in an Azure automation account in which two different parts are being executed:
- First one, it connects to LetsEncrypt and obtains a challenge token and its data content (Got from here).
$state = New-ACMEState -Path $env:TEMP
$serviceName = 'LetsEncrypt'
# Fetch the service directory and save it in the state
Get-ACMEServiceDirectory $state -ServiceName $serviceName -PassThru;
# Get the first anti-replay nonce
New-ACMENonce $state;
# Create an account key. The state will make sure it's stored.
New-ACMEAccountKey $state -PassThru;
# Register the account key with the acme service. The account key will automatically be read from the state
New-ACMEAccount $state -EmailAddresses $EmailAddress -AcceptTOS;
# Load an state object to have service directory and account keys available
$state = Get-ACMEState -Path $env:TEMP;
# It might be neccessary to acquire a new nonce, so we'll just do it for the sake of the example.
New-ACMENonce $state -PassThru;
# Create the identifier for the DNS name
$identifier = New-ACMEIdentifier $domain;
# Create the order object at the ACME service.
$order = New-ACMEOrder $state -Identifiers $identifier;
# Fetch the authorizations for that order
$authZ = Get-ACMEAuthorization -State $state -Order $order;
# Select a challenge to fullfill
$challenge = Get-ACMEChallenge $state $authZ "http-01";
# Inspect the challenge data
$challenge.Data;
- Then, another function tries to write that token file (with that content) in a storage account
try
{
# Create new file
New-Item -ItemType File -Name "$token"
# Insert data into it
Set-Content -Path "$token" -Value "$tokenData" -NoNewline;
# Set blob path
$blobName = ".well-known/acme-challenge/" + "$token"
# Get key to storage account
$acctKey = (Get-AzStorageAccountKey -Name $storageName -ResourceGroupName $STResourceGroupName).Value[0]
# Map to the reports BLOB context
$storageContext = New-AzStorageContext -StorageAccountName $storageName -StorageAccountKey $acctKey
# Copy the file to the storage account
Set-AzStorageBlobContent -File "$token" -Container "public" -BlobType "Block" -Blob $blobName -Context $storageContext -Force -Verbose
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}
}
Later more stuff should be done but that is out of the scope. The thing is:
-
If I execute only the first part (the one that makes usage of ACME-PS) the powershell script ends ok.
-
If I skip the first part and I invoke the write_challenge_token function (uses Az.Storage) (with hardcoded strings for both parameters (simulating that letsencrypt would have return them)), it also works fine.
-
However, if I execute both parts and I try to call the write function passing it the token and tokenData properly obtained from Letsencrypt, then powershell complains about the modules importation:
Token : HHuku4LO6C5QdLd7EPsAnwqgdvA_mLRdIpSBdgdee-M
Filename : HHuku4LO6C5QdLd7EPsAnwqgdvA_mLRdIpSBdgdee-M
RelativeUrl : /.well-known/acme-challenge/HHuku4LO6C5QdLd7EPsAnwqgdvA_mLRdIpSBdgdee-M
AbsoluteUrl : uatapidockers.dev.bestinver.es/.well-known/acme-challenge/HHuku4LO6C5QdLd7EPsAnwqgdvA_mLRdIpSBdgdee-M
Content : HHuku4LO6C5QdLd7EPsAnwqgdvA_mLRdIpSBdgdee-M.LtDDLv4YxLmEHubnL3RMJjT4w4UMTenG-OYoiOX_Ckw
Get-AzStorageAccount : The 'Get-AzStorageAccount' command was found in the module 'Az.Storage', but the module could
not be loaded. For more information, run 'Import-Module Az.Storage'.
At line:86 char:19
+ $storageAccount = Get-AzStorageAccount -ResourceGroupName $STResource ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-AzStorageAccount:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Set-AzureStorageBlobContent : The 'Set-AzureStorageBlobContent' command was found in the module 'Azure.Storage', but
the module could not be loaded. For more information, run 'Import-Module Azure.Storage'.
At line:93 char:1
+ Set-AzureStorageBlobContent -File $fileName -Container "public" -Cont ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Set-AzureStorageBlobContent:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Please, any help would be appreciated.
Thanks in advance,
Best Regards,
Fernando.
from acme-ps.
I really have litte idea about runbooks, but it seems you'll need to check if your modules are loaded (Get-Module) and if not load them.
Reloading a module (e.g. ipmo ACME-PS -force
) will make problems with ACME-PS, if you do it in the same powershell session.
from acme-ps.
I'm also running into this after upgrading from ACMESharp
. I'm running the powershell script from some .NET code, but haven't run into issues like this in the past. How can I help debug?
from acme-ps.
Can you outline how you initialize and use the script from your integrated shell?
How's module loading done? How's the lifetime of the shell instance?
Do you reload the module at any time?
What exactly is the error message?
from acme-ps.
Just a note, I had all sorts of modules issues with my automation account and ACME-PS. I did get it to work by starting fresh with a new automation account, and importing the relevant az. modules. In my script I also manually import modules for use:
Import-Module Az.Accounts
Import-Module Az.Automation
Import-Module Az.Storage
Import-Module ACME-PS
Seems to work okay for me.
from acme-ps.
I actually took a different approach for LE which I got working, so didn't end up figure out what was going on. Sorry I can't be more helpful, but I'll try.
Can you outline how you initialize and use the script from your integrated shell?
It's a .NET 4.6.1 exe running as a Windows service. Loaded like so:
var runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
var pipeline = runspace.CreatePipeline();
pipeline.Commands.Add(new Command("foo/bar.ps1");
pipeline.Invoke();
How's module loading done? How's the lifetime of the shell instance?
I tried a few different ways with installing it for AllUsers
or CurrentUser
ahead of time and as a part of the script. With and without AllowClobber
Do you reload the module at any time?
I think so and it sounds like maybe that's the problem?
What exactly is the error message?
My error message was pretty much the same as above (sry I don't have the exact text)
from acme-ps.
I had a similar case with this issue and now it's resolved .Hope it helps .
Root Cause:
- Import fails for Az.Storage module after ACME-PS module is imported. The reason behind such behavior is the environment in which Automation service runs powershell scripts is not publicly available PowerShell. Automation jobs run in a special secure environment.
Resolution : - To use it in Automaiton runbook, we need import Az.Storage module explicitly . The import statement should be before importing/running cmdlet from ACME-PS module.
Import-Module 'Az.Storage'
"Module Az.Storage is loaded"
...
$state = New-ACMEState -Path $PWD.Path
from acme-ps.
I agree with @GitMaggie and as @glatzert suggested too, this (at least in my case) was a modules importation issue.
After load Az.Storage explicitly, it worked fine.
Thanks to all involved.
from acme-ps.
Since I still do not have such an account, I'll not be able to verify that behaviour.
Nevertheless I added some information to the runbook example (via 2928282).
In the case anyone wants to add something, either use this issue or feel free to provide a PR.
from acme-ps.
Related Issues (20)
- [Improvement] Add state reference to order
- [BUG]? Full chain export seems to be exporting in the wrong order HOT 4
- [BUG] Chain not included for specific instance.. HOT 1
- [Improvement] Exporting x509 certs/keys as PEM HOT 4
- Exception calling "GetResult" with "0" argument(s): "An error occurred while sending the request." HOT 6
- Certificate not working on older Android after 29.9.2021 HOT 2
- New-AcmePSKey invalid ValidateSet for RSAKeySize HOT 1
- DNS-01 HOT 10
- New Order / Old Account HOT 5
- Are SHA-1 self signatures being used to issue CSRs? HOT 1
- HTTP-01 Challenge File Not Getting Created HOT 3
- Authorizations does not seem to be parsing correctly HOT 12
- [BUG] The certificate chain seems to be out of order in 1.5.2. Versions 1.5.3-beta, and 1.5.4 Fails to run. HOT 4
- [BUG] Some of the *ToExport keys are missing from the module manifest HOT 2
- [BUG] v1.5.6 Export-Certificate "value cannot be null" HOT 10
- Cannot export non-exportable private key HOT 1
- [BUG] When using New-ACMEAccount with previous AccountKey it errors with Get-Account HOT 1
- [BUG] The exported PFX certificate doesn't have the full Let's Encrypt chain HOT 4
- Issue Export-ACMECertificate HOT 2
- Certificate Generation/Validation is failing From June 2024 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-ps.