Comments (10)
Solved via #79 and published with 1.1.8
from acme-ps.
The problem here is the following probably:
The URLs returned aren't to be called with GET anymore but POST-as-GET, since LE wants all requests to be authorized.
The module itself uses Invoke-SignedWebRequest
(or Invoke-AcmeSignedWebRequest
) for that, which is an internal function.
That function could probably be public, so you could use it to query the exact error.
[X] Make Invoke-SignedWebRequest
public
from acme-ps.
Solved in the next version (will drop next week)
from acme-ps.
Hi Thomas,
I'm using v1.1.7 code version now, and can execute "Invoke-AcmeSignedWebRequest" to get the status of an order.
In my script, it seems to fail the challenge about 50% of the time but other times works fine (in Staging).
I've included in the script the WebRequest above for the Order RequestUri to see the status. I'm not seeing anything to help me figure out how or why it would fail. Can you guide me?
An example would be an invalid order as per below:
RequestUri : https://acme-staging-v02.api.letsencrypt.org/acme/order/13231395/86448230
StatusCode : 200
NextNonce : 00024KG_hCKr1eKQ9XxCHIiRs814csCVlYG2diO0VgXbcW8
Headers : {Link, Server, Date, Strict-Transport-Security...}
Content : @{status=invalid; expires=2020-04-28T01:33:24Z; identifiers=System.Object[];
authorizations=System.Object[];
finalize=https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13231395/86448230}
IsError : False
ErrorMessage :
Any more ideas on how to debug the intermittent failure?
Thanks heaps!
from acme-ps.
You might want to try $response.Content to get more information. The Object should not be a string and it says "identifiers" and "authorizations"=System.Object[], which might be an "render-artifact" (currently you are seeing the default output for custom-classes in powershell, with no formatting).
Also you probably could use the autzorizations requestURI to get an more precise error message.
from acme-ps.
I'm having the exact same issue, and I have tried literally everything...
from acme-ps.
Wow, very embarrassing, im using Azure DNS, and the txt record name I add was malfunctioned / wrong.
I have fixed that now. So all is working....
from acme-ps.
It's always DNS ;)
Joke aside - what could the module do, to help you find the error message faster? (If you had a magic wand)
from acme-ps.
It's always DNS ;)
Joke aside - what could the module do, to help you find the error message faster? (If you had a magic wand)
I have tried to debug this a bit, but I'm really not an expert or experienced with the protocol. Here's some more information. My cert request is for multiple sub-domains under the one parent domain. Not wildcard, just multiple dns entries. In my script it loops through each domain and tries to complete the challenge request for each domain. I noticed in a recent test that 2 of the 10 domains failed the challenge, but the others succeeded.
So why did 2 fail and the others succeed? They use the same process each time. So is there perhaps a race condition going on? I don't know. I'd like a way to easily see why two domains failed the challenge though. I will have to do more testing to see if I can get you more information as I know I'm not helping a lot. I just thought I'd mention it here.
Is there a way to implement a "reason_for_invalid_challenge()" type function which goes through each challenge response and looks for failure reasons?
from acme-ps.
IIRC the protocol will do something to the order in the case it's invalid, which allows to see the failing reasons - I'll take a look and see what can be done to improve the debugging experience.
from acme-ps.
Related Issues (20)
- [Improvement] Add state reference to order
- [BUG]? Full chain export seems to be exporting in the wrong order HOT 4
- [BUG] Chain not included for specific instance.. HOT 1
- [Improvement] Exporting x509 certs/keys as PEM HOT 4
- Exception calling "GetResult" with "0" argument(s): "An error occurred while sending the request." HOT 6
- Certificate not working on older Android after 29.9.2021 HOT 2
- New-AcmePSKey invalid ValidateSet for RSAKeySize HOT 1
- DNS-01 HOT 10
- New Order / Old Account HOT 5
- Are SHA-1 self signatures being used to issue CSRs? HOT 1
- HTTP-01 Challenge File Not Getting Created HOT 3
- Authorizations does not seem to be parsing correctly HOT 12
- [BUG] The certificate chain seems to be out of order in 1.5.2. Versions 1.5.3-beta, and 1.5.4 Fails to run. HOT 4
- [BUG] Some of the *ToExport keys are missing from the module manifest HOT 2
- [BUG] v1.5.6 Export-Certificate "value cannot be null" HOT 10
- Cannot export non-exportable private key HOT 1
- [BUG] When using New-ACMEAccount with previous AccountKey it errors with Get-Account HOT 1
- [BUG] The exported PFX certificate doesn't have the full Let's Encrypt chain HOT 4
- Issue Export-ACMECertificate HOT 2
- Certificate Generation/Validation is failing From June 2024 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-ps.