2019/12/13 11:30:14 [ ZeroSSL Crypt::LE client v0.34 started. ]
2019/12/13 11:30:14 Loading an account key from private.key
2019/12/13 11:30:14 Loading a CSR from sslcert.csr
2019/12/13 11:30:16 Registering the account key
2019/12/13 11:30:17 The key is already registered. ID: 11791325
2019/12/13 11:30:17 Failed to receive the challenge. Method not allowed
What do I need to do to obtain the info needed to put in the DNS?
I’m going around in circles. This shouldn’t be that hard. It’s not my first rodeo.
I’m getting this error again:
2019/12/13 13:09:47 [ ZeroSSL Crypt::LE client v0.34 started. ]
2019/12/13 13:09:47 Loading an account key from private.key
2019/12/13 13:09:47 Loading a CSR from sslcert.csr
2019/12/13 13:09:49 Registering the account key
2019/12/13 13:09:50 The key is already registered. ID: 11791325
2019/12/13 13:09:50 Failed to receive the challenge. Method not allowed
That is with the latest LE64 client. Is there some other windows based client I should be using? I’m running version 0.34 which is the latest.
As the author, I'm partial to Posh-ACME. It's PowerShell based and particularly good for DNS challenges with plugins supporting a wide variety of DNS providers. However, it only takes care of getting the cert. To deploy it to IIS automatically, you'll need some additional code or a companion module like Posh-ACME.Deploy (currently alpha).
Here's a link to the tutorial if you're interested. But at the most basic level with manual TXT record creation, here's the command you'd use.
I’m going to start working with Posh-ACME to see if I can get it working. I want to get it to work with the SimpleDNS plug-in, too. If you’re around this afternoon and evening I may post some questions here if I get stuck. I’m just reading the tutorial now!
Posh-Acme smokes LE64. It is super slick! I haven’t created the final certificate yet but I had it create a test certificate and automatically update my DNS server with the challenge/response TXT record.
Been there - it is indeed super ultra slick.
But that is a very big candy stick in a very sweet candy store and not suitable for every palette.
[there is no one-size-fits-all on that menu]
So, again, I would still like to see why LE64 failed to meet your needs.
[not to stop you from using anything else - especially not Posh-ACME - I promote it every chance I get]
Like right now:
Posh-ACME 2020! Vote Posh-ACME 2020!
"Let’s make America encrypted again."
"We're all encrypting together."
The error you are observing is related to the breaking change in STAGING environment only. Using --live option will work just fine.The source code has been updated about a week ago, the new binaries for the v0.35 will be updated today. See:
Please note that the Crypt-LE was never intended to be “super slick” - it is there to do the job while being portable and self-sufficient and run as a command-line tool which you can wrap into whatever process you want (including some GUI on top if anyone is keen to build it). So you have your options indeed. Perhaps someone might even advertise le64 in the same manner as above one day, without hijacking the original thread though
2019/12/13 12:00:34 Could not load a CSR: The list of provided domains does not match the one on the CSR.
When you run LE64, and the list of domains is provided on the command line and also a CSR file already exists, one of the checks done is to make sure that you are issuing certificates for what you actually intend to issue them for. So the list of domains is extracted from CSR and compared against the list provided on the command line. If there is a mismatch, you will see an error as shown above. If you are sure that the list of domains on the command line is right, just delete your current CSR and re-generate it (either by yourself or by letting the client to do so with -generate-missing). If you believe it is the CSR list that is correct, you can just remove the domains list from the command line.