Please help!!!
For renew i did next command
Get-ACMEExtensionModule | Select-Object -Expand Name
Get-ACMEVault
Complete-ACMEChallenge -IdentifierRef www-example-com -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘example’ }
On this step i get error
Complete-ACMEChallenge : authorization is not in pending state; use Force flag to override this validation
What do i need do?
Yes, I started taking the first steps to changing the certificate
But already at the stage Complete-ACMEChallenge there were errors or I do not do those actions certificate?
When i did
New-ACMECertificate -Generate -IdentifierRef www-example-com -Alias cert-example1-domains
Submit-ACMECertificate -CertificateRef cert-example1-domains
I get
Submit-ACMECertificate : Error creating new cert :: authorizations for these names not found or expired:www.example.com
Looks like your validation got in a weird state.
Try adding -Refresh to your Complete-ACMEChallenge command so AcmeSharp won’t try and use the broken, cached one:
Complete-ACMEChallenge -IdentifierRef www-example-com -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘example’ } -RefreshI found the right sequence of commands
Import-Module ACMESharp
New-ACMEIdentifier -Dns www.example.com -Alias example1
Complete-ACMEChallenge example1 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘www.example.com’ }
Submit-ACMEChallenge -IdentifierRef example1 -ChallengeType http-01
Update-ACMEIdentifier -IdentifierRef example1
New-ACMEIdentifier -Dns example.com -Alias example11
Complete-ACMEChallenge example11 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘example.com’ }
Submit-ACMEChallenge -IdentifierRef example11 -ChallengeType http-01
Update-ACMEIdentifier -IdentifierRef example11
New-ACMECertificate -Generate -IdentifierRef example1 -AlternativeIdentifierRefs @(‘example11’) -Alias cert-example1
Submit-ACMECertificate -CertificateRef cert-example1
Update-ACMECertificate -CertificateRef cert-example1
Get-ACMEInstallerProfile -ListInstallers
Install-ACMECertificate -CertificateRef cert-example1 -Installer iis -InstallerParameters @{
WebSiteRef = ‘example.com’
}
I hope that to someone else will help
thank you all for participating in the discussion
I’m sorry I’d have to take issue with the comment that ‘none of them are very complete’! Certify The Web (https://certifytheweb.com) - which is my own app for Let’s Encrypt certificate on Windows has been stable for over a year and the new v4 beta supports wildcard certs and DNS validation etc.
If you specifically need/want to script your renewal (because you have deep integration into other processes/workflows) then low-level tools like ACMESharp are invaluable. If you just want a cert for your IIS website then I’d suggest re-evaluating the high level tools available now. Even if you want to do custom scripting after your renewal the actual cert request/renewal part can be handled for you.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.