Tried your suggest of using Posh ACME, by upgarding PowerShell to 5,1, which did work, but after following the instructions in PowerShell, the following was the error message received:
"Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to the NuGet provider now?
N] No [S] Suspend [?] Help (default is "Y"): y
nable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.nable to download the list of available providers. Check your internet connection.agement\Install-PackageProvider : No match was found for the specified search criteria for the provhe package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified
gs.
ram Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21
$null = PackageManagement\Install-PackageProvider -Name $script:N ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
goryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [In
vider], Exception
yQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallP
agement\Import-PackageProvider : No match was found for the specified search criteria and provider 'Get-PackageProvider -ListAvailable' to see if the provider exists on the system.ram Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21
$null = PackageManagement\Import-PackageProvider -Name $script:Nu ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
goryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
yQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPa
nable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
nable to download the list of available providers. Check your internet connection.
agement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet.
geProvider -ListAvailable'.
ram Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30
vider = PackageManagement\Get-PackageProvider -Name $script:NuGet ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
goryInfo : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-Pac
xception
yQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets".
Have tried to tidy some of the above text, hope the message makes some sense?!
I know your site is just a hobby but if you want to keep it going you're going to have to upgrade. Unfortunately running your own streaming service is going to be somewhat complex and there is no way to avoid that. I would recommend using an inexpensive linux host on AWS lightsail etc, Windows costs more for hosting. Self hosting costs electricity, bandwidth and is an increasing security risk to your home network.
Trying to use the Install-Module method for getting Posh-ACME on a system that old might be more trouble than it's worth. It's possible, but it requires a decent amount of twiddling to make everything play nice with package hosting sites that enforce modern Internet security settings. So it's probably not worth it unless you're regularly using PowerShell on that system for other stuff.
The instructions for installing the development version are probably easier. You could also just download the most recent release zip file from Github and extract just the Posh-ACME folder from it into Documents\WindowsPowerShell\Modules.
Thanks for that, have duly installed the version of Cerbot you sent via the link, and when trying to activate using Certbot.exe, receive the following error message:
"Python.exe - System Error: The program can't start because api-ms-win-core-path 11-1-0.dll is missing from your computer. Try re-installing the program to fix this problem".
Will try and download the missing file, thanks anyway!
It looks like you just put the URL to the install script as the second command rather than the full command as specified in the instructions and in your previous attempt. This is what the second command should be.
Followed your suggestion, and believe had some success:
PS C:\Users\Nathan> [Net.ServicePointManager]::SecurityProtocol Net.ServicePointMana
SecurityProtocolType]::Tls12
PS C:\Users\Nathan> iex (irm https://raw.githubusercontent.com/rmbolger/Posh-ACME/main/
Setting user execution policy to RemoteSigned
Downloading latest version of Posh-ACME from https://github.com/rmbolger/Posh-ACME/arch
File saved to C:\Users\Nathan\AppData\Local\Temp\Posh-ACME.zip
Uncompressing the Zip file to C:\Users\Nathan\Documents\WindowsPowerShell\Modules
Removing any old copy
Renaming folder
Module has been installed
CommandType Name Version Source
Alias Get-PAAuthorizations 4.16.0 Posh-ACME
Function Complete-PAOrder 4.16.0 Posh-ACME
Function Export-PAAccountKey 4.16.0 Posh-ACME
Function Get-KeyAuthorization 4.16.0 Posh-ACME
Function Get-PAAccount 4.16.0 Posh-ACME
Function Get-PAAuthorization 4.16.0 Posh-ACME
Function Get-PACertificate 4.16.0 Posh-ACME
Function Get-PAOrder 4.16.0 Posh-ACME
Function Get-PAPlugin 4.16.0 Posh-ACME
Function Get-PAPluginArgs 4.16.0 Posh-ACME
Function Get-PAServer 4.16.0 Posh-ACME
Function Install-PACertificate 4.16.0 Posh-ACME
Function Invoke-HttpChallengeListener 4.16.0 Posh-ACME
Function New-PAAccount 4.16.0 Posh-ACME
Function New-PAAuthorization 4.16.0 Posh-ACME
Function New-PACertificate 4.16.0 Posh-ACME
Function New-PAOrder 4.16.0 Posh-ACME
Function Publish-Challenge 4.16.0 Posh-ACME
Function Remove-PAAccount 4.16.0 Posh-ACME
Function Remove-PAOrder 4.16.0 Posh-ACME
Function Remove-PAServer 4.16.0 Posh-ACME
Function Revoke-PAAuthorization 4.16.0 Posh-ACME
Function Revoke-PACertificate 4.16.0 Posh-ACME
Function Save-Challenge 4.16.0 Posh-ACME
Function Send-ChallengeAck 4.16.0 Posh-ACME
Function Set-PAAccount 4.16.0 Posh-ACME
Function Set-PAOrder 4.16.0 Posh-ACME
Function Set-PAServer 4.16.0 Posh-ACME
Function Submit-ChallengeValidation 4.16.0 Posh-ACME
Function Submit-OrderFinalize 4.16.0 Posh-ACME
Function Submit-Renewal 4.16.0 Posh-ACME
Function Unpublish-Challenge 4.16.0 Posh-ACME
That looks like a Certificate has been installed, is this correct, and if so, what is next please?!
Congrats! You have successfully installed the client/module. You don't have a certificate yet. I'd encourage you to consult the tutorial to proceed.
The most important bit will be running Set-PAServer LE_STAGE so you are running the client against the Staging server while you figure out the rest.
You had said you were running Apache as your web server. When you reach the plugins section, the WebRoot plugin will probably be the most appropriate unless you need a wildcard cert in which case you'll need to pick an appropriate DNS plugin based on where your DNS is hosted.
Have run the LE_STAGE command succesfully, but stopped at the D.N.S. part.
This maybe important to know:
There is no D.N.S. Host!
Running these commands, at present, on an experimental back-up server, in case this goes wrong. The D.N.S. is managed by the server, and a piece of software called Technitium.
However, if you think creating the TXT record is appropriate, I shall do so?!
The server will manage two domains, plus another hosted elsewhere, with two audio streams pointing to these Domains.
Apache is the web server, based on the same server, have run the following command, so believe have created the certificate?!
The NS records associated with the domain in your original post are ns14.alternative-nation.co.uk and ns12.unpredictableporridge.co.uk both of which resolve to the same IP address which is generally considered a bad practice. I'm guessing this is your Technitium server?
Assuming that's correct, you should probably turn off the recursive DNS functionality on that server. You're currently running what is known as an "open resolver" which means anyone on the Internet can use you for general Internet DNS queries (similar to using Google's 8.8.8.8). Unless you're an organization like Google, this is a bad idea because your server can be used to perform DDoS attacks on others.
It also appears to be the same IP as your web server?
If you're going to be using an HTTP challenge to get a cert for the name www.unpredictableporridge.co.uk, you'll need to run the commands on whatever server the the DNS records resolve to which is currently the same IP as your DNS server.
The tutorial talks about using a DNS plugin called Route53. WebRoot is the name of an HTTP plugin in the module that you will likely be using instead to publish the challenges to Apache. You'll need to know the folder path that Apache uses as the root of the web server's filesystem. I'm not really an Apache guy and most people run Apache on Linux, so I'm not sure where that path would be on your server.
Posh-ACME doesn't have a plugin that supports your Technitium DNS server. So if you wanted to use DNS based challenges, you'd have to manage the TXT records using the default Manual plugin like in the tutorial and you wouldn't really be able to automate the renewals.
This is obviously, getting more and more complicated - from my point of view!
I do know where the Apache folder is on both servers and intended to use the Web Root plug-in, as you had suggested. Both Domains sit on that I.P. address.
Sounds like you are suggesting I use the default plug-in, and create the TXT record, is that correct?
Just want the easiest solution to this on-going issue, and thank you for your continued assistance.
What say ye?
Climb a smaller mountain?
This one is the epitome of mountains.
Just when you cleared the clouds you see there is another 10K more to climb!
However this Let's Encrypt Community Forum is to assist in getting Domain Validation (DV) certificates issued and solve obsticals in the way.
Learning is great and a plus, but making obsticals just so you can learn does not seem to be (IMHO) exactly inline with the forum's primary objectives.
