Certify SSL Manager - Dynu PoshACME failure

My domain is:bradsvpn.dynu.net

I ran this command: I ran the "Test" option in the Certificate Management application (5.2.1.0) on Windows Server 2012 r2.

It produced this output:

Powershell/PoshACME DNS :: Error: Script invoke failed: System.Management.Automation.CmdletInvocationException: The underlying connection was closed: A connection that was expected to be kept alive was closed by the server. ---> System.Net.WebException: The underlying connection was closed: A connection that was expected to be kept alive was closed by the server.
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.PowerShell.EndInvoke(IAsyncResult asyncResult)
at Certify.Management.PowerShellManager.InvokePowershell(CertificateRequestResult result, String executionPolicy, String scriptFile, Dictionary`2 parameters, String scriptContent, PowerShell shell, Boolean autoConvertBoolean) in C:\Work\GIT\certify_dev\certify\src\Certify.Shared.Compat\PowerShellManager.cs:line 254

My web server is (include version): IIS 8

The operating system my web server runs on is (include version): Windows Server 2012 r2

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

I think the Posh ACME script doesn't work with Dynu. I've entered my API secret and client ID for the domain, but still no luck. Anyone else have this issue?

1 Like

The Posh-ACME Dynu script definitely works within the context of the module. I just tested it. This may be an issue specifically with CTW calling the script or a .NET config issue on the OS. We should ask @webprofusion for clarity.

2 Likes

Thanks for confirming it should work. I went ahead and installed .net 4.8, after I rebooted the test seemed to work the first attempt. I ran it again about 30 seconds later and it failed with the same error (api limit?). I will await webprofusions opinion.

Edit: Namecheap API authorization works just fine on the same machine.

1 Like

Hi, check you don't have any firewall rules for outgoing https, if you try to limit communication to dynu you'll probably fail to connect eventually because their API will be jumping around different IP addresses.

1 Like

Hello! Thanks for the reply. All outbound HTTPS is allowed....unless my ISP is blocking something I am unaware of.

1 Like

Can you try the following from your server in a powershell command prompt:

Invoke-WebRequest -Uri  https://api.dynu.com/v2/ping?message=testing123

You should get something like this back:


StatusCode        : 200
StatusDescription : OK
Content           : {"statusCode":200,"message":"testing123"}
RawContent        : HTTP/1.1 200 OK
                    Pragma: no-cache
                    Content-Length: 41
                    Cache-Control: no-store
                    Content-Type: application/json; charset=UTF-8
                    Date: Wed, 17 Feb 2021 3:33:52 GMT
                    Server: Dynu Web Server
                    X-Powered-By...
Forms             : {}
Headers           : {[Pragma, no-cache], [Content-Length, 41], [Cache-Control, no-store], [Content-Type,
                    application/json; charset=UTF-8]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 41

Btw you need PowerShell 5.1 or higher for any powershell in Certify and general support questions like this should definitely be posted to https://community.certifytheweb.com (in the future) because I may not always see your question here.

1 Like

I can confirm that Dynu via Posh-ACME is working. I did notice an issue if the server takes too long to respond but it's different from the problem you're seeing. :

Using FiddlerEverywhere I can watch the http API requests completing OK.

Also double check your Dynu credentials are correct in Certify, I don't know what response you'd get from Dynu if they were wrong (I'd expect a 403 but who knows!).

1 Like

Hey here is the output, looks like the web request is good. I wasn't sure where to post, but thanks for the heads up!

PS C:\Users\Administrator> Invoke-WebRequest -Uri Invoke-WebRequest -Uri https://api.dynu.com/v2/ping?message=testing123

StatusCode : 200
StatusDescription : OK
Content : {"statusCode":200,"message":"testing123"}
RawContent : HTTP/1.1 200 OK
Pragma: no-cache
Content-Length: 41
Cache-Control: no-store
Content-Type: application/json; charset=UTF-8
Date: Wed, 17 Feb 2021 3:42:55 GMT
Server: Dynu Web Server
X-Powered-By...
Forms : {}
Headers : {[Pragma, no-cache], [Content-Length, 41], [Cache-Control, no-store], [Content-Type,
application/json; charset=UTF-8]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 41

PS C:\Users\Administrator> $PSVersionTable

Name Value


PSVersion 5.1.14409.1018
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14409.1018
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

1 Like

Cool, I'd just double check your API credentials in Certify.

1 Like

Check you don't have any special firewall rules specific to Certify (CertifySSLManager.Service.exe) that allow/disallow certain communication, it's unlikely as I'm sure you'd remember putting that sort of thing in place. Check also that you're not going through a proxy for outgoing https, Certify doesn't support that (although in this case it's powershell that's doing the work).

1 Like

I put in dummy creds and I got a 401 Unauthorized error instead of the server closing the connection. I am thinking it might be something with my account and Dynu's API. I am using the free tier.

Powershell/PoshACME DNS :: Error: Script invoke failed: System.Management.Automation.CmdletInvocationException: {"statusCode":401,"type":"Authentication Exception","message":"Failed."} ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.PowerShell.EndInvoke(IAsyncResult asyncResult)
at Certify.Management.PowerShellManager.InvokePowershell(CertificateRequestResult result, String executionPolicy, String scriptFile, Dictionary`2 parameters, String scriptContent, PowerShell shell, Boolean autoConvertBoolean) in C:\Work\GIT\certify_dev\certify\src\Certify.Shared.Compat\PowerShellManager.cs:line 254

1 Like

I'm using the free tier as well and it's working OK. I'd just replace your credentials and try again (you perhaps want to generate new credentials in the Dynu control panel first).

Alternatively install the certify app on your desktop machine and try it from there just to prove your credentials work, you should be able to validate via Dynu and get a cert (even though you're not using the cert on that machine).

1 Like

It worked just fine on another machine as you expected. I upgraded to Server 2019 and installed .NET framework 4.8 (Microsoft .NET Framework 4.8 offline installer for Windows) and it resolved the issue. I think my .net installation wasn't quite right. Thank you so much for the assistance @webprofusion!

2 Likes

Great! It's a shame we couldn't figure out the root cause but upgrading to 2019 was a good move anyway :slight_smile:

1 Like

Indeed. Windows Server 2016 goes out of mainstream support in less than a year

queue the myriad of people still posting about issues with 2008 R2

2 Likes