I am not certain if the domain will help here, but it's falcosult.com.
We have a Remote Desktop Gateway server that we use Let's Encrypt certificates on. To renew them, we use the Posh-ACME PowerShell module. I have run this command multiple times in the past without any issue, and Friday it complained for the first time and I have spent the last couple of days trying to ferret out the issue, with no success.
When we renew the cert, we run the following commands:
At first I thought something might have updated on PowerShell that had updated and no longer liked the Posh-ACME module, but PowerShell has not updated since we last ran the certificate renewal using this method. I even went and installed the Posh-ACME module on a completely different machine and it threw the same error on the newer version of the module.
I have to say, I am at a loss, and this certificate expires tomorrow morning at 8am. Any help steering me in the right direction would be greatly appreciated.
No complaint at all. Nothings barks until that foreach command is run. And then I assumed it's complaint had to do with the cert statement, but I have NO idea.
Sigh. I can't tell. When I run the Get-PACertificate command, it does not return anything.
However, when I run Get-PAOrder it shows there is a pending order. No date, so I have NO idea when this is from, or if it's even related to the issue I am having.
The order being pending implies the previous renewal failed at some point between when the new order was created and whatever plugin you’re using for challenge validation was run.
Seeing the logs for the renewal command if you have them would help. Alternatively, you could re-run the renewal command with -verbose and it should pick up the existing pending order and try again while giving some log output. Knowing what plugin you’re using would probably also help. A few providers have had updates relatively recently.
I see the prior cert was a wildcard so must be using the DNS Challenge. And, looks like their DNS provider is GoDaddy. If so, they are probably also suffering from a recent GoDaddy
change that removed API access for many users
Definitely plausible. The timeline makes sense too as their last successful renewal was only a few days before the GoDaddy change started getting reported.
Thanks for the follow up everyone. Your efforts are appreciated. It did turn out to be that very issue with GoDaddy.
Due to time constraints, we went ahead and just purchased a cert for the year to get the client going. We're going to move our customers domains and DNS out of GoDaddy and when this new cert expires it will be back to Let's Encrypt and Posh-ACME!
