My domain is: khaneducation.net
I had previously created the SSL certificate for the above domain, due to some issue I lost the VM where the certificate(PFX) was stored and installed for my ADFS environment. Now I am unable to create a new certificate.
Kindly someone guide/help me how to get a new certificate completely here for this domain please.
Appreciate your help.
Thanks and Regards,
MJ
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Hi.
Please see the below answers.
My domain is: khaneducation.net
I ran this command: No commands, but used the win-acme.v2.2.6.1571.x64.trimmed (wacs.exe) to generate the PFX file for the above domain and was using with my ADFS environment.
It produced this output: Using the above wacs.exe file.
My web server is (include version): N/A (No webserver)
The operating system my web server runs on is (include version): 2022 OS but no webserver, just ADFS server
My hosting provider, if applicable, is: google.com
I can login to a root shell on my machine (yes or no, or I don't know): No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): n/a
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): n/a
Earlier you stated "Now I am unable to create a new certificate". Why not? What was the error message (i.e.: output) of something (what?) you did to create a new certificate?
Now I am getting the below error while creating a new certificate.
I have verified the record in my DNS as well.
Hi @Osiris,
Any idea here, because I know the record has been added but still I am getting this error.
You forgot a dot in your DNS record. Let's Debug
_acme-challenge.adfs.khaneducation.net.
Or
_acme-challenge.adfs
Not
_acme-challenge.adfs.khaneducation.net
For the unimaginative:
_acme-challenge.adfs.khaneducation.net.khaneducation.net text =
"m40FywTa0kcxpphrlWFGqQz5puIgyfHjsrZCvqxSDpM"
If I am changing the verification method from dns to from memory.
Then it throws me the below error.
In that case you should leave the khaneducation.net part out and only use the subdomain.
You have to choose if you want to use dns-01 or http-01.
Using both is... confusing, for everyone.
In that case, this is how you create that entry properly:
It will create the entry in that zone [appending the zone to it].
If you want to use HTTP validation ("from memory") you need to open port TCP 80 so traffic can get to the temporary http server that's built in to win-acme. Overall though this is usually the easiest option.
If you want to still use DNS validation I would suggest using an automated method rather than Manual DNS. Certify The Web or Posh-ACME both have Google Domains DNS automation providers (note there is a difference between Google Domains and Google Cloud DNS). Using Manual DNS would mean you need to manually update DNS records every time you renew and that's obviously error-prone.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
