Mdaemon and let's encrypt

i try renew my certificate on mdaemon server 21, ehen y try run the script says:

Starting Script run at 01/02/2022 17:53:11.

Checking HKLM:\SOFTWARE\Alt-N Technologies\MDaemon
Checking HKLM:\SOFTWARE\Alt-N Technologies\MDaemon
Checking HKLM:\SOFTWARE\Alt-N Technologies\WebAdmin
Checking HKLM:\SOFTWARE\Alt-N Technologies\WebAdmin
Removing the log from C:\MDaemon\Logs\LetsEncrypt.log
Starting Script run at 01/02/2022 17:53:11.
Get the MDaemon paths.
The MDaemon.ini Path is C:\MDaemon\App\MDaemon.ini.
The MDaemon APP Path is C:\MDaemon\App.
The MDaemon Pem path is C:\MDaemon\PEM.
The MDaemon Log path is C:\MDaemon\Logs.
The MDaemon RAW path is C:\MDaemon\Queues\Raw.
The WorldClient Path is C:\MDaemon\WorldClient.
The WorldClient HTML Path is C:\MDaemon\WorldClient\HTML.
The well-known path is C:\MDaemon\WorldClient\HTML.well-known.
The Acme-Challenge path is C:\MDaemon\WorldClient\HTML.well-known\Acme-challenge.
The State Path is C:\MDaemon\PEM_LEState.
The FQDN is set to server.arquitcom.vc.co.cu.
The email address is set to postmaster@server.arquitcom.vc.co.cu.
Setting the system to use the LetsEncrypt Live Service.
The certificate thumbrpint in the MDaemon.ini file is 079B ADA6 8DBF 2D00 5807 EAA0 63F7 5F66 0D03 BA45.
Looking for the local certificate.
I found a certifcate from LetsEncrypt.
The certificate is going to expire in the next 30 days, requesting a new certificate.
Importing the ACMESharp module.
Getting an updated state.
The account is setup and the status is valid.
Getting another updated state, just in case.
Getting an updated state.
Getting service directory.
Invoke-WebRequest : No es posible conectar con el servidor remoto (Unable to connect to remote server)
En C:\MDaemon\LetsEncrypt\Modules\ACME-PS\1.1.2\ACME-PS.psm1: 2658 Carácter: 24

  • ... $response = Invoke-WebRequest $serviceDirectoryUrl -UseBasicParsing;
  •              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
      eption
    • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

on mdaemon logs nothing... any help?

Could be a couple of things:

  1. Can you open https://acme-v02.api.letsencrypt.org/directory on this Windows server, in a browser?
  2. Maybe MDaemon is outdated and is trying to connect to https://acme-v01.api.letsencrypt.org/directory, which is decomissioned. But you'd have to ask the software vendor about this.
2 Likes

mdaemon is up to date, and can ping or open the url and the powershell script point to:

begin {
$KnownEndpoints = @{
"LetsEncrypt-Staging"="https://acme-staging-v02.api.letsencrypt.org";
"LetsEncrypt"="https://acme-v02.api.letsencrypt.org"
}
}

process {
    $ErrorActionPreference = 'Stop';

    if($PSCmdlet.ParameterSetName -in @("FromName", "FormUrl")) {
        if($PSCmdlet.ParameterSetName -eq "FromName") {
            $acmeBaseUrl = $KnownEndpoints[$ServiceName];
            if($null -eq $acmeBaseUrl) {
                $knownNames = $KnownEndpoints.Keys -join ", "
                Write-Error "The ACME-Service-Name $ServiceName is not known. Known names are $knownNames.";
                return;
            }

            $serviceDirectoryUrl = "$acmeBaseUrl/directory"
        } elseif ($PSCmdlet.ParameterSetName -eq "FromUrl") {
            $serviceDirectoryUrl = $DirectoryUrl
        }

        $response = Invoke-WebRequest $serviceDirectoryUrl -UseBasicParsing;

Looks like a bug in the script. See FormUrl at the top but FromUrl at the bottom (not same spelling). Might not be setting the correct value for $serviceDirectoryUrl.

Could add a write-host or other debug output just before the invoke-webrequest to make sure it is trying the correct url.

Note: You might want to look at a more popular and easier to use client like Certify The Web.. Or, perhaps posh-acme or another from this list.

3 Likes

You could perhaps update the version of ACME-PS (GitHub - PKISharp/ACME-PS: PowerShell module supporting ACME v2 certificate management) but also make sure your script will use TLS 1.2, especially if this is an older OS:

# default to TLS 1.2
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.