Hi,
I have
I have some domains on dynu. some examples
test1.longrangevpn.com
test2.longrangevpn.com
follestad.longrangevpn.com
problems are that some of the domains the script works perfectly normal and i get the certificate approved but others domains will not work … and i get this error
Authorization invalid for brevikas.longrangevpn.com: No TXT record found at _acme-challenge.brevikas.longrangev
pn.com
At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.12.0\Private\Wait-AuthValidation.ps1:34 char:17
- … throw “Authorization invalid for $($auth.fqdn): $message” …
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : OperationStopped: (Authorization i…ongrangevpn.com:String) , RuntimeExceptio
n - FullyQualifiedErrorId : Authorization invalid for brevikas.longrangevpn.com: No TXT record found at _acm
e-challenge.brevikas.longrangevpn.com
- CategoryInfo : OperationStopped: (Authorization i…ongrangevpn.com:String) , RuntimeExceptio
on the same computer and the same scrip then test1.longrangevpn.com works but not brevikas.longrangevpn.com
SCRIPT:
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] “Administrator”)) {
Write-Output “This script must be run as Administrator”
$answer = Read-Host “Press (Y)es to run as Administrator or any other key to quit”
if ($answer -like ‘Y’) {
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File "$PSCommandPath
“” -Verb RunAs
}
exit
}
function ConvertFrom-SecureString {
Param([SecureString]$secureString)
(New-Object pscredential (‘none’, $secureString)).GetNetworkCredential().Password
}
try {
Write-Output "Setting Execution Policy to RemoteSigned for the current process"
Set-ExecutionPolicy RemoteSigned -Scope Process
Write-Output "Installing Posh-ACME and Posh-XProtectMobile"
Write-Output "To continue, we will need to set PSGallery as a trusted repository."
if ((Read-Host "Continue? (Y)es, or (N)o?") -notlike "Y") {
exit
}
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted -Verbose
Install-Module Posh-ACME -Repository PSGallery -Verbose
Install-Module Posh-XProtectMobile -Repository PSGallery -Verbose
$domain = Read-Host "Domain Name"
$contact = "info@longrange.no"
$dynuClientId = REDACTED
$dynuSecret = REDACTED
$DynuParams = @{
DynuClientID = $dynuClientId
DynuSecret = $dynuSecret
}
Set-PAServer LE_STAGE
New-PACertificate -force $domain -AcceptTOS -Contact $contact -DnsPlugin Dynu -PluginArgs $DynuParams -Install -ErrorAction SilentlyContinue
$stagingCert = Get-PACertificate
Get-ChildItem Cert:\LocalMachine\My | Where-Object Thumbprint -eq $stagingCert.Thumbprint | Remove-Item
Set-PAServer LE_PROD
New-PACertificate -force $domain -AcceptTOS -Contact $contact -DnsPlugin Dynu -PluginArgs $DynuParams -Install -ErrorAction Stop -Verbose
$DynuParams = $null
Get-PACertificate | Set-MobileServerCertificate -ErrorAction Stop -Verbose
# Creates C:\scripts\renew-certificate.ps1
Write-Output "Setting up automatic certificate renewal script in C:\scripts\"
if (!(Test-Path C:\scripts)) {
New-Item C:\scripts -ItemType Directory
}
$scriptBlock = {
function WriteLog {
Param ([string]$message)
Add-Content -Path C:\scripts\log.txt -Value "$(Get-Date) - $message"
}
try {
$thumbprint = (Get-PACertificate).Thumbprint
$cert = Submit-Renewal -WarningAction Stop -ErrorAction Stop
$cert | Set-MobileServerCertificate
WriteLog "New certificate installed with thumbprint $($cert.Thumbprint)"
WriteLog "Removing old certificate with thumbprint $thumbprint"
Get-ChildItem Cert:\LocalMachine\My |
Where-Object Thumbprint -eq $thumbprint |
Remove-Item
} catch {
WriteLog $_.Exception.Message
throw
}
}
Set-Content -Path C:\scripts\renew-certificate.ps1 -Value $scriptBlock
# Create daily scheduled task to call the renewal script
Write-Output "Registering a new scheduled task to run the renewal script daily"
$taskName = 'Posh-ACME Certificate Renewal'
$action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-NoProfile -File "C:\scripts\renew-certificate.ps1"'
$trigger = New-ScheduledTaskTrigger -Daily -At 2am
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
$credential = Get-Credential -Message "Enter your password to setup the Scheduled Task" -UserName ([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)
$taskParams = @{
Action = $action
Trigger = $trigger
TaskName = $taskName
RunLevel = "Highest"
User = $credential.UserName
Password = ConvertFrom-SecureString $credential.Password
}
Register-ScheduledTask @taskParams
$taskParams = $null
# Edits Windows hosts file so that on the local machine, the $domain address always routes to the local machine
Write-Output "Adding $domain to the local hosts file"
$params = @{
Path = "$($env:SystemRoot)\System32\drivers\etc\hosts"
Value = "`r`n127.0.0.1 $domain"
}
Add-Content @params
# Launch the default web browser to the mobile server's HTTPS page
$mobileServer = Get-MobileServerInfo
$url = "https://$($domain):$($mobileServer.HttpsPort)"
Write-Output "Finished! Opening a web browser to $url"
Start-Process $url
} catch {
throw
}