Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:easyfx.eu
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
Hi,
i have automation running on azure the first request is from certbot that includes alternative names
but when acme-challenge run in renews without the alternative names.
attached the renewal acme process
Create a state object and save it to the harddrive
$state = New-ACMEState -Path $env:TEMP
$serviceName = ‘LetsEncrypt’
Fetch the service directory and save it in the state
Get-ACMEServiceDirectory $state -ServiceName $serviceName -PassThru;
Get the first anti-replay nonce
New-ACMENonce $state;
Create an account key. The state will make sure it’s stored.
New-ACMEAccountKey $state -PassThru;
Register the account key with the acme service. The account key will automatically be read from the state
New-ACMEAccount $state -EmailAddresses $EmailAddress -AcceptTOS;
Load an state object to have service directory and account keys available
$state = Get-ACMEState -Path $env:TEMP;
It might be neccessary to acquire a new nonce, so we’ll just do it for the sake of the example.
New-ACMENonce $state -PassThru;
Create the identifier for the DNS name
$identifier = New-ACMEIdentifier $domain;
Create the order object at the ACME service.
$order = New-ACMEOrder $state -Identifiers $identifier;
Fetch the authorizations for that order
$authZ = Get-ACMEAuthorization -State $state -Order $order;
Select a challenge to fullfill
$challenge = Get-ACMEChallenge $state $authZ “http-01”;
Inspect the challenge data
$challenge.Data;
Create the file requested by the challenge
$fileName = $env:TMP + ‘’ + $challenge.Token;
Set-Content -Path $fileName -Value $challenge.Data.Content -NoNewline;
$blobName = “.well-known/acme-challenge/” + $challenge.Token
$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName $STResourceGroupName -Name $storageName
$ctx = $storageAccount.Context
Set-AzureStorageBlobContent -File $fileName -Container “public” -Context $ctx -Blob $blobName
Signal the ACME server that the challenge is ready
$challenge | Complete-ACMEChallenge $state;
Wait a little bit and update the order, until we see the states
while($order.Status -notin (“ready”,“invalid”)) {
Start-Sleep -Seconds 10;
$order | Update-ACMEOrder $state -PassThru;
}
We should have a valid order now and should be able to complete it
Therefore we need a certificate key
$certKey = New-ACMECertificateKey -Path “$env:TEMP$domain.key.xml”;
Complete the order - this will issue a certificate singing request
Complete-ACMEOrder $state -Order $order -CertificateKey $certKey;
Now we wait until the ACME service provides the certificate url
while(-not $order.CertificateUrl) {
Start-Sleep -Seconds 15
$order | Update-Order $state -PassThru
}
As soon as the url shows up we can create the PFX
$password = ConvertTo-SecureString -String “12345678” -Force -AsPlainText
Export-ACMECertificate $state -Order $order -CertificateKey $certKey -Path “$env:TEMP$domain.pfx” -Password $password;
$tmpPfx = Get-PfxData -FilePath “$env:TEMP$domain.pfx” -Password $password
Export-PfxCertificate -PFXData $tmpPfx -FilePath “$env:TEMP\fullchain.pfx” -Password $password -ChainOption BuildChain
Delete blob to check DNS
Remove-AzureStorageBlob -Container “public” -Context $ctx -Blob $blobName
RENEW APPLICATION GATEWAY CERTIFICATE
$appgw = Get-AzureRmApplicationGateway -ResourceGroupName $AGResourceGroupName -Name $AGName
Set-AzApplicationGatewaySSLCertificate -Name $AGOldCertName -ApplicationGateway $appgw -CertificateFile “$env:TEMP\fullchain.pfx” -Password $password
Set-AzapplicationGateway -ApplicationGateway $appgw
Thanks