Windows Offline TXT records (Posh-ACME)


I am trying to create a offline Certificate for a internal Server with the Posh-ACME Windows Plugin. I created the requiered TXT Records in my DNS Server, but I always run into issues..

    check that a DNS record exists for this domain
At C:\Program 
Files\WindowsPowerShell\Modules\Posh-ACME\3.16.0\Private\Wait-AuthValidation.ps1:34 char:17
+ ...             throw "Authorization invalid for $($auth.fqdn): $message" ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Authorization i...for this domain:String) 
    [], RuntimeException
    + FullyQualifiedErrorId : Authorization invalid for

Command that I used:

#New-CimSession -ComputerName DNS-Server -Credential (Get-Credential)
New-PACertificate -Domain Domain Name  -DnsPlugin Windows -PluginArgs @{WinServer='DNS Server'}
1 Like

Hi @snybot

your domain name is required to check that.


Hi Juergen,

my Domain is local Domain and not offical registered. I think that is the Problem right?


Then you can't create a public trusted certificate.

A worldwide unique domain name is required.


Yes you can't use a local machine name for certs from Let's Encrypt however you can run your own certificate authority using something like SmallStep (which also has an acme ca api), so then you can use the same acme tools.

Alternatively use something like certutil to create a self signed certificate and use that, it won't be trusted by anything (that requires the root certificate for the issuing CA to be in the computers certificate store as a Trusted Root).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.