search

PKISharp / ACME-PS

PowerShell module supporting ACME v2 certificate management
MIT License
104 stars 31 forks source link

HTTP-01 Challenge File Not Getting Created #132

Open OrthoticsDirectEric opened 2 years ago

OrthoticsDirectEric commented 2 years ago

Please provide some information about your script:

I am expecting that the challenge file ( http:///.well-known/acme-challenge/ ) is to be created by the scripts. I do not see the file get created, so manually created on my own. I am able to browse to the file from outside my network, but because I manually built it, I assume it does not contain the right data. e.g.: http://webtest.atlasorthoticlab.com/.well-known/acme-challenge/ZYt9woXBfjV5GbKV7d4NANe5Th-uQNn-YV8cucUdmMU

The challenge fails with this message:

Type : http-01 Url : https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3583283233/M1VTUg Token : ZYt9woXBfjV5GbKV7d4NANe5Th-uQNn-YV8cucUdmMU Status : invalid Error : @{type=urn:ietf:params:acme:error:unauthorized; detail=74.208.29.231: Invalid response from http://webtest.atlasorthoticlab.com/.well-known/acme-challenge/ZYt9woXBfjV5GbKV7d4NANe5Th-uQNn-YV8cucUdmMU: 404; status=403} Identifier : dns:webtest.atlasorthoticlab.com Data :

Any advice on how to ensure the token file gets created correctly is appreciated

Eric

glatzert commented 2 years ago

ACME-PS itself will not do anything without you making it do. It's meant to build your script around it and do the protocol stuff for you - so the file won't be created automatically, but file name and content are provided to you.

The response indicates, there's been a 404 on your side. So Let's Encrypt did not get the file (at the time it tried)

OrthoticsDirectEric commented 2 years ago

Thanks Thomas!

Very much appreciate the quick follow up. It sounds like I took the right steps (manually) to build the file. The name of the file is the value of the token and the only data in the file is the value of "Content"

Any advice on why Let's Encrypt is returning a 404 when the file is available at the URL? current example: webtest.atlasorthoticlab.com/.well-known/acme-challenge/kHYlM2FZLt9qIjMWbUcyCNQs8x1hUWyj_gxLdhWCSJ8

Thanks again and great work

On Fri, Sep 9, 2022 at 1:21 PM Thomas Ottenhus @.***> wrote:

ACME-PS itself will not do anything without you making it do. It's meant to build your script around it and do the protocol stuff for you - so the file won't be created automatically, but file name and content are provided to you.

The response indicates, there's been a 404 on your side. So Let's Encrypt did not get the file (at the time it tried)

— Reply to this email directly, view it on GitHub https://github.com/PKISharp/ACME-PS/issues/132#issuecomment-1242251746, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWFPKJCQDGV5ON7BBM5GOJTV5NWYZANCNFSM6AAAAAAQIZVNNM . You are receiving this because you authored the thread.Message ID: @.***>

glatzert commented 2 years ago

I've seen this with web farms that are not synchronized fast enough.

I don't know your script, but it might also be you are signaling the readiness of the challenge before saving the file?

It should be: Create order, read challenge data, create file, signal challenge to be checked, update order until status change, finalize order, get cert.