search

PKISharp / ACME-PS

PowerShell module supporting ACME v2 certificate management
MIT License
103 stars 31 forks source link

Issue Export-ACMECertificate #142

Closed alfespa17 closed 2 months ago

alfespa17 commented 2 months ago

Hello, I am using similar script from the sample file here with a small update to use a managed identity to connect to azure and to use the Az.Websites instead of using AzureRM.Website, the script has been working pretty well for a long time when running inside an Azure Runbook but from a few days ago I am facing the following issue.

Could not find a part of the path 'C:\Temp\certificates\certificate.pfx'. (Could not find a part of the path 'C:\Temp\certificates\certificate.pfx'.)

it looks like it is failing in this part of the code because the file C:\Temp\certificates\certificate.pfx is not getting created but I am not really sure why....

    Export-ACMECertificate -State $acmeStateDir `
        -Order $order `
        -Path $certExportPath `
        -Password $securePassword

image

Any idea why the Export-ACMECertificate operation could be failing?

This is one sample for the logs that I am getting when running the azure runbook:

Logging in to Azure ...

Environments                                                                                           Context
------------                                                                                           -------
{[AzureCloud, AzureCloud], [AzureChinaCloud, AzureChinaCloud], [AzureUSGovernment, AzureUSGovernment]} Microsoft.Azure.…

Name              : aepocwebsite
ResourceId        : /subscriptions/583006a4-7a57-4a3d-899c-620faa582f6d/resourceGroups/ae-webapp/providers/Microsoft.Web
                    /sites/aepocwebsite
ResourceName      : aepocwebsite
ResourceType      : Microsoft.Web/sites
ResourceGroupName : ae-webapp
Location          : East US 2
SubscriptionId    : 583006a4-7a57-4a3d-899c-620faa582f6d
Properties        : @{numberOfWorkers=1; defaultDocuments=System.Object[]; netFrameworkVersion=v4.0; phpVersion=; 
                    pythonVersion=; nodeVersion=; powerShellVersion=; linuxFxVersion=NODE|20-lts; windowsFxVersion=; 
                    windowsConfiguredStacks=System.Object[]; requestTracingEnabled=False; remoteDebuggingEnabled=False; 
                    remoteDebuggingVersion=VS2019; httpLoggingEnabled=False; azureMonitorLogCategories=; 
                    acrUseManagedIdentityCreds=False; acrUserManagedIdentityID=; logsDirectorySizeLimit=35; 
                    detailedErrorLoggingEnabled=False; publishingUsername=$aepocwebsite; publishingPassword=; 
                    appSettings=; metadata=; connectionStrings=; machineKey=; handlerMappings=; documentRoot=; 
                    scmType=None; use32BitWorkerProcess=True; webSocketsEnabled=False; alwaysOn=False; javaVersion=; 
                    javaContainer=; javaContainerVersion=; appCommandLine=; managedPipelineMode=Integrated; 
                    virtualApplications=System.Object[]; winAuthAdminState=0; winAuthTenantState=0; 
                    customAppPoolIdentityAdminState=False; customAppPoolIdentityTenantState=False; runtimeADUser=; 
                    runtimeADUserPassword=; loadBalancing=LeastRequests; routingRules=System.Object[]; experiments=; 
                    limits=; autoHealEnabled=False; autoHealRules=; tracingOptions=; vnetName=; 
                    vnetRouteAllEnabled=False; vnetPrivatePortsCount=0; publicNetworkAccess=Enabled; 
                    siteAuthEnabled=False; siteAuthSettings=; cors=; push=; apiDefinition=; apiManagementConfig=; 
                    autoSwapSlotName=; localMySqlEnabled=False; managedServiceIdentityId=; xManagedServiceIdentityId=; 
                    keyVaultReferenceIdentity=; ipSecurityRestrictions=; ipSecurityRestrictionsDefaultAction=; 
                    scmIpSecurityRestrictions=; scmIpSecurityRestrictionsDefaultAction=; 
                    scmIpSecurityRestrictionsUseMain=False; http20Enabled=False; minTlsVersion=1.2; minTlsCipherSuite=; 
                    supportedTlsCipherSuites=; scmMinTlsVersion=1.2; ftpsState=FtpsOnly; reservedInstanceCount=0; 
                    preWarmedInstanceCount=; functionAppScaleLimit=; elasticWebAppScaleLimit=0; healthCheckPath=; 
                    fileChangeAuditEnabled=False; functionsRuntimeScaleMonitoringEnabled=False; websiteTimeZone=; 
                    minimumElasticInstanceCount=1; azureStorageAccounts=; http20ProxyFlag=0; sitePort=; 
                    antivirusScanEnabled=False; storageType=StorageVolume; sitePrivateLinkHostEnabled=False; 
                    clusteringEnabled=False}

*** STARTING with Service Name: LetsEncrypt-Staging

*** 1. Create an new account

AcmeDiskPersistedState

*** 2. Create a new order...

*** 3. Fullfill challenge...

Challenge Data:

Type        : http-01
Token       : P4aulH6sw2rke-KXhsGPwX65LDm0UZ6XAf8416_eE_A
Filename    : P4aulH6sw2rke-KXhsGPwX65LDm0UZ6XAf8416_eE_A
RelativeUrl : /.well-known/acme-challenge/P4aulH6sw2rke-KXhsGPwX65LDm0UZ6XAf8416_eE_A
AbsoluteUrl : nodejssample.aespana.me/.well-known/acme-challenge/P4aulH6sw2rke-KXhsGPwX65LDm0UZ6XAf8416_eE_A
Content     : P4aulH6sw2rke-KXhsGPwX65LDm0UZ6XAf8416_eE_A.J1eDDiCD-2-92bHjAUUhR5Mvm0pZCeFL0U2m0IYqZGE

Uploading challenge to WebApp

Make sure nodejssample.aespana.me/.well-known/acme-challenge/P4aulH6sw2rke-KXhsGPwX65LDm0UZ6XAf8416_eE_A is reachable from outside of your network.

Type       : 
Url        : 
Token      : 
Status     : 
Error      : 
Identifier : dns:nodejssample.aespana.me
Data       : 

*** 4. Issue certificate...

ResourceUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/order/152585543/17283794763
Status            : pending
Expires           : 06/25/2024 17:48:12
NotBefore         : 
NotAfter          : 
Identifiers       : {dns:nodejssample.aespana.me}
AuthorizationUrls : {https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12814968273}
FinalizeUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/finalize/152585543/17283794763
CertificateUrl    : 
CSROptions        : AcmeCsrOptions

ResourceUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/order/152585543/17283794763
Status            : pending
Expires           : 06/25/2024 17:48:12
NotBefore         : 
NotAfter          : 
Identifiers       : {dns:nodejssample.aespana.me}
AuthorizationUrls : {https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12814968273}
FinalizeUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/finalize/152585543/17283794763
CertificateUrl    : 
CSROptions        : AcmeCsrOptions

ResourceUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/order/152585543/17283794763
Status            : ready
Expires           : 06/25/2024 17:48:12
NotBefore         : 
NotAfter          : 
Identifiers       : {dns:nodejssample.aespana.me}
AuthorizationUrls : {https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12814968273}
FinalizeUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/finalize/152585543/17283794763
CertificateUrl    : 
CSROptions        : AcmeCsrOptions

/authz-v3/12814968273}
FinalizeUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/finalize/152585543/17283794763
CertificateUrl    : https://acme-staging-v02.api.letsencrypt.org/acme/cert/2b8f6d2cb83bca6cfa1dd9408b257553e22c
CSROptions        : AcmeCsrOptions

ResourceUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/order/152585543/17283794763
Status            : valid
Expires           : 06/25/2024 17:48:12
NotBefore         : 
NotAfter          : 
Identifiers       : {dns:nodejssample.aespana.me}
AuthorizationUrls : {https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12814968273}
FinalizeUrl       : https://acme-staging-v02.api.letsencrypt.org/acme/finalize/152585543/17283794763
CertificateUrl    : https://acme-staging-v02.api.letsencrypt.org/acme/cert/2b8f6d2cb83bca6cfa1dd9408b257553e22c
CSROptions        : AcmeCsrOptions

Checking Files in C:\Temp\certificates\

Exporting...

The complete script that I am using can be found here.

glatzert commented 2 months ago

My first hunch was: does ''C:\Temp\certificates\' exist at all? I don't think the export command will create directories ...

alfespa17 commented 2 months ago

My first hunch was: does ''C:\Temp\certificates' exist at all? I don't think the export command will create directories ...

Thank you @glatzert that was the issue, I have created a pull request to update the AzureRunbookExample