search

alan-turing-institute / data-safe-haven

https://data-safe-haven.readthedocs.io
BSD 3-Clause "New" or "Revised" License
62 stars 15 forks source link

Unable to use Update_SRE_RDS_SSL_Certificate using Posh-ACME 4.0.0 #909

Closed sysdan closed 3 years ago

sysdan commented 3 years ago

:scroll: Description

Running the data-safe-haven/deployment/secure_research_environment/setup/Update_SRE_RDS_SSL_Certificate.ps1 script fails if admin is running version 4.0.0 of the Posh-ACME module

The Publish-DNSChallenge cmdlet in Posh-ACME module as of version 4.0.0 has been renamed Publish-Challenge. This causes the Update_SRE_RDS_SSL_Certificate.ps1 to fail when a user has version 4.0.0 installed

:strawberry: Desired behaviour

The script rus even if the user is using version 3 or 4 of the Posh-ACME module.

:camera: Screenshots

[09:38] Warwick Wood

PS C:\Users\wwood\SGit Repo\SRE\deployment\secure_research_environment\setup> .\Update_SRE_RDS_SSL_Certificate.ps1 -sreId "turing1tell"

2020-12-22 09:36:45 [   INFO]: [ ] Checking whether signed certificate 'sre-tell-lets-encrypt-certificate' already exists in key vault...
2020-12-22 09:36:46 [SUCCESS]: [✔] Loaded certificate from key vault 'kv-turing1-sre-tell' with earliest renewal date 21 Nov 2020
2020-12-22 09:36:46 [WARNING]: Removing outdated certificate from KeyVault 'kv-turing1-sre-tell'...
2020-12-22 09:36:47 [   INFO]: Preparing to request a new certificate...
2020-12-22 09:36:47 [   INFO]: Using Let's Encrypt production server!
Please review the Terms of Service here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2020-12-22 09:36:48 [   INFO]: [ ] Checking for Posh-ACME account
2020-12-22 09:36:48 [SUCCESS]: [✔] Created new Posh-ACME account with ID: '107105320'
2020-12-22 09:36:48 [SUCCESS]: [✔] Using Posh-ACME account: 107105320
2020-12-22 09:36:52 [   INFO]: Test that we can interact with DNS records...
2020-12-22 09:36:52 [   INFO]: [ ] Attempting to create a DNS record for dnstest.tellfinder.turingsafehaven.ac.uk...
Publish-DnsChallenge: C:\Users\wwood\SGit Repo\SRE\deployment\secure_research_environment\setup\Update_SRE_RDS_SSL_Certificate.ps1:112:5
Line |
 112 |      Publish-DnsChallenge $testDomain -Account $acct -Token faketoken  …
     |      ~~~~~~~~~~~~~~~~~~~~
     | The term 'Publish-DnsChallenge' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the
     | spelling of the name, or if a path was included, verify that the path is correct and try again.

2020-12-22 09:36:52 [FAILURE]: [x] DNS record creation failed!
Exception: C:\Users\wwood\SGit Repo\SRE\deployment\common\Logging.psm1:37:13
Line |
  37 |              throw "$Message"
     |              ~~~~~~~~~~~~~~~~
     | DNS record creation failed!

:recycle: To reproduce

sysdan commented 3 years ago

Workaround: Manually downgrade Posh-ACME

Uninstall-Module -Name Posh-ACME
Install-Module -Name Posh-ACME -RequiredVersion 3.14.0

# Then run Update_SRE_RDS_SSL_Certificate.ps1