http-01 Method #2 not printing instructions.

[HeneryH]

I've used this plenty of times before but here on a new project the command isn't returning the expected instructions. Any ideas? I'm expecting the instructions to put a file of a certain name in the .well-known/acme-challenge directory.

PS C:\Users\abc> Import-Module ACMESharp
PS C:\Users\abc> Initialize-ACMEVault
PS C:\Users\abc> New-ACMERegistration -Contacts mailto:me@xxxxx.com -AcceptTos

Contacts          : {mailto:me@xxxxxxx.com}
PublicKey         : { e = AQAB, kty = RSA, n = uvEAVJ8PV828B4cEwzAdsuTuYJS_kwOuK3VYn3tqtoCfkAsXVQBJ5tlWKBtXmtfpQouPImv5
                    6Tle7YKi02dAcQ-yX-Jpccxc7AvSYDzKDwQe8026aJ8s_kiCKk_UICT0mc4YVKx1D18P6acTbZ91heOawXUjjLjbzj_9YEsDKmX
                    iqAUPP1DiVRjjnd-mNwgBiFreL7YkioJ5WGtV3VZd7eNUt04HNdZk_DxOTfR1LBTr8qIIu9tlgEKH2DKk74nb63qopDFl68ON4W
                    QYQbXWj1_7IYg2K2lItqsg56fON0EUkge9BY9yYorQaz2GflAVCmoH8WLpAZef0iuLkSgZLw }
RecoveryKey       :
RegistrationUri   : https://acme-v01.api.letsencrypt.org/acme/reg/23347180
Links             : {<https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel="next",
                    <https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf>;rel="terms-of-service"}
TosLinkUri        : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
TosAgreementUri   : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
AuthorizationsUri :
CertificatesUri   :

PS C:\Users\abc> New-ACMEIdentifier -Dns yyyyy.xxxxx.com -Alias dnsX

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier     : yyyyy.xxxxx.com
Uri            : https://acme-v01.api.letsencrypt.org/acme/authz/wSmCzMDYye0n_Zw_mGc0zbDicWm1XbMYDMjIyyUhvJI
Status         : pending
Expires        : 11/3/2017 1:47:09 PM
Challenges     : {, , }
Combinations   : {1, 0, 2}

PS C:\Users\abc> Complete-ACMEChallenge dnsX -ChallengeType http-01 -Handler manual

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier     : yyyyy.xxxxx.com
Uri            : https://acme-v01.api.letsencrypt.org/acme/authz/wSmCzMDYye0n_Zw_mGc0zbDicWm1XbMYDMjIyyUhvJI
Status         : pending
Expires        : 11/3/2017 1:47:09 PM
Challenges     : {, , manual}
Combinations   : {1, 0, 2}

[ebekker]

Did you recently update the ACMESharp module? There were some changes in the way output is generated for certain handlers.

Can I ask, what is the context that you're running this set of commands -- is it just straight up, interactive commands that you're running in a PS console window, in ISE, in VSCode terminal window, etc?

I'm wondering if the output stream is somehow get swallowed by the host. One option you have with the manual handler is to redirect the manual instructions to a file using the WriteOutPath parameter. You can see the details in here.

If you want to give this a try, you can repeat the manual challenge handling by running the Complete-ACMEChallenge call again and adding the -RepeatHandler option.

[HeneryH]

I'm running PowerShell interactively from the start menu in non-admin mode. Copy/pasting the commands from my notes into the shell. Didn't really understand the ISE aspect of it and wasn't using it. Previously this worked fine. I'll try your suggestions.

[HeneryH]

Am I doing the WriteOutPath parameter wrong?

PS C:\Users\me> Complete-ACMEChallenge dnsY -ChallengeType http-01 -Handler manual -WriteOutPath c:\Users\me\inst.txt -RepeatHandler
Complete-ACMEChallenge : A parameter cannot be found that matches parameter name 'WriteOutPath'.
At line:1 char:68
+ ... nge dnsY -ChallengeType http-01 -Handler manual -WriteOutPath c:\User ...
+                                                     ~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Complete-ACMEChallenge], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,ACMESharp.POSH.CompleteChallenge

[HeneryH]

Oh, and yes. This is a new machine installation so starting from scratch repeating from my notes.

[ebekker]

Provider parameters using this syntax:

Complete-ACMEChallenge dnsY -ChallengeType http-01 -Handler manual -RepeatHandler -HandlerParameters @{
    WriteOutPath = 'c:\Users\me\inst.txt'
    Append = $true
}

[HeneryH]

That worked and printed the instructions to the txt file specified. This seems like a workaround to a potential bug or user error.

[HeneryH]

Edit on below... I am using Win7 Home now and see the note about EFS and am investigating the solution:

Not sure if this is related but I have moved on with the procedure and hit a new roadblock I never hit before.

I've tried this as both admin user and regular user with the same results.

Permissions errors. I thought running as root would have prevented this but I got it with both regular and root users.

PS C:\Windows\system32> Submit-ACMECertificate certX
Submit-ACMECertificate : Access to the path
'C:\ProgramData\ACMESharp\sysVault\45-KEYPM\7332b361-027a-4662-b2a6-dba189ded89d-key.pem' is denied.
At line:1 char:1
+ Submit-ACMECertificate certX
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Submit-ACMECertificate], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,ACMESharp.POSH.SubmitCertificate

PS C:\Windows\system32>

[ebekker]

Win7 Home definitely does not support EFS, so yes, the docs on disabling that support in the Vault provider will address your issue.

[ebekker]

I'm glad the file output redirection worked. Let's keep this ticket open until I can dive a little deeper into why the default output to console is not working for you.

Incidentally, which version of PS are you using?

Also, before you said "I'm using Win7 Home now..." -- so is that the OS you were using when you ran into the missing output problem, or was that a different OS?

[HeneryH]

I have keys for both W7 Home and W7 Pro. I must have used W7 Pro in my previous installation. Accidentally installed W7 Home this time which caused the known challenge of EFS. I followed the EFS workaround for permission problems and that worked.

Unsure if the instruction output printing is also related. I may reinstall again using Pro in which case I can confirm/deny.

[frehnejc]

The workaround using below was successful for me too using the latest version of acme: Complete-ACMEChallenge dnsY -ChallengeType http-01 -Handler manual -RepeatHandler -HandlerParameters @{ WriteOutPath = 'c:\Users\me\inst.txt' Append = $true }

Powershell version output:

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      16299  19      

[elfico]

I almost gave up using this ACME client because of the error until I stumbled upon this. Thanks alot @ebekker and @HeneryH

[JozoSlejko]

Same workaround helped me also, thanks @ebekker

[bendtherules]

I have added a workaround in the wiki with just calling the Update-ACMEIdentifier whenever you need all the details (like the challenge instructions here). More here https://github.com/ebekker/ACMESharp/issues/326#issuecomment-360394895 . Feel free to update the wiki with this solution if the method mentioned in this issue should be the official solution, but atleast there should be something mentioned on the wiki about this.

[b9chris]

Sorry, posted below bug before seeing this one. I'm having the exact same issue 5 months later. I think the manual handler is simply broken.

https://github.com/ebekker/ACMESharp/issues/335

[andreyzh]

Indeed, I have the same issue now. I was running ACMESharp v0.8 and when I got that I decided to install 0.9 to see if that would solve it. But it didn't.

[mattduguid]

Same issue using latest, fixes with the workaround thanks @frehnejc