search

gearbox-solutions / FileMaker-LetsEncrypt-Win

A PowerShell script for fetching and renewing Let's Encrypt SSL certificates for FileMaker Server running on Windows Server.
MIT License
17 stars 14 forks source link

this procedure does not work on FMS18 + Windows Server 2012R2 #2

Closed GadisDEV closed 5 years ago

GadisDEV commented 5 years ago

This script seems not to work with W2012R2 and FM18. I am pasting the error messages. opening the FM admin console it states that the Letsencrypt cert is used, but when clients connect they still see the generic filemaker cert. `PS C:\Users\Administrator\Downloads\GetSSL(2)> .\GetSSL.ps1

Contacts : {mailto:michel@rsd.gadis.it} PublicKey : { e = AQAB, kty = RSA, n = q5IPKNWajtHmg2Zb_DZjOakz8z5o9bda1pNeINJgWPPUBPH8eb2cFBWmb9-DA7SLX0wueSVV CZlxWMAuLl0CyUE7yOuwrWPLEZpsccEN4Y3uedh7IyJR8TsuhRJ46m-LAhj9o8AlMmaAj-xjb6VMPaxWoXOV0DP5ZEz8uduzaGI 0e93GCSjetOQKAU4V0r3x41B1aUaFO6JcWuABQ2nvI2iwOz9_vItxtJblEur59qjYUQ6ny_vczSkYbnpTBY9FrJsZbNrH5zRFeN eoSG_XsI62ltmk6fNpXVdOtM6Z8QS25BzWnZCpmZU5Z_7-qD0vhev2XUjUItXCDFvlvhvLBw } RecoveryKey : RegistrationUri : https://acme-v01.api.letsencrypt.org/acme/reg/60495542 Links : {https://acme-v01.api.letsencrypt.org/acme/new-authz;rel="next", https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf;rel="terms-of-service"} TosLinkUri : https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf TosAgreementUri : https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf AuthorizationsUri : CertificatesUri :

New-Item : An item with the specified name C:\Program Files\FileMaker\FileMaker Server\HTTPServer\conf.well-known\acme-challenge\ already exists. At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:99 char:1

Performing challenge for rsd.gadis.it with alias rsd.gadis.itaa6aa7ce-c496-4b27-a44a-03a91fcf86ea IdentifierPart : ACMESharp.Messages.IdentifierPart IdentifierType : dns Identifier : rsd.gadis.it Uri : https://acme-v01.api.letsencrypt.org/acme/authz/8sxqhQ5FGJ4bZ4j4DUQQ4QkmX-UEtSsYGT2wogm0VZs Status : pending Expires : 7/10/2019 11:06:05 AM Challenges : {, , } Combinations : {0, 1, 2}

IdentifierPart : ACMESharp.Messages.IdentifierPart IdentifierType : dns Identifier : rsd.gadis.it Uri : https://acme-v01.api.letsencrypt.org/acme/authz/8sxqhQ5FGJ4bZ4j4DUQQ4QkmX-UEtSsYGT2wogm0VZs Status : pending Expires : 7/10/2019 11:06:05 AM Challenges : {, iis, } Combinations : {0, 1, 2}

ChallengePart : ACMESharp.Messages.ChallengePart Challenge : ACMESharp.ACME.HttpChallenge Type : http-01 Uri : https://acme-v01.api.letsencrypt.org/acme/challenge/8sxqhQ5FGJ4bZ4j4DUQQ4QkmX-UEtSsYGT2wogm0VZ s/17814580415 Token : pyFgHq-UrB85hDQSY0M8GkrbMkOVxIzQzMS4TAcG8AA Status : pending OldChallengeAnswer : [, ] ChallengeAnswerMessage : HandlerName : iis HandlerHandleDate : 7/3/2019 1:06:05 PM HandlerHandleMessage : * Challenge response content has been written to local file path at: [C:\Program Files\FileMaker\FileMaker Server\HTTPServer\conf.well-known/acme-challenge/pyFgHq-UrB85hDQSY0M8GkrbMkOVxIzQzMS4TAcG8AA]

HandlerCleanUpDate : HandlerCleanUpMessage : SubmitDate : 7/3/2019 1:06:06 PM SubmitResponse : {StatusCode, Headers, Links, RawContent...}

Id : 7f90515e-af3f-4908-a994-4faddbab2776 Alias : cert-9875b534-249b-4467-ad94-d49fe6ada2f9 Label : Memo : IdentifierRef : c02667b8-2a07-4837-8e34-a4ab3106cfdd IdentifierDns : rsd.gadis.it AlternativeIdentifierDns : {rsd.gadis.it} KeyPemFile : CsrPemFile : GenerateDetailsFile : 7f90515e-af3f-4908-a994-4faddbab2776-gen.json CertificateRequest : CrtPemFile : CrtDerFile : IssuerSerialNumber : SerialNumber : Thumbprint : Signature : SignatureAlgorithm : RevokedAt :

Submit-ACMECertificate : Error creating new cert :: authorizations for these names not found or expired: rsd.gadis.it At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:208 char:1

Remove-Item : Cannot find path 'C:\Program Files\FileMaker\FileMaker Server\CStore\serverKey.pem' because it does not exist. At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:222 char:1

Get-ACMECertificate : Cannot export private key; it hasn't been imported or generated At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:223 char:1

Remove-Item : Cannot find path 'C:\Program Files\FileMaker\FileMaker Server\CStore\crt.pem' because it does not exist. At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:227 char:1

Get-ACMECertificate : Cannot export CRT; CSR hasn't been submitted or CRT hasn't been retrieved At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:228 char:1

Remove-Item : Cannot find path 'C:\Program Files\FileMaker\FileMaker Server\CStore\interm.pem' because it does not exist. At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:232 char:1

Get-ACMECertificate : Cannot export CRT; CSR hasn't been submitted or CRT hasn't been retrieved At C:\Users\Administrator\Downloads\GetSSL(2)\GetSSL.ps1:233 char:1

username (Administrator):administrator password:***** Cannot find the certificate file [C:\Program Files\FileMaker\FileMaker Server\CStore\crt.pem]. Error: 20405 (File not found or not accessible.) Automatically Stopping FileMaker Server The FileMaker Server service is stopping........ The FileMaker Server service was stopped successfully.

Automatically Starting FileMaker Server The FileMaker Server service is starting. The FileMaker Server service was started successfully.

PS C:\Program Files\FileMaker\FileMaker Server\Database Server>`

Smef commented 5 years ago

The error you're having here is that Let's Encrypt cannot validate your ownership of the domain you want a certificate for. You're getting the error :

Error creating new cert :: authorizations for these names not found or expired: rsd.gadis.it

The reason for this is that your site, and the LE validation, is not available at http://rsd.gadis.it. It looks like a firewall is blocking traffic to that site.

GadisDEV commented 5 years ago

I feel so stupid.. I was whitelisting only europe to our server, adding the US made it work immediately.. thank you so much