search

rmbolger / Posh-ACME

PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)
https://poshac.me/docs/latest/
MIT License
778 stars 190 forks source link

NewOrder request did not include a SAN short enough to fit in CN #507

Closed kennethtipton closed 1 year ago

kennethtipton commented 1 year ago

Reading a json file with the san names in it.

After using the following code to convert to data string with each domain in Single quotes separated by comas it throws the error: NewOrder request did not include a SAN short enough to fit in CN (full error below under "error thrown"

Code to get and convert json file data to domain names

$hostsdata = Get-Content -Path 'C:\POSHACME\HOSTS.json' | ConvertFrom-Json
#$hostsdata.gettype()

$c = 0
foreach ($fqdn in $hostsdata.exch_fqdns) {
    #Write-Host $fqdn
    $d1 = $fqdn.ToString()
    #$d1.GetType()
    if ($c -eq 0) {
        $domainlist = "$d1"
        $dname += "[char]39$d1[char]39"
        #Write-Host $domainlist
        $c = $c + 1
    } else {
        $domainlist = $domainlist + ",'$d1'"
        #Write-Host $domainlist
    }
}

Write-Host $ddd

Write-Host $domainlist

$pArgs = @{
    HEUsername = "*************"
    HEPassword = "*************"
}

New-PACertificate -Domain $domainlist -verbose -Plugin $dnsprovider -Name $n -PfxPass $pfxpassword -Contact $contact -FriendlyName $n -DnsSleep 120

Error Thrown

OperationStopped: C:\Users\Administrator.TNC\Documents\PowerShell\Modules\Posh-ACME\4.18.0\Private\Invoke-ACME.ps1:174
Line |
 174 |          throw [AcmeException]::new($acmeError.detail,$acmeError)
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | NewOrder request did not include a SAN short enough to fit in CN
kennethtipton commented 1 year ago

The code was actually:

$hostsdata = Get-Content -Path 'C:\POSHACME\HOSTS.json' | ConvertFrom-Json
#$hostsdata.gettype()

$c = 0
foreach ($fqdn in $hostsdata.exch_fqdns) {
    #Write-Host $fqdn
    $d1 = $fqdn.ToString()
    #$d1.GetType()
    if ($c -eq 0) {
        $domainlist = "$d1"
        $dname += "'$d1'"
        #Write-Host $domainlist
        $c = $c + 1
    } else {
        $domainlist = $domainlist + ",'$d1'"
        #Write-Host $domainlist
    }
}

Write-Host $ddd

Write-Host $domainlist

$pArgs = @{
    HEUsername = "*************"
    HEPassword = "*************"
}

New-PACertificate -Domain $domainlist -verbose -Plugin $dnsprovider -Name $n -PfxPass $pfxpassword -Contact $contact -FriendlyName $n -DnsSleep 120
rmbolger commented 1 year ago

Not sure if you closed this by accident or if you figured out the problem on your own. But I think the problem is that you were constructing a single comma delimited string value instead of passing the list of domains as an actual array of strings to the -Domain parameter. The single string was being treated as one giant domain name.

Without seeing your raw JSON, I can't say for sure. But your entire foreach loop could potentially be avoided by just using -Domain $hostsdata.exch_fqdns directly instead of trying to manipulate it first. So basically just:

$hostsdata = Get-Content -Path 'C:\POSHACME\HOSTS.json' | ConvertFrom-Json

$pArgs = @{
    HEUsername = "*************"
    HEPassword = "*************"
}

New-PACertificate -Domain $hostsdata.exch_fqdns -verbose -Plugin $dnsprovider -Name $n -PfxPass $pfxpassword -Contact $contact -FriendlyName $n -DnsSleep 12