Closed cowlthr-pdxedu closed 11 months ago
Hey @cowlthr-pdxedu, thanks for reaching out. The errors make it seem like the current code that tries to parse the private key from the account JSON file isn't working. Does the GCloud CLI use the same JSON file for auth? If so, there's not likely anything wrong with the file itself. I wonder if Google changed the type of private key being used.
Do me a favor and run the following to see the value of the private key from the JSON. DO NOT post the whole key here. I'm only interested in seeing the header/footer values (if they exist). They should be something similar to -----BEGIN PRIVATE KEY-----
and -----END PRIVATE KEY-----
.
# DON'T POST THE RESULT OF THIS TO GITHUB, just the header/footer if they exist.
Get-Content $pArgs.GCKeyFile -Raw | ConvertFrom-Json | Select -Expand private_key
I'm also going to try and generate a new file from my own account to see if it's different than the old one I've been using.
So the new service account I generated for myself looks just like the old one in terms of its private key. So unless there's a project level change I'm not familiar with that would affect the generated private key, I'm thinking that's not the issue.
Assuming your private_key value looks normal as far as the header/footer goes, let's try running just a DNS publish command with Debug logging turned on like this after re-importing the module to clear out any existing state.
Import-Module Posh-ACME -Force
$pArgs = @{GCKeyFile = "C:\admin\poshAcme\GoogleServiceAccount.json";GCProjectId="dns-project"}
$DebugPreference = 'Continue'
Publish-Challenge service.domain.edu (Get-PAAccount) dummyvalue GCloud $pArgs -Verbose
The portion of the output we're looking for should look something like this:
VERBOSE: Signing into GCloud DNS
DEBUG: Loading saved plugin vars
DEBUG: Using key file
DEBUG: Loading saved plugin vars
DEBUG: Saving updated plugin vars
DEBUG: Loading private key for mysvcacct@myproject.iam.gserviceaccount.com
DEBUG: PemReader found 'Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters'. Attempting to convert to AsymmetricCipherKeyPair.
DEBUG: Claim set: {
<more stuff>
Good morning,
I am having some trouble with the GCloud DNS plugin, the error message I am receiving is below. Using manual DNS record creation and WebSelfHost I am able to create certs. Unfortunately, I can't use WebSelfHost because the server will be using port 80 when in production. With the gCloud CLI, I am able to create DNS records using my Google service account so I believe I have that setup correctly.
Let me know if there is anything else that may be helpful or if it looks like I am just doing something wrong.
Thanks, Rob
ERROR MESSAGE
ADDITIONAL ERROR DETAIL