search

virtuallywired / Install-vCenterSSL

12 stars 9 forks source link

WriteErrorException - Almost working looks like it is working until it comes time to write #3

Open craigmockf5 opened 2 years ago

craigmockf5 commented 2 years ago

I am running vCenter 7.0.2.00200 and Running into an error. Looks like the Letsencrypt is working as it validated via DNS and created the certificate, just looks like it is having a problem writing to vCenter. Should I be using "administrator@vsphere.local" or the root account?

PS C:\Users\mock\Install-vCenterSSL> .\Install-vCenterSSL.ps1

cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential Checking for Required Module Posh-ACME Posh-ACME Module Already Installed Session Token Created Successfully Previously generated certificate found, would you like to reuse it? (Yes / No): yes Downloading ROOT CA Successfully Validated ROOT CA Loading Certificate Files Reformating Certificates to String Creating Payload Preparing to Replace Certificate. C:\Users\mock\Install-vCenterSSL\Install-vCenterSSL.ps1 : Failed to Replace Certificate, Terminating Script At line:1 char:1

.\Install-vCenterSSL.ps1

Status: A system exception was caught. {"error_type":"SERVICE_UNAVAILABLE","messages":[{"args":[],"default_message":"Service unavailable.","id":"com.vmware.vapi.endpoint.cis.ServiceUnavailable"}]} The request body has been saved to $global:helpme PS C:\Users\mock\Install-vCenterSSL>

Could this be related to the Posh-ACME Module? Not sure I got that installed right as it took a really long time. I am running this from Windows 10 computer.

kevsfastz commented 2 years ago

I was able to determine that this script will not work with the v7.0 U3 as the Authentication method to the API has changed: https://github.com/virtuallywired/Install-vCenterSSL/issues/2#issuecomment-1095813734

However, this is a moot point because even when you create these certificates with LetsEncrypt and apply them manually, vCenter 7.x will not accept them. Therefore I believe even if this script is adjusted to work with the API changes implemented in 7. x, you will still encounter issues at a LetsEncrypt level.

With that being said, I followed the instructions below creating the certs with ZeroSSL and had no issues applying them to vCenter 7.x: https://jorgedelacruz.uk/2021/10/18/vmware-how-to-secure-our-vcenter-server-7-vcsa-with-a-zerossl-certificate/

Maybe it's possible to adjust this script to utilize ZeroSSL instead?

I hope this helps!

craigmockf5 commented 2 years ago

I updated to 7.0.2.00400 and it worked this time.

PS C:\users\mock\Install-vCenterSSL> .\Install-vCenterSSL.ps1

cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential Checking for Required Module Posh-ACME Posh-ACME Module Already Installed Session Token Created Successfully Previously generated certificate found, would you like to reuse it? (Yes / No): yes Downloading ROOT CA Successfully Validated ROOT CA Loading Certificate Files Reformating Certificates to String Creating Payload Preparing to Replace Certificate. Response Code: 204 Successfully Replaced Certificate After this operation completes, the services using the certificate will be restarted for the new certificate to take effect.

matteofranceschini commented 1 year ago

I'm using powershell 7.3.3 and vcenter 7.0.3.01300, but I'm not able to make it work: it fails during the upload...

Checking for Required Module Posh-ACME
Posh-ACME Module Already Installed
Session Token Created Successfully
Previously generated certificate found, would you like to reuse it? (Yes / No): yes
Downloading ROOT CA
Successfully Validated ROOT CA
Loading Certificate Files
Reformating Certificates to String
Creating Payload
Preparing to Replace Certificate.
Write-Error: Failed to Replace Certificate, Terminating Script
InvalidOperation: C:\Users\testuser\Desktop\vcenter-cert.ps1:19
Line |
  19 |      $global:result = $_.Exception.Response.GetResponseStream()
     |      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Method invocation failed because [System.Net.Http.HttpResponseMessage] does not contain a method named
     | 'GetResponseStream'.
Write-Error: Failed to Replace Certificate, Please verify Correct Configuration and Retry

do you have any idea on why this happens?