Open craigmockf5 opened 2 years ago
I was able to determine that this script will not work with the v7.0 U3 as the Authentication method to the API has changed: https://github.com/virtuallywired/Install-vCenterSSL/issues/2#issuecomment-1095813734
However, this is a moot point because even when you create these certificates with LetsEncrypt and apply them manually, vCenter 7.x will not accept them. Therefore I believe even if this script is adjusted to work with the API changes implemented in 7. x, you will still encounter issues at a LetsEncrypt level.
With that being said, I followed the instructions below creating the certs with ZeroSSL and had no issues applying them to vCenter 7.x: https://jorgedelacruz.uk/2021/10/18/vmware-how-to-secure-our-vcenter-server-7-vcsa-with-a-zerossl-certificate/
Maybe it's possible to adjust this script to utilize ZeroSSL instead?
I hope this helps!
I updated to 7.0.2.00400 and it worked this time.
PS C:\users\mock\Install-vCenterSSL> .\Install-vCenterSSL.ps1
cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential Checking for Required Module Posh-ACME Posh-ACME Module Already Installed Session Token Created Successfully Previously generated certificate found, would you like to reuse it? (Yes / No): yes Downloading ROOT CA Successfully Validated ROOT CA Loading Certificate Files Reformating Certificates to String Creating Payload Preparing to Replace Certificate. Response Code: 204 Successfully Replaced Certificate After this operation completes, the services using the certificate will be restarted for the new certificate to take effect.
I'm using powershell 7.3.3 and vcenter 7.0.3.01300, but I'm not able to make it work: it fails during the upload...
Checking for Required Module Posh-ACME
Posh-ACME Module Already Installed
Session Token Created Successfully
Previously generated certificate found, would you like to reuse it? (Yes / No): yes
Downloading ROOT CA
Successfully Validated ROOT CA
Loading Certificate Files
Reformating Certificates to String
Creating Payload
Preparing to Replace Certificate.
Write-Error: Failed to Replace Certificate, Terminating Script
InvalidOperation: C:\Users\testuser\Desktop\vcenter-cert.ps1:19
Line |
19 | $global:result = $_.Exception.Response.GetResponseStream()
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Method invocation failed because [System.Net.Http.HttpResponseMessage] does not contain a method named
| 'GetResponseStream'.
Write-Error: Failed to Replace Certificate, Please verify Correct Configuration and Retry
do you have any idea on why this happens?
I am running vCenter 7.0.2.00200 and Running into an error. Looks like the Letsencrypt is working as it validated via DNS and created the certificate, just looks like it is having a problem writing to vCenter. Should I be using "administrator@vsphere.local" or the root account?
PS C:\Users\mock\Install-vCenterSSL> .\Install-vCenterSSL.ps1
cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential Checking for Required Module Posh-ACME Posh-ACME Module Already Installed Session Token Created Successfully Previously generated certificate found, would you like to reuse it? (Yes / No): yes Downloading ROOT CA Successfully Validated ROOT CA Loading Certificate Files Reformating Certificates to String Creating Payload Preparing to Replace Certificate. C:\Users\mock\Install-vCenterSSL\Install-vCenterSSL.ps1 : Failed to Replace Certificate, Terminating Script At line:1 char:1
.\Install-vCenterSSL.ps1
Status: A system exception was caught. {"error_type":"SERVICE_UNAVAILABLE","messages":[{"args":[],"default_message":"Service unavailable.","id":"com.vmware.vapi.endpoint.cis.ServiceUnavailable"}]} The request body has been saved to $global:helpme PS C:\Users\mock\Install-vCenterSSL>
Could this be related to the Posh-ACME Module? Not sure I got that installed right as it took a really long time. I am running this from Windows 10 computer.