Closed Wlad-R closed 6 months ago
WouterTinus
commented
7 months ago This build should show the error message returned from the API, which is currently hidden: https://ci.appveyor.com/project/WouterTinus/win-acme-s8t9q/builds/49183286/artifacts
Wlad-R
commented
7 months ago Hi Wouter, below is --verbose result:
[DBUG] [commit.corporatepower.com] Attempting to create DNS record under _acme-challenge.commit.corporatepower.com...
[DBUG] [HTTP] Send GET to https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=corporatepower.com
[WARN] [HTTP] Request completed with status Forbidden
[VERB] [HTTP] Response of type null (36 bytes)
[WARN] Unable to create record at DnsMadeEasy: {"error": ["Unable to verify HMAC"]}
[DBUG] [commit.corporatepower.com] Failed to create record under _acme-challenge.commit.corporatepower.com
[EROR] [commit.corporatepower.com] Error preparing for challenge answer
System.Exception: [commit.corporatepower.com] Unable to prepare for challenge answer
at PKISharp.WACS.Plugins.ValidationPlugins.DnsValidation1.PrepareChallenge(ValidationContext context, Dns01ChallengeValidationDetails challenge) at PKISharp.WACS.Plugins.ValidationPlugins.Validation1.PrepareChallenge(ValidationContext context)
at PKISharp.WACS.RenewalValidator.Prepare(ValidationContext context, RunLevel runLevel)
[VERB] Starting post-validation cleanup
[DBUG] DNS record cleanup finalized
Thank you, Wlad
WouterTinus
commented
7 months ago So at least we can see the error now: "Unable to verify HMAC" seems to mean that either the API key is wrong or the time is off. I'm also not sure what to check anymore, especially since it works on another server.
Wlad-R
commented
7 months ago Hello, thank you for the confirmation. The time and key were/are good I freaked out a bit, deleted everything including programdata\win-acme and installed from scratch. And it worked. I don't know what was wrong with cached/saved credentials, but my expectation is command line parameters should have precedence over the saved configuration. Thank you, Wlad
WouterTinus
commented
6 months ago I'm glad it's working now.
I don't know what was wrong with cached/saved credentials, but my expectation is command line parameters should have precedence over the saved configuration.
That is true when you replace your renewal, but you cannot renew and change stuff at the same time (but trying to do that leads to a fatal error from the command line, so that was not your issue).
Hello, The certificate was created successfully two months ago with (just replaced with cr.com) Wacs --verbose --source iis --host commit.cr.com --order single --validationmode DNS-01 --validation dnsmadeeasy --apikey c3xxx--apisecret 5xxx8 --store certificatestore --installation iis --accepttos --emailaddress commitcrm@C*r.com Renewal failed yesterday Dnsmadeeasy Api key works – another server from the same domain was renewed successfully yesterday with the same setup. Server time is synced Not sure what else I should check
[DBUG] [3cx.cr.com] Attempting to create DNS record under _acme-challenge.3cx.cr.com... [DBUG] [HTTP] Send GET to https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=c*r.com [VERB] [HTTP] Request completed with status Forbidden [VERB] [HTTP] Response of type null (32 bytes) [DBUG] [3cx.cr.com] Failed to create record under _acme-challenge.3cx.cr.com [EROR] [3cx.cr.com] Error preparing for challenge answer System.Exception: [3cx.cr.com] Unable to prepare for challenge answer at PKISharp.WACS.Plugins.ValidationPlugins.DnsValidation
1.PrepareChallenge(ValidationContext context, Dns01ChallengeValidationDetails challenge) at PKISharp.WACS.Plugins.ValidationPlugins.Validation1.PrepareChallenge(ValidationContext context) at PKISharp.WACS.RenewalValidator.Prepare(ValidationContext context, RunLevel runLevel) [VERB] Starting post-validation cleanup [VERB] Post-validation cleanup was succesfulThank you, Wlad