Comments (8)
I've pinpointed the exact line throwing that error inside Set-PAServer.
from posh-acme.
Hey @plrusek, thanks for reaching out. Unfortunately, I don't have an explanation for what the problem is. That line is about the most basic web request the module performs when initially querying the chosen ACME server. For the LE_STAGE environment, it's the equivalent of running the following:
Invoke-WebRequest -Uri https://acme-staging-v02.api.letsencrypt.org/directory -UserAgent "Posh-ACME/4.17.1 PowerShell/$($PSVersionTable.PSVersion)" -ErrorAction Stop -Verbose:$false
Can you try running that manually and see if the same error occurs? The error implies a problem with the underlying network connection on your end. Perhaps security software interfering with outbound connections?
from posh-acme.
Hello, sadly same error occurs with that line of code. It seems that Invoke-WebRequest in general has stopped working properly.
I've tried a lot of various suggestions and fixes online, like making sure both Tls12 and Tls13 are ticked in Internet Properties and
also tried setting [System.Net.ServicePointManager]::SecurityProtocol to Tls12 -bor Tls13 but all to no avail.
I also suspected my antivirus at some point, ESET Security Endpoint, as it has SSL/TLS protocol filtering and application filtering but the issue still persisted with these functions off.
So at this point, I think I'm suspecting something very wrong happening with PowerShell itself and maybe trying out something
like RestSharp and implementing this directly in C#. There doesn't seem to be much reason for this to stop working, especially
since it happened suddenly after years of working.
from posh-acme.
@plrusek you could try with https://certifytheweb.com to use something that's C# based but I presume you'll get the same result. It's unlikely powershell has just stopped working in general, so your networking (particularly your firewall or related software) is the most obvious suspect. Windows Firewall also needs to allow outgoing https.
You could try a different CA to see if it's specific to Let's Encrypt. e.g. If you wanted to test against Googles ACME API it would be:
Invoke-WebRequest -Uri https://dv.acme-v02.api.pki.goog/directory -UserAgent "Posh-ACME/4.17.1 PowerShell/$($PSVersionTable.PSVersion)" -ErrorAction Stop -Verbose:$false
from posh-acme.
So, this is very bizzare but both these commands work just fine on a freshly opened PowerShell console but as soon as I try to run them after and inside .ps1 scripts, it starts throwing the same error as always from then on until I open a new PowerShell console. I never managed to identify which lines of code in those scripts specifically cause this sadly. I swear it even seems to be random at times because sometimes it didn't manage to break.
On the other hand, I found out that the .NET equivalent class - HttpWebRequest - has none of these problems so I rewrote some parts of Set-PAServer to use that class instead of the troublesome cmdlet:
I'm really not sure why this cmdlet has been giving me this much trouble, but it wouldn't be the first one in my PowerShell escapades.
from posh-acme.
It sounds like something in or getting loaded by your scripts might be interfering with the web cmdlets default functionality. Suffice it to say that I don't plan on replacing all of the PowerShell native web calls with .NET classes.
from posh-acme.
Confirmed a similar behavior in my environment. Set-PAServer stops working after being called in the same PS session. Closing and reopening PowerShell temporarily resolves the issue. Fine for scripted usage, but annoying when writing scripts.
Windows Server 2022, build 20348.1787
from posh-acme.
@sivan-koren Can you run the same Invoke-WebRequest
test as above and post the results? I'd also be curious what (if anything) is in the PowerShell profile for the user you're running as. There are 4 potential files that could exist with stuff being loaded. Here's an easy way to open all of them in notepad.
notepad $PROFILE.CurrentUserAllHosts
notepad $PROFILE.CurrentUserCurrentHost
notepad $PROFILE.AllUsersAllHosts
notepad $PROFILE.AllUsersCurrentHost
If notepad says the file doesn't exist, don't worry about it. That just means it hadn't previously been created which is normal.
Also, are you running any 3rd party security software or have a proxy server in place?
from posh-acme.
Related Issues (20)
- EfficientIP SOLIDServer integration HOT 2
- Using "fullchain.cer" and "cert.key"
- Using Posh-ACME's "fullchain.cer" and "cert.key" for Plex Media Center HOT 6
- Support for OCI-Certificates HOT 12
- Plugin for Zoneedit DNS Provider HOT 5
- Expand environment variables in `POSHACME_HOME` HOT 2
- AZ Token not refreshed when switching tenants HOT 3
- ErrorAction doesn't seem to be honored HOT 3
- Namecheap issue with verifying DNS challenge HOT 3
- Error thrown in Linux when $env:POSHACME_HOME is set to other than default HOT 1
- Issues with Publish-Challenge with Simply.com HOT 21
- Add -CsrString parameter to New-PACertificate HOT 4
- possible documentation issue with Tutorial HOT 2
- create certificates with non public TLDs HOT 3
- NewOrder request did not include a SAN short enough to fit in CN HOT 2
- Need better example of how to store plugin values with secretmanagement HOT 5
- 'R53UseIAMRole=true' not working with IMDSv2 Tokens set to 'Required' HOT 6
- Finalize URL not set in order object, cannot Submit-OrderFinalize HOT 3
- "Bad Data" Error WHen Signing Into GCloud DNS HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.