Comments (6)
The Dev version of the plugin tested fine.
I followed the instructions to install the dev build and ran Import-Module Posh-ACME -Force
After running the Publish-Challenge command, I checked the Route53 _acme-challenge entry was there and that it was removed after the Unpublish-Challenge command.
from posh-acme.
Hey @Alan111S, thanks for reaching out. I had no idea IMDSv2 was even a thing but apparently it's been live since late 2019. The initial docs I'm reading make it seem like a fairly painless change to use v2 by default. And if I'm reading things correctly, there should be no cases where only v1 works. So I'll probably just upgrade the code to always use v2.
Until I can get a new release out with the fix, you should also be able to work around the problem by having a 2020 or later version of the AWS.Tools.Route53 module and its dependencies installed along with Posh-ACME. If the plugin finds the official module, it will use that instead of its own raw REST implementation.
from posh-acme.
Hi @rmbolger, thanks for your quick update.
I've installed:-
Install-Module -Name AWS.Tools.Route53
I had to add -AllowClobber
to get it to install.
I've performed another 'New-PACertificate' with the Instance using IMDSv2 Tokens set to 'Required' and it's working fine using the AWS.Tools.Route53 module.
Do you want me to close this issue or leave open until an update is published ?
from posh-acme.
You can leave it open. I'll use it to track the code update. Thanks for verifying the workaround too!
from posh-acme.
I just committed a change that should update the plugin to use IMDSv2. Could you try testing it after uninstalling the AWS.Tools.Route53 module? You can either download the raw plugin file and overwrite your local copy or follow the instructions in the readme to install the dev build. Either way, make sure you're either running in a fresh PowerShell instance or forcefully re-import the module by running Import-Module Posh-ACME -Force
.
You shouldn't need to go through a whole new cert request process. You can test just the plugin by publishing and unpublishing a fake token value to one of your DNS zones like this:
$pArgs = @{R53UseIAMRole=$true}
Publish-Challenge example.com (Get-PAAccount) faketoken Route53 $pArgs -Verbose
Unpublish-Challenge example.com (Get-PAAccount) faketoken Route53 $pArgs -Verbose
from posh-acme.
This is now live in 4.19.0.
from posh-acme.
Related Issues (20)
- Timeout with WebSelfHost on Server 2022 and some 2019 HOT 4
- Feature Request - Function `Test-PAAccount` HOT 4
- ClouDNS PlugIn Fails GET Requeset HOT 2
- Set-PAOrder revokes certificate when -Force used, even with -RevokeCert:$false HOT 1
- [WebRoot Plugin] Support for Network Share Credentials HOT 3
- Is there a reason that the (Get-PACertificate).RenewAfter property is a [System.String] when the NotBefore and NotAfter are [datetime]? HOT 2
- How to use with PowerDNS, can't fins DNS-plugin? HOT 12
- Feedback Request: Dropping Support for PowerShell 5.1 HOT 5
- 1year / 365 days cert ZeroSSL (aka Lifetime LifetimeDays variable) HOT 8
- WEDOS DNS support ? HOT 5
- Multiple Accounts with DigiCert HOT 4
- Cloudflare Plug In fails to convert String to SecureString HOT 9
- Submit-Renewal doesn't appear to follow ErrorAction HOT 2
- Is there a full list of supported fields for -Subject? HOT 3
- 404 on Submit-ChallengeValidation when using LetsEncrypt Staging HOT 1
- OVH plugin using DnsAlias fails if not using subdomain of the OVHdomain HOT 2
- Trying to use ZeroSSL HOT 4
- Problem with OVH plugin for creating/renewing certificates HOT 8
- Error requesting certificate with WebRoot plugin HOT 5
- FullChainFile doesn't contain ISRG Root X1 HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.