Git Product home page Git Product logo

Comments (4)

rmbolger avatar rmbolger commented on May 25, 2024

Hi @BearThatIsGrumpy, thanks for reaching out. I'm not super familiar with DigiCert's ACME implementation, so most of this is going to be guess work. Nothing looks obviously wrong with the commands you're running and it's definitely weird that the first one always works regardless of which comes first.

One thing I noticed is that the directory URL you're using with Set-PAServer is the same for both. I was under the impression that DigiCert generated custom directory URLs that are associated with the EABs like what is described here:
https://docs.digicert.com/en/certcentral/certificate-tools/certificate-lifecycle-automation-guides/use-a-third-party-acme-client-for-host-automations.html#create-one-or-more-acme-directory-urls

Are you missing any querystring params or additional pieces of the directory URL? If they're different for the different products, you'd likely need to switch servers as well as accounts.

from posh-acme.

BearThatIsGrumpy avatar BearThatIsGrumpy commented on May 25, 2024

When I create a new DigiCert ACME URL, the value for "AMCE Directory URL" has always been the non-unique "https://acme.digicert.com/v2/acme/directory/".

I'll check with their support folks to make sure there isn't some other piece implied that I'm missing.

Thanks for the quick response!

NewDigiCertAcmeUrl

from posh-acme.

BearThatIsGrumpy avatar BearThatIsGrumpy commented on May 25, 2024

I heard back from DigiCert support that their ACME URL is always "https://acme.digicert.com/v2/acme/directory/".

For now I think I have a workaround here by using different physical paths depending on the type of cert I'm working with, setting the process-scope POSHACME_HOME environment variable as needed, and re-importing Posh-ACME. Kind of clunky, but seems to work.

from posh-acme.

rmbolger avatar rmbolger commented on May 25, 2024

Hey @BearThatIsGrumpy, I had a random idea to potentially workaround this issue without needing to have a whole separate profile directory per account forever.

The accounts are separate folders within the server folder on disk. So what happens if you just manually move the account folder from one config the other after creating both? It seems like things would just work since the account key for each one doesn't change.

You could also potentially do this more elegantly using a combination of Export-PAAccountKey and New-PAAccount -ID "blah" -KeyFile .\exported.key -OnlyReturnExisting.

from posh-acme.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.