Comments (4)
Hi @BearThatIsGrumpy, thanks for reaching out. I'm not super familiar with DigiCert's ACME implementation, so most of this is going to be guess work. Nothing looks obviously wrong with the commands you're running and it's definitely weird that the first one always works regardless of which comes first.
One thing I noticed is that the directory URL you're using with Set-PAServer
is the same for both. I was under the impression that DigiCert generated custom directory URLs that are associated with the EABs like what is described here:
https://docs.digicert.com/en/certcentral/certificate-tools/certificate-lifecycle-automation-guides/use-a-third-party-acme-client-for-host-automations.html#create-one-or-more-acme-directory-urls
Are you missing any querystring params or additional pieces of the directory URL? If they're different for the different products, you'd likely need to switch servers as well as accounts.
from posh-acme.
When I create a new DigiCert ACME URL, the value for "AMCE Directory URL" has always been the non-unique "https://acme.digicert.com/v2/acme/directory/".
I'll check with their support folks to make sure there isn't some other piece implied that I'm missing.
Thanks for the quick response!
from posh-acme.
I heard back from DigiCert support that their ACME URL is always "https://acme.digicert.com/v2/acme/directory/".
For now I think I have a workaround here by using different physical paths depending on the type of cert I'm working with, setting the process-scope POSHACME_HOME environment variable as needed, and re-importing Posh-ACME. Kind of clunky, but seems to work.
from posh-acme.
Hey @BearThatIsGrumpy, I had a random idea to potentially workaround this issue without needing to have a whole separate profile directory per account forever.
The accounts are separate folders within the server folder on disk. So what happens if you just manually move the account folder from one config the other after creating both? It seems like things would just work since the account key for each one doesn't change.
You could also potentially do this more elegantly using a combination of Export-PAAccountKey
and New-PAAccount -ID "blah" -KeyFile .\exported.key -OnlyReturnExisting
.
from posh-acme.
Related Issues (20)
- Trying to use ZeroSSL HOT 4
- Problem with OVH plugin for creating/renewing certificates HOT 8
- Error requesting certificate with WebRoot plugin HOT 5
- FullChainFile doesn't contain ISRG Root X1 HOT 9
- Active24 plugin no longer working HOT 25
- Pull cert into local certificate store using FQDN and Subsequent renew HOT 5
- CmdLets Repeatedly asking for DNS Text Records HOT 3
- Running "Get-PACertificate" can cause a long stream of errors HOT 4
- OVH plugin is not compatible with PowerShell 5.1
- DNSimple Plugin not removing dns challange HOT 3
- DNSimple Plugin regression HOT 3
- DNSPod Argument Names HOT 3
- Gandi API change HOT 3
- Question - Problems loading bouncy castle HOT 6
- NameCom plugin - Domain not found HOT 8
- Plugin request: Scaleway.com/Online.net HOT 10
- How do you check for current installed version of Posh-ACME client and how do you upgrade the Posh-ACME client HOT 3
- Cannot indicate an order replaces certificate with serial <code>, which already has a replacement order HOT 4
- Submit-Renewal throws errors checking ARI on certs with no AKI HOT 3
- Azure IMDS authentication doesn't work on Arc-enabled servers HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.