You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running win-acme non-interactively and using the Route 53 DNS-01 DCV plugin with an IAM role/instance profile, I get the following error:
[EROR] Option --route53accesskeyid not provided
[EROR] (Exception) Validation plugin Route53 aborted or failed: Option --route53accesskeyid not provided
Neither --route53accesskeyid nor --route53secretaccesskey should be required when providing --route53iamrole:
Setting a dummy value for --route53accesskeyid but not --route53secretaccesskey results in a similar error about the --route53secretaccesskey option not being provided.
Setting empty strings for either or both of these arguments ("") results in the same errors about options not being provided.
Setting dummy values for these arguments passes the option validation checks but results in the failure of the Route 53 API calls made by win-acme.
Running win-acme interactively and using the IAM role for validation works as expected.
Steps to reproduce
Register a DNS domain (e.g., example.com) and host it using Amazon Route 53.
Create an IAM role for EC2 (e.g., win-acme-route53) with the AmazonRoute53FullAccess policy attached.
Launch a t2.micro EC2 instance running Microsoft Windows Server 2019 Core from the AWS Marketplace and with the above IAM role assigned to it.
Log into the EC2 instance and install the current release of win-acme along with the corresponding version of its Route 53 validation plugin (2.0.9 build 386 at the time of writing) by running the following PowerShell commands:
$ver="v2.0.9"$bld="386"invoke-webrequest https://github.com/PKISharp/win-acme/releases/download/$ver/win-acme.$ver.$bld.zip-outfile $env:userprofile\downloads\win-acme.zip
unblock-file$env:userprofile\downloads\win-acme.zip
expand-archive$env:userprofile\downloads\win-acme.zip -destinationpath c:\win-acme -force
del $env:userprofile\downloads\win-acme.zip
invoke-webrequest https://github.com/PKISharp/win-acme/releases/download/$ver/win-acme.route53.$ver.$bld.zip-outfile $env:userprofile\downloads\win-acme-route53.zip
unblock-file$env:userprofile\downloads\win-acme-route53.zip
expand-archive$env:userprofile\downloads\win-acme-route53.zip -destinationpath c:\win-acme -force
del $env:userprofile\downloads\win-acme-route53.zip
Non-interactively request a certificate for the domain registered and hosted in Route 53 above (e.g., example.com) by running the following PowerShell command:
The text was updated successfully, but these errors were encountered:
xenophonf
changed the title
Route 53 plugin CLI argument parsing bug
Route 53 plugin should not require an access key ID or secret access key when specifying an IAM role on the command line
Aug 9, 2019
Issue description
When running win-acme non-interactively and using the Route 53 DNS-01 DCV plugin with an IAM role/instance profile, I get the following error:
Neither
--route53accesskeyid
nor--route53secretaccesskey
should be required when providing--route53iamrole
:Setting a dummy value for
--route53accesskeyid
but not--route53secretaccesskey
results in a similar error about the--route53secretaccesskey
option not being provided.Setting empty strings for either or both of these arguments (
""
) results in the same errors about options not being provided.Setting dummy values for these arguments passes the option validation checks but results in the failure of the Route 53 API calls made by win-acme.
Running win-acme interactively and using the IAM role for validation works as expected.
Steps to reproduce
Register a DNS domain (e.g.,
example.com
) and host it using Amazon Route 53.Create an IAM role for EC2 (e.g.,
win-acme-route53
) with the AmazonRoute53FullAccess policy attached.Launch a t2.micro EC2 instance running Microsoft Windows Server 2019 Core from the AWS Marketplace and with the above IAM role assigned to it.
Log into the EC2 instance and install the current release of win-acme along with the corresponding version of its Route 53 validation plugin (2.0.9 build 386 at the time of writing) by running the following PowerShell commands:
The text was updated successfully, but these errors were encountered: