You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am testing win-acme in my environment and I found out, that there is no correct error handling if you are using acme-dns but the hostname cannot be resolved.
C:\acme-clients\win-acme.v2.1.5.742.x64.pluggable>wacs.exe --verbose
[VERB] Verbose mode logging enabled
[VERB] Looking for settings.json in C:\acme-clients\win-acme.v2.1.5.742.x64.pluggable
[DBUG] Config folder: C:\ProgramData\win\pgwy.company.testacmedirectory
[DBUG] Log path: ./logs\pgwy.company.testacmedirectory
[DBUG] Cache path: C:\ProgramData\win\pgwy.company.testacmedirectory\Certificates
[VERB] Arguments: --verbose
[DBUG] Renewal period: 55 days
[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version 2.1.5.742 (RELEASE, PLUGGABLE)
[INFO] ACME server https://pgwy.company.test/acme/directory
[VERB] SecurityProtocol setting: SystemDefault
[DBUG] Connection OK!
[INFO] IIS version 10.0
[INFO] Running with administrator credentials
[WARN] Scheduled task not configured yet
[INFO] Please report issues at https://github.com/win-acme/win-acme
[VERB] Test for international support: 語言 язык لغة
N: Create new certificate (simple for IIS)
M: Create new certificate (full options)
R: Run scheduled renewals (0 currently due)
A: Manage renewals (0 total)
O: More options...
Q: Quit
Please choose from the menu: M
[INFO] Running in mode: Interactive, Advanced
Please specify how the list of domain names that will be included in the
certificate should be determined. If you choose for one of the "all bindings"
options, the list will automatically be updated for future renewals to
reflect the bindings at that time.
1: IIS
2: Manual input
3: CSR created by another program
C: Abort
How shall we determine the domain(s) to include in the certificate?: <Enter>
[DBUG] Scanning IIS sites
[DBUG] Scanning IIS site bindings for hosts
Please select which website(s) should be scanned for host names. You may
input one or more site identifiers (comma separated) to filter by those
sites, or alternatively leave the input empty to scan *all* websites.
1: win.company.test (1 binding)
Site identifier(s) or <ENTER> to choose all: <Enter>
[VERB] 1 named bindings found in IIS
[VERB] No site filter applied
[VERB] No host filter applied
[VERB] 1 matching binding found
1: win.company.test (Site 1)
You may either choose to include all listed bindings as host names in your
certificate, or apply an additional filter. Different types of filters are
available.
1: Pick specific bindings from the list
2: Pick bindings based on a search pattern
3: Pick bindings based on a regular expression
4: Pick *all* bindings
How do you want to pick the bindings?: <Enter>
[VERB] 1 named bindings found in IIS
[VERB] No site filter applied
[VERB] No host filter applied
[VERB] 1 matching binding found
[VERB] 1 named bindings found in IIS
[VERB] No site filter applied
[VERB] No host filter applied
[VERB] 1 matching binding found
1: win.company.test (Site 1)
Continue with this selection? (y*/n) - <Enter>
[DBUG] Scanning IIS site bindings for hosts
[VERB] 1 named bindings found in IIS
[VERB] No site filter applied
[VERB] No host filter applied
[VERB] 1 matching binding found
[INFO] Target generated using plugin IIS: win.company.test
Suggested friendly name '[IIS] (any site), (any host)', press <ENTER> to accept or type an alternative: <Enter>
The ACME server will need to verify that you are the owner of the domain
names that you are requesting the certificate for. This happens both during
initial setup *and* for every future renewal. There are two main methods of
doing so: answering specific http requests (http-01) or create specific dns
records (dns-01). For wildcard domains the latter is the only option. Various
additional plugins are available from https://github.com/win-acme/win-acme/.
[VERB] Adding 10.9.6.44 as DNS server
1: [http-01] Save verification files on (network) path
2: [http-01] Serve verification files from memory
3: [http-01] Upload verification files via FTP(S)
4: [http-01] Upload verification files via SSH-FTP
5: [http-01] Upload verification files via WebDav
6: [dns-01] Create verification records manually (auto-renew not possible)
7: [dns-01] Create verification records with acme-dns (https://github.com/joohoi/acme-dns)
8: [dns-01] Create verification records with your own script
9: [tls-alpn-01] Answer TLS verification request from win-acme
C: Abort
How would you like prove ownership for the domain(s) in the certificate?: 7
URL of the acme-dns server: https://acme-dns.company.test
[DBUG] Using C:\ProgramData\win\acme-dns\acme-dns.company.test for acme-dns configuration
[INFO] Creating new acme-dns registration for domain win.company.test
[EROR] Error creating acme-dns registration
System.Net.Http.HttpRequestException: The requested name is valid, but no data of the requested type was found.
---> System.Net.Sockets.SocketException (11004): The requested name is valid, but no data of the requested type was found.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at PKISharp.WACS.Clients.AcmeDnsClient.Register()
After ownership of the domain(s) has been proven, we will create a
Certificate Signing Request (CSR) to obtain the actual certificate. The CSR
determines properties of the certificate like which (type of) key to use. If
you are not sure what to pick here, RSA is the safe default.
1: Elliptic Curve key
2: RSA key
What kind of private key should be used for the certificate?:
The text was updated successfully, but these errors were encountered:
I am testing win-acme in my environment and I found out, that there is no correct error handling if you are using acme-dns but the hostname cannot be resolved.
The text was updated successfully, but these errors were encountered: