Benachrichtigungen

Alles löschen

[Gelöst] Let’s Encrypt Zertifikat Script

Seite 2 / 3 Vorherige Nächstes

Exchange Server und Zertifikate

Letzter Beitrag von Frank Zöchling Vor 5 Jahren

41 Beiträge

16 Benutzer

0 Reactions

11.7 K Ansichten

RSS

wolfidw

(@wolfidw)

New Member

Beigetreten: Vor 5 Jahren

Beiträge: 4

26. November 2019 19:24

Hallo Frank,

es hat sich gezeigt, dass der IIS beim Abruf der acme-challenge einen Serverfehler 500 generiert hat.

Folgende web.config im acme-challenge-Ordner hat Abhilfe geschaffen:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<remove fileExtension="." />
<mimeMap fileExtension="." mimeType="text/json" />
</staticContent>
<handlers>
<clear />
<add name="StaticFile" path="*" verb="*" type=""
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
scriptProcessor="" resourceType="Either" requireAccess="Read"
allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />
</handlers>
</system.webServer>
</configuration>

Sonst funktioniert das Skript perfekt. An dieser Stelle ein herzliches DANKESCHÖN!

Gruß

Wolfgang Wagner

Frank Zöchling

(@franky)

Honorable Member Admin

Beigetreten: Vor 15 Jahren

Beiträge: 512

26. November 2019 20:28

@psch @wolfidw

Hallo ihr beiden,

vielen Dank für den Test. Ich prüfe dies mal. Könntet ihr mir bitte einmal das komplette Log per Mail schicken? Das würde es mir etwas einfacher machen. Ich habe bisher noch nicht die Erneuerung getestet, wenn ihr dies vielleicht auch einmal testen könntet?

Gruß,

Frank

timbo

(@timbo)

Active Member

Beigetreten: Vor 5 Jahren

Beiträge: 8

28. November 2019 11:45

Moin Franky,

testen konnte ich noch nicht. Dennoch eine Anmerkung:

Die Variable $SANAlias wird von Import-ExchangeCertificate verwendet ohne vorher befüllt zu werden.

Timbo

wolfidw

(@wolfidw)

New Member

Beigetreten: Vor 5 Jahren

Beiträge: 4

28. November 2019 18:18

Hallo Frank,

ich habe jetzt auf meinen Server 2016 / Exchange 2016 folgende Log:

1. Erstes Zertifikat anfordern:

TimeStamp;ScriptSection;Type;Message;ErrorDetails
26.11.2019 19:10:21;System;Info;Geting system parameters;
26.11.2019 19:10:21;System;Info;Certificate Assistant Exchange 2016 Version;
26.11.2019 19:10:21;System;Info;PowerShell Version: 5.1.14393.3053 OSVersion: 10.0.14393.0;
26.11.2019 19:10:21;Check Posh-ACME;Info;Check if Module installed;
26.11.2019 19:10:21;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
26.11.2019 19:10:21;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 3.11.0;
26.11.2019 19:10:21;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
26.11.2019 19:10:21;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
26.11.2019 19:10:21;IIS;Info;Trying to create .Well-Known Directory;
26.11.2019 19:10:21;IIS;Info;Well-Known Folder already exists, skipping;
26.11.2019 19:10:21;IIS;Info;Eroor Creating and enabling Well-Known Folder: Dateiname:
Fehler: Doppelter Auflistungseintrag vom Typ "mimeMap" mit auf "." festgelegtem eindeutigen Schlüsselattribut "fileExtension" kann nicht hinzugefügt werden.

;
26.11.2019 19:10:21;IIS;Info;Changing Let's Encrypt IIS directory to http;
26.11.2019 19:10:21;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
26.11.2019 19:10:21;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
26.11.2019 19:10:21;IIS;Info;.well-known directory accepts http;
26.11.2019 19:10:21;Exchange FQDNs;Info;Getting Exchange FQDNs;
26.11.2019 19:10:21;Exchange FQDNs;Info;Getting local Exchange Server Name;
26.11.2019 19:10:22;Exchange FQDNs;Info;Local Exchange Name EXCHANGE16;
26.11.2019 19:10:22;Exchange FQDNs;Info;Getting Autodiscover Hostname;
26.11.2019 19:10:22;Exchange FQDNs;Info;Autodiscover Hostname autodiscover.testdomain.com;
26.11.2019 19:10:22;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere External FQDN;
26.11.2019 19:10:22;Exchange FQDNs;Info;Exchange Outlook Anywhere External FQDN server.testdomain.com;
26.11.2019 19:10:22;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere Internal FQDN;
26.11.2019 19:10:23;Exchange FQDNs;Info;Exchange Outlook Anywhere Internal FQDN server.testdomain.com;
26.11.2019 19:10:23;Exchange FQDNs;Info;Getting Exchange OAB External FQDN;
26.11.2019 19:10:23;Exchange FQDNs;Info;Exchange OAB External FQDN server.testdomain.com;
26.11.2019 19:10:23;Exchange FQDNs;Info;Getting Exchange OAB Internal FQDN;
26.11.2019 19:10:24;Exchange FQDNs;Info;Exchange OAB Internal FQDN server.testdomain.com;
26.11.2019 19:10:24;Exchange FQDNs;Info;Getting Exchange EAS Internal FQDN;
26.11.2019 19:10:25;Exchange FQDNs;Info;Exchange EAS Internal FQDN server.testdomain.com;
26.11.2019 19:10:25;Exchange FQDNs;Info;Getting Exchange EAS External FQDN;
26.11.2019 19:10:25;Exchange FQDNs;Info;Exchange EAS External FQDN server.testdomain.com;
26.11.2019 19:10:25;Exchange FQDNs;Info;Getting Exchange EWS Internal FQDN;
26.11.2019 19:10:26;Exchange FQDNs;Info;Exchange EWS Internal FQDN server.testdomain.com;
26.11.2019 19:10:26;Exchange FQDNs;Info;Getting Exchange EWS External FQDN;
26.11.2019 19:10:27;Exchange FQDNs;Info;Exchange EWS External FQDN server.testdomain.com;
26.11.2019 19:10:27;Exchange FQDNs;Info;Getting Exchange ECP Internal FQDN;
26.11.2019 19:10:28;Exchange FQDNs;Info;Exchange EWS Internal FQDN server.testdomain.com;
26.11.2019 19:10:28;Exchange FQDNs;Info;Getting Exchange ECP External FQDN;
26.11.2019 19:10:29;Exchange FQDNs;Info;Exchange ECP External FQDN server.testdomain.com;
26.11.2019 19:10:29;Exchange FQDNs;Info;Getting Exchange OWA Internal FQDN;
26.11.2019 19:10:30;Exchange FQDNs;Info;Exchange OWA Internal FQDN server.testdomain.com;
26.11.2019 19:10:30;Exchange FQDNs;Info;Getting Exchange OWA External FQDN;
26.11.2019 19:10:30;Exchange FQDNs;Info;Exchange OWA ExternalFQDN server.testdomain.com;
26.11.2019 19:10:30;Exchange FQDNs;Info;Getting Exchange MAPI Internal FQDN;
26.11.2019 19:10:31;Exchange FQDNs;Info;Exchange MAPI Internal FQDN server.testdomain.com;
26.11.2019 19:10:31;Exchange FQDNs;Info;Getting Exchange MAPI External FQDN;
26.11.2019 19:10:31;Exchange FQDNs;Info;Exchange MAPI External FQDN server.testdomain.com;
26.11.2019 19:10:31;Exchange FQDNs;Info;Make them unique;
26.11.2019 19:10:31;Exchange FQDNs;Info;FQDNs are unique;
26.11.2019 19:10:31;LE System;Info;Setting LE Mode;
26.11.2019 19:10:31;LE System;Info;Setting LE Mode to PRODUCTION MODE (LIVE SYSTEM);
26.11.2019 19:10:31;LE System;Info;Checking for existing LE Account;
26.11.2019 19:10:31;LE System;Info;Found a existing LE Account;
26.11.2019 19:10:31;LE Certificate;Info;Trying to create a new order for a certificate;
26.11.2019 19:10:33;LE Certificate;Info;Successfully ordered certificate;
26.11.2019 19:10:33;LE System;Info;Creating Autorisation files for LE verification;
26.11.2019 19:10:33;LE System;Info;Asking LE to verify the order;
26.11.2019 19:10:34;LE System;Info;Successfully informed LE to verify the order;
26.11.2019 19:10:34;LE System;INFO;Let's give LE some time to validate;2 min
26.11.2019 19:12:34;LE System;INFO;Time to wake up, need coffee!;
26.11.2019 19:12:34;LE System;INFO;Let's check the authorization;
26.11.2019 19:12:35;LE System;INFO;Authorization for autodiscover.testdomain.com is valid;
26.11.2019 19:12:35;LE System;INFO;Authorization for server.testdomain.com is valid;
26.11.2019 19:12:35;LE System;INFO;Let's refresh the order;
26.11.2019 19:12:35;LE System;INFO;Let's check if order is ready;
26.11.2019 19:12:35;LE System;INFO;Order is ready;
26.11.2019 19:12:35;LE System;INFO;Let's get the certificate;
26.11.2019 19:12:38;LE System;INFO;Getting certificate was successfull. Thumbprint is 65BB7173382F689A5CAE7E0080D09657523D3693;
26.11.2019 19:12:38;LE System;INFO;Let's check if the PFX is present;
26.11.2019 19:12:38;Cert Export;Info;PFX 65BB7173382F689A5CAE7E0080D09657523D3693 verified successfully;
26.11.2019 19:12:38;LE System;INFO;CleanUp Mime Type;
26.11.2019 19:12:38;LE System;INFO;CleanUp successfull;
26.11.2019 19:12:38;Exchange;Info;Lets try to enable certificate for Exchange Server;
26.11.2019 19:12:38;Exchange;Info;Exchange Server Version: Version 15.1 (Build 1847.3);
26.11.2019 19:12:42;Exchange;Info;Successfully imported and enabled Certificate;
26.11.2019 19:12:42;SendMail;Info;E-Mail settings are disabled;
26.11.2019 19:12:42;End;Info;End of script;

2. Zertifikat erneuern:

TimeStamp;ScriptSection;Type;Message;ErrorDetails
28.11.2019 17:57:52;System;Info;Geting system parameters;
28.11.2019 17:57:53;System;Info;Certificate Assistant Exchange 2016 Version;
28.11.2019 17:57:53;System;Info;PowerShell Version: 5.1.14393.3053 OSVersion: 10.0.14393.0;
28.11.2019 17:57:53;Check Posh-ACME;Info;Check if Module installed;
28.11.2019 17:57:53;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
28.11.2019 17:57:54;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 3.11.0;
28.11.2019 17:57:54;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
28.11.2019 17:57:55;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
28.11.2019 17:57:55;IIS;Info;Trying to create .Well-Known Directory;
28.11.2019 17:57:56;IIS;Info;Well-Known Folder already exists, skipping;
28.11.2019 17:57:57;IIS;Info;Changing Let's Encrypt IIS directory to http;
28.11.2019 17:58:03;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
28.11.2019 17:58:04;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
28.11.2019 17:58:04;IIS;Info;.well-known directory accepts http;
28.11.2019 17:58:05;Exchange FQDNs;Info;Getting Exchange FQDNs;
28.11.2019 17:58:05;Exchange FQDNs;Info;Getting local Exchange Server Name;
28.11.2019 17:58:13;Exchange FQDNs;Info;Local Exchange Name EXCHANGE16;
28.11.2019 17:58:13;Exchange FQDNs;Info;Getting Autodiscover Hostname;
28.11.2019 17:58:13;Exchange FQDNs;Info;Autodiscover Hostname autodiscover.testdomain.com;
28.11.2019 17:58:13;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere External FQDN;
28.11.2019 17:58:15;Exchange FQDNs;Info;Exchange Outlook Anywhere External FQDN server.testdomain.com;
28.11.2019 17:58:15;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere Internal FQDN;
28.11.2019 17:58:17;Exchange FQDNs;Info;Exchange Outlook Anywhere Internal FQDN server.testdomain.com;
28.11.2019 17:58:17;Exchange FQDNs;Info;Getting Exchange OAB External FQDN;
28.11.2019 17:58:20;Exchange FQDNs;Info;Exchange OAB External FQDN server.testdomain.com;
28.11.2019 17:58:20;Exchange FQDNs;Info;Getting Exchange OAB Internal FQDN;
28.11.2019 17:58:26;Exchange FQDNs;Info;Exchange OAB Internal FQDN server.testdomain.com;
28.11.2019 17:58:26;Exchange FQDNs;Info;Getting Exchange EAS Internal FQDN;
28.11.2019 17:58:27;Exchange FQDNs;Info;Exchange EAS Internal FQDN server.testdomain.com;
28.11.2019 17:58:27;Exchange FQDNs;Info;Getting Exchange EAS External FQDN;
28.11.2019 17:58:28;Exchange FQDNs;Info;Exchange EAS External FQDN server.testdomain.com;
28.11.2019 17:58:28;Exchange FQDNs;Info;Getting Exchange EWS Internal FQDN;
28.11.2019 17:58:29;Exchange FQDNs;Info;Exchange EWS Internal FQDN server.testdomain.com;
28.11.2019 17:58:29;Exchange FQDNs;Info;Getting Exchange EWS External FQDN;
28.11.2019 17:58:30;Exchange FQDNs;Info;Exchange EWS External FQDN server.testdomain.com;
28.11.2019 17:58:30;Exchange FQDNs;Info;Getting Exchange ECP Internal FQDN;
28.11.2019 17:58:51;Exchange FQDNs;Info;Exchange EWS Internal FQDN server.testdomain.com;
28.11.2019 17:58:51;Exchange FQDNs;Info;Getting Exchange ECP External FQDN;
28.11.2019 17:59:03;Exchange FQDNs;Info;Exchange ECP External FQDN server.testdomain.com;
28.11.2019 17:59:03;Exchange FQDNs;Info;Getting Exchange OWA Internal FQDN;
28.11.2019 17:59:08;Exchange FQDNs;Info;Exchange OWA Internal FQDN server.testdomain.com;
28.11.2019 17:59:08;Exchange FQDNs;Info;Getting Exchange OWA External FQDN;
28.11.2019 17:59:09;Exchange FQDNs;Info;Exchange OWA ExternalFQDN server.testdomain.com;
28.11.2019 17:59:09;Exchange FQDNs;Info;Getting Exchange MAPI Internal FQDN;
28.11.2019 17:59:11;Exchange FQDNs;Info;Exchange MAPI Internal FQDN server.testdomain.com;
28.11.2019 17:59:11;Exchange FQDNs;Info;Getting Exchange MAPI External FQDN;
28.11.2019 17:59:13;Exchange FQDNs;Info;Exchange MAPI External FQDN server.testdomain.com;
28.11.2019 17:59:13;Exchange FQDNs;Info;Make them unique;
28.11.2019 17:59:13;Exchange FQDNs;Info;FQDNs are unique;
28.11.2019 17:59:13;LE System;Info;Setting LE Mode;
28.11.2019 17:59:13;LE System;Info;Setting LE Mode to PRODUCTION MODE (LIVE SYSTEM);
28.11.2019 17:59:13;LE System;Info;Checking for existing LE Account;
28.11.2019 17:59:13;LE System;Info;Found a existing LE Account;
28.11.2019 17:59:13;LE Certificate;Info;Trying to create a new order for a certificate;
28.11.2019 17:59:27;LE Certificate;Info;Successfully ordered certificate;
28.11.2019 17:59:27;LE System;Info;Creating Autorisation files for LE verification;
28.11.2019 17:59:28;LE System;Info;Asking LE to verify the order;
28.11.2019 17:59:28;LE System;Info;Successfully informed LE to verify the order;
28.11.2019 17:59:28;LE System;INFO;Let's give LE some time to validate;2 min
28.11.2019 18:01:28;LE System;INFO;Time to wake up, need coffee!;
28.11.2019 18:01:28;LE System;INFO;Let's check the authorization;
28.11.2019 18:01:29;LE System;INFO;Authorization for autodiscover.testdomain.com is valid;
28.11.2019 18:01:29;LE System;INFO;Authorization for server.testdomain.com is valid;
28.11.2019 18:01:29;LE System;INFO;Let's refresh the order;
28.11.2019 18:01:29;LE System;INFO;Let's check if order is ready;
28.11.2019 18:01:29;LE System;INFO;Order is ready;
28.11.2019 18:01:29;LE System;INFO;Let's get the certificate;
28.11.2019 18:01:32;LE System;INFO;Getting certificate was successfull. Thumbprint is 8EA34342D71A7FF0976BB5410A102AD426F9D568;
28.11.2019 18:01:32;LE System;INFO;Let's check if the PFX is present;
28.11.2019 18:01:32;Cert Export;Info;PFX 8EA34342D71A7FF0976BB5410A102AD426F9D568 verified successfully;
28.11.2019 18:01:32;LE System;INFO;CleanUp Mime Type;
28.11.2019 18:01:32;LE System;INFO;CleanUp successfull;
28.11.2019 18:01:32;Exchange;Info;Lets try to enable certificate for Exchange Server;
28.11.2019 18:01:32;Exchange;Info;Exchange Server Version: Version 15.1 (Build 1847.3);
28.11.2019 18:01:38;Exchange;Info;Successfully imported and enabled Certificate;
28.11.2019 18:01:38;SendMail;Info;E-Mail settings are disabled;
28.11.2019 18:01:38;End;Info;End of script;

Weiterhin habe ich das Skript auf einem Server 2019 / Exchange 2019 CU3 probiert. Auf diesem System lief es sofort fehlerfrei.

Log vom Server 2019 / Exchange 19

TimeStamp;ScriptSection;Type;Message;ErrorDetails
27.11.2019 12:51:59;System;Info;Geting system parameters;
27.11.2019 12:51:59;System;Info;Certificate Assistant Exchange 2016 Version;
27.11.2019 12:51:59;System;Info;PowerShell Version: 5.1.17763.771 OSVersion: 10.0.17763.0;
27.11.2019 12:51:59;Check Posh-ACME;Info;Check if Module installed;
27.11.2019 12:51:59;Check Posh-ACME;Warning;Posh-ACME not installed, try to install it;
27.11.2019 12:51:59;Check Posh-ACME;Info;Using Windows Server 2016 installation method;
27.11.2019 12:52:12;Check Posh-ACME;Info;Installation successfull;
27.11.2019 12:52:12;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
27.11.2019 12:52:15;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 3.11.0;
27.11.2019 12:52:15;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
27.11.2019 12:52:17;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
27.11.2019 12:52:17;IIS;Info;Trying to create .Well-Known Directory;
27.11.2019 12:52:23;IIS;Info;Successfully created .Well-Known Directory;
27.11.2019 12:52:23;IIS;Info;Changing Let's Encrypt IIS directory to http;
27.11.2019 12:52:24;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
27.11.2019 12:52:24;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
27.11.2019 12:52:24;IIS;Info;.well-known directory accepts http;
27.11.2019 12:52:24;Exchange FQDNs;Info;Getting Exchange FQDNs;
27.11.2019 12:52:24;Exchange FQDNs;Info;Getting local Exchange Server Name;
27.11.2019 12:52:29;Exchange FQDNs;Info;Local Exchange Name EXCHANGE;
27.11.2019 12:52:29;Exchange FQDNs;Info;Getting Autodiscover Hostname;
27.11.2019 12:52:29;Exchange FQDNs;Info;Autodiscover Hostname autodiscover.domain1.com;
27.11.2019 12:52:29;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere External FQDN;
27.11.2019 12:52:30;Exchange FQDNs;Info;Exchange Outlook Anywhere External FQDN server.domain1.com;
27.11.2019 12:52:30;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere Internal FQDN;
27.11.2019 12:52:31;Exchange FQDNs;Info;Exchange Outlook Anywhere Internal FQDN server.domain1.com;
27.11.2019 12:52:31;Exchange FQDNs;Info;Getting Exchange OAB External FQDN;
27.11.2019 12:52:33;Exchange FQDNs;Info;Exchange OAB External FQDN server.domain1.com;
27.11.2019 12:52:33;Exchange FQDNs;Info;Getting Exchange OAB Internal FQDN;
27.11.2019 12:52:35;Exchange FQDNs;Info;Exchange OAB Internal FQDN server.domain1.com;
27.11.2019 12:52:35;Exchange FQDNs;Info;Getting Exchange EAS Internal FQDN;
27.11.2019 12:52:37;Exchange FQDNs;Info;Exchange EAS Internal FQDN server.domain1.com;
27.11.2019 12:52:37;Exchange FQDNs;Info;Getting Exchange EAS External FQDN;
27.11.2019 12:53:23;System;Info;Geting system parameters;
27.11.2019 12:53:23;System;Info;Certificate Assistant Exchange 2016 Version;
27.11.2019 12:53:23;System;Info;PowerShell Version: 5.1.17763.771 OSVersion: 10.0.17763.0;
27.11.2019 12:53:23;Check Posh-ACME;Info;Check if Module installed;
27.11.2019 12:53:23;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
27.11.2019 12:53:23;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 3.11.0;
27.11.2019 12:53:23;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
27.11.2019 12:53:23;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
27.11.2019 12:53:24;IIS;Info;Trying to create .Well-Known Directory;
27.11.2019 12:53:24;IIS;Info;Well-Known Folder already exists, skipping;
27.11.2019 12:53:24;IIS;Info;Eroor Creating and enabling Well-Known Folder: Dateiname:
Fehler: Doppelter Auflistungseintrag vom Typ "mimeMap" mit auf "." festgelegtem eindeutigen Schlüsselattribut "fileExtension" kann nicht hinzugefügt werden.

;
27.11.2019 12:53:24;IIS;Info;Changing Let's Encrypt IIS directory to http;
27.11.2019 12:53:24;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
27.11.2019 12:53:24;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
27.11.2019 12:53:24;IIS;Info;.well-known directory accepts http;
27.11.2019 12:53:24;Custom FQDNs;Info;Using Custom FQDNs is configured;
27.11.2019 12:53:24;LE System;Info;Setting LE Mode;
27.11.2019 12:53:25;LE System;Info;Setting LE Mode to STAGE MODE (TESTING ONLY);
27.11.2019 12:53:25;LE System;Info;Checking for existing LE Account;
27.11.2019 12:53:25;LE System;Warning;No LE Account was found, creating a new one;
27.11.2019 12:53:26;LE Certificate;Info;Trying to create a new order for a certificate;
27.11.2019 12:53:28;LE Certificate;Info;Successfully ordered certificate;
27.11.2019 12:53:28;LE System;Info;Creating Autorisation files for LE verification;
27.11.2019 12:53:29;LE System;Info;Asking LE to verify the order;
27.11.2019 12:53:29;LE System;Info;Successfully informed LE to verify the order;
27.11.2019 12:53:29;LE System;INFO;Let's give LE some time to validate;2 min
27.11.2019 12:55:29;LE System;INFO;Time to wake up, need coffee!;
27.11.2019 12:55:29;LE System;INFO;Let's check the authorization;
27.11.2019 12:55:31;LE System;INFO;Authorization for server.domain1.com is valid;
27.11.2019 12:55:31;LE System;INFO;Authorization for server.domain2.com is valid;
27.11.2019 12:55:31;LE System;INFO;Authorization for autodiscover.domain1.com is valid;
27.11.2019 12:55:31;LE System;INFO;Authorization for autodiscover.domain2.com is valid;
27.11.2019 12:55:31;LE System;INFO;Let's refresh the order;
27.11.2019 12:55:31;LE System;INFO;Let's check if order is ready;
27.11.2019 12:55:31;LE System;INFO;Order is ready;
27.11.2019 12:55:31;LE System;INFO;Let's get the certificate;
27.11.2019 12:55:35;LE System;INFO;Getting certificate was successfull. Thumbprint is A864A8A62BD947BEF6F4A30C8F076D262FBDF7F2;
27.11.2019 12:55:35;LE System;INFO;Let's check if the PFX is present;
27.11.2019 12:55:35;Cert Export;Info;PFX A864A8A62BD947BEF6F4A30C8F076D262FBDF7F2 verified successfully;
27.11.2019 12:55:35;LE System;INFO;CleanUp Mime Type;
27.11.2019 12:55:35;LE System;INFO;CleanUp successfull;
27.11.2019 12:55:35;Exchange;Info;Lets try to enable certificate for Exchange Server;
27.11.2019 12:55:35;Exchange;Info;Exchange Server Version: Version 15.2 (Build 464.5);
27.11.2019 12:55:39;Exchange;Info;Successfully imported and enabled Certificate;
27.11.2019 12:55:39;SendMail;Info;E-Mail settings are disabled;
27.11.2019 12:55:39;End;Info;End of script;
27.11.2019 12:56:16;System;Info;Geting system parameters;
27.11.2019 12:56:16;System;Info;Certificate Assistant Exchange 2016 Version;
27.11.2019 12:56:16;System;Info;PowerShell Version: 5.1.17763.771 OSVersion: 10.0.17763.0;
27.11.2019 12:56:16;Check Posh-ACME;Info;Check if Module installed;
27.11.2019 12:56:16;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
27.11.2019 12:56:16;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 3.11.0;
27.11.2019 12:56:16;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
27.11.2019 12:56:16;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
27.11.2019 12:56:16;IIS;Info;Trying to create .Well-Known Directory;
27.11.2019 12:56:16;IIS;Info;Well-Known Folder already exists, skipping;
27.11.2019 12:56:17;IIS;Info;Changing Let's Encrypt IIS directory to http;
27.11.2019 12:56:18;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
27.11.2019 12:56:18;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
27.11.2019 12:56:18;IIS;Info;.well-known directory accepts http;
27.11.2019 12:56:18;Custom FQDNs;Info;Using Custom FQDNs is configured;
27.11.2019 12:56:18;LE System;Info;Setting LE Mode;
27.11.2019 12:56:21;LE System;Info;Setting LE Mode to PRODUCTION MODE (LIVE SYSTEM);
27.11.2019 12:56:22;LE System;Info;Checking for existing LE Account;
27.11.2019 12:56:23;LE System;Warning;No LE Account was found, creating a new one;
27.11.2019 12:56:25;LE Certificate;Info;Trying to create a new order for a certificate;
27.11.2019 12:56:27;LE Certificate;Info;Successfully ordered certificate;
27.11.2019 12:56:27;LE System;Info;Creating Autorisation files for LE verification;
27.11.2019 12:56:29;LE System;Info;Asking LE to verify the order;
27.11.2019 12:56:30;LE System;Info;Successfully informed LE to verify the order;
27.11.2019 12:56:30;LE System;INFO;Let's give LE some time to validate;2 min
27.11.2019 12:58:30;LE System;INFO;Time to wake up, need coffee!;
27.11.2019 12:58:30;LE System;INFO;Let's check the authorization;
27.11.2019 12:58:31;LE System;INFO;Authorization for server.domain1.com is valid;
27.11.2019 12:58:31;LE System;INFO;Authorization for server.domain2.com is valid;
27.11.2019 12:58:31;LE System;INFO;Authorization for autodiscover.domain1.com is valid;
27.11.2019 12:58:31;LE System;INFO;Authorization for autodiscover.domain2.com is valid;
27.11.2019 12:58:31;LE System;INFO;Let's refresh the order;
27.11.2019 12:58:31;LE System;INFO;Let's check if order is ready;
27.11.2019 12:58:31;LE System;INFO;Order is ready;
27.11.2019 12:58:31;LE System;INFO;Let's get the certificate;
27.11.2019 12:58:34;LE System;INFO;Getting certificate was successfull. Thumbprint is 11A21ACDE464D80EE5CD4B24817651D8A384E401;
27.11.2019 12:58:34;LE System;INFO;Let's check if the PFX is present;
27.11.2019 12:58:34;Cert Export;Info;PFX 11A21ACDE464D80EE5CD4B24817651D8A384E401 verified successfully;
27.11.2019 12:58:34;LE System;INFO;CleanUp Mime Type;
27.11.2019 12:58:34;LE System;INFO;CleanUp successfull;
27.11.2019 12:58:34;Exchange;Info;Lets try to enable certificate for Exchange Server;
27.11.2019 12:58:34;Exchange;Info;Exchange Server Version: Version 15.2 (Build 464.5);
27.11.2019 12:58:36;Exchange;Info;Successfully imported and enabled Certificate;
27.11.2019 12:58:36;SendMail;Info;E-Mail settings are disabled;
27.11.2019 12:58:36;End;Info;End of script;

Ich hoffe, dass hilft dir weiter

Gruß

Wolfgang

Frank Zöchling

(@franky)

Honorable Member Admin

Beigetreten: Vor 15 Jahren

Beiträge: 512

28. November 2019 20:12

@wolfidw

Hi,

vielen Dank für den ausführlichen Test. Das sieht ja schon mal ganz ordentlich aus. Der Fehler hier:

26.11.2019 19:10:21;IIS;Info;Eroor Creating and enabling Well-Known Folder: Dateiname:
Fehler: Doppelter Auflistungseintrag vom Typ "mimeMap" mit auf "." festgelegtem eindeutigen Schlüsselattribut "fileExtension" kann nicht hinzugefügt werden.

... ist nicht weiter kritisch. Ich baue da aber noch eine Fehlerbehandlung ein. Den Logs nach, sollte ja in beiden Fällen das Zertifikat sauber installiert worden sein,

Dann ist es ja nahezu bereit für die Veröffentlichung :-)

Gruß,

Frank

Tweety_2000

(@tweety_2000)

Active Member

Beigetreten: Vor 5 Jahren

Beiträge: 5

4. Dezember 2019 10:43

Hallo,

anbei mein Log.

Port 443 und 80 offen auf den Exchange.

Server 2019 mit EX2019 und aktuellster Patchlevel

Spoiler

LOG

PS C:\> .\CertificateAssistant_v3_EX2019.ps1
04.12.2019 08:08:44 - System - Info - Geting system parameters
04.12.2019 08:08:44 - System - Info - Certificate Assistant Exchange 2019 Version
04.12.2019 08:08:44 - System - Info - PowerShell Version: 5.1.17763.771 OSVersion: 10.0.17763.0
04.12.2019 08:08:44 - Check Posh-ACME - Info - Check if Module installed
04.12.2019 08:08:44 - Load Posh-ACME - Info - Posh-ACME is installed, try to load it
04.12.2019 08:08:46 - Load Posh-ACME - Info - Module Import was successfull, PoshACMEVersion 3.11.0
04.12.2019 08:08:46 - Load Exchange SnapIns - Info - Try to load Exchange SnapIns
04.12.2019 08:08:48 - Load Exchange SnapIns - Info - Sucessfully loaded Exchange SnapIns
04.12.2019 08:08:48 - IIS - Info - Trying to create .Well-Known Directory
04.12.2019 08:08:48 - IIS - Info - Well-Known Folder already exists, skipping
04.12.2019 08:08:48 - IIS - Warning - Mime Type was not added to Well-Known folder, maybe it was already added
04.12.2019 08:08:48 - IIS - Info - Changing Let's Encrypt IIS directory to http
04.12.2019 08:08:48 - IIS - Info - Successfully changed Let's Encrypt IIS directory to http
04.12.2019 08:08:49 - IIS - Info - Checking Let's Encrypt IIS directory to accept validation by http request
04.12.2019 08:08:49 - IIS - Info - .well-known directory accepts http
04.12.2019 08:08:49 - Exchange FQDNs - Info - Getting Exchange FQDNs
04.12.2019 08:08:49 - Exchange FQDNs - Info - Getting local Exchange Server Name
04.12.2019 08:08:53 - Exchange FQDNs - Info - Local Exchange Name EXCHANGE
04.12.2019 08:08:53 - Exchange FQDNs - Info - Getting Autodiscover Hostname
04.12.2019 08:08:53 - Exchange FQDNs - Info - Autodiscover Hostname autodiscover.pcspezialist-regensburg.de
04.12.2019 08:08:53 - Exchange FQDNs - Info - Getting Exchange Outlook Anywhere External FQDN
04.12.2019 08:08:54 - Exchange FQDNs - Info - Exchange Outlook Anywhere External FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:08:54 - Exchange FQDNs - Info - Getting Exchange Outlook Anywhere Internal FQDN
04.12.2019 08:08:55 - Exchange FQDNs - Info - Exchange Outlook Anywhere Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:08:55 - Exchange FQDNs - Info - Getting Exchange OAB External FQDN
04.12.2019 08:08:57 - Exchange FQDNs - Info - Exchange OAB External FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:08:57 - Exchange FQDNs - Info - Getting Exchange OAB Internal FQDN
04.12.2019 08:08:58 - Exchange FQDNs - Info - Exchange OAB Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:08:58 - Exchange FQDNs - Info - Getting Exchange EAS Internal FQDN
04.12.2019 08:09:00 - Exchange FQDNs - Info - Exchange EAS Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:00 - Exchange FQDNs - Info - Getting Exchange EAS External FQDN
04.12.2019 08:09:01 - Exchange FQDNs - Info - Exchange EAS External FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:01 - Exchange FQDNs - Info - Getting Exchange EWS Internal FQDN
04.12.2019 08:09:02 - Exchange FQDNs - Info - Exchange EWS Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:02 - Exchange FQDNs - Info - Getting Exchange EWS External FQDN
04.12.2019 08:09:04 - Exchange FQDNs - Info - Exchange EWS External FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:04 - Exchange FQDNs - Info - Getting Exchange ECP Internal FQDN
04.12.2019 08:09:06 - Exchange FQDNs - Info - Exchange EWS Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:06 - Exchange FQDNs - Info - Getting Exchange ECP External FQDN
04.12.2019 08:09:07 - Exchange FQDNs - Info - Exchange ECP External FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:07 - Exchange FQDNs - Info - Getting Exchange OWA Internal FQDN
04.12.2019 08:09:09 - Exchange FQDNs - Info - Exchange OWA Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:09 - Exchange FQDNs - Info - Getting Exchange OWA External FQDN
04.12.2019 08:09:10 - Exchange FQDNs - Info - Exchange OWA ExternalFQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:10 - Exchange FQDNs - Info - Getting Exchange MAPI Internal FQDN
04.12.2019 08:09:11 - Exchange FQDNs - Info - Exchange MAPI Internal FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:11 - Exchange FQDNs - Info - Getting Exchange MAPI External FQDN
04.12.2019 08:09:12 - Exchange FQDNs - Info - Exchange MAPI External FQDN mail.pcspezialist-regensburg.de
04.12.2019 08:09:12 - Exchange FQDNs - Info - Make them unique
04.12.2019 08:09:12 - Exchange FQDNs - Info - FQDNs are unique
04.12.2019 08:09:12 - LE System - Info - Setting LE Mode
04.12.2019 08:09:12 - LE System - Info - Setting LE Mode to PRODUCTION MODE (LIVE SYSTEM)
04.12.2019 08:09:12 - LE System - Info - Checking for existing LE Account
04.12.2019 08:09:12 - LE System - Info - Found a existing LE Account
04.12.2019 08:09:12 - LE Certificate - Info - Trying to create a new order for a certificate
04.12.2019 08:09:14 - LE Certificate - Info - Successfully ordered certificate
04.12.2019 08:09:14 - LE System - Info - Creating Autorisation files for LE verification
04.12.2019 08:09:15 - LE System - Info - Asking LE to verify the order
04.12.2019 08:09:16 - LE System - Info - Successfully informed LE to verify the order
04.12.2019 08:09:16 - LE System - INFO - Let's give LE some time to validate (1 min)
04.12.2019 08:10:16 - LE System - INFO - Time to wake up, need coffee!
04.12.2019 08:10:16 - LE System - INFO - Let's check the authorization
04.12.2019 08:10:17 - LE System - INFO - Authorization for autodiscover.pcspezialist-regensburg.de is valid
04.12.2019 08:10:17 - LE System - INFO - Authorization for mail.pcspezialist-regensburg.de is valid
04.12.2019 08:10:17 - LE System - INFO - Let's refresh the order
04.12.2019 08:10:18 - LE System - INFO - Let's check if order is ready
04.12.2019 08:10:18 - LE System - ERROR - Order is NOT ready
PS C:\>

Frank Zöchling

(@franky)

Honorable Member Admin

Beigetreten: Vor 15 Jahren

Beiträge: 512

4. Dezember 2019 20:15

Servus,

kannst du mal bitte die Ausgabe von folgenden Befehl schicken?

get-paorder | Get-PAAuthorizations

Gruß,

Frank

Roman_Wien

(@werom-edv)

Estimable Member

Beigetreten: Vor 5 Jahren

Beiträge: 184

4. Dezember 2019 23:53

@tweety_2000

Hi,

was bekommst du, wenn du folgende Seite am Exchange-Server besuchst?

http://127.0.0.1/.well-known/acme-challenge/

Lg, Roman

pmi

(@pmi)

New Member

Beigetreten: Vor 5 Jahren

Beiträge: 4

5. Dezember 2019 10:31

Vielen Dank für die tolle Arbeit!

Leider erhalte ich immer noch den gleichen Fehler. Hier das Log:

TimeStamp;ScriptSection;Type;Message;ErrorDetails
05.12.2019 10:16:10;System;Info;Geting system parameters;
05.12.2019 10:16:10;System;Info;Certificate Assistant Exchange 2016 Version;
05.12.2019 10:16:10;System;Info;PowerShell Version: 5.1.14393.3053 OSVersion: 10.0.14393.0;
05.12.2019 10:16:10;Check Posh-ACME;Info;Check if Module installed;
05.12.2019 10:16:10;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
05.12.2019 10:16:11;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 3.11.0;
05.12.2019 10:16:11;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
05.12.2019 10:16:11;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
05.12.2019 10:16:11;IIS;Info;Trying to create .Well-Known Directory;
05.12.2019 10:16:11;IIS;Info;Well-Known Folder already exists, skipping;
05.12.2019 10:16:11;IIS;Warning;Mime Type was not added to Well-Known folder, maybe it was already added;
05.12.2019 10:16:11;IIS;Info;Changing Let's Encrypt IIS directory to http;
05.12.2019 10:16:11;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
05.12.2019 10:16:11;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
05.12.2019 10:16:11;IIS;Info;.well-known directory accepts http;
05.12.2019 10:16:11;Exchange FQDNs;Info;Getting Exchange FQDNs;
05.12.2019 10:16:11;Exchange FQDNs;Info;Getting local Exchange Server Name;
05.12.2019 10:16:11;Exchange FQDNs;Info;Local Exchange Name EXCH2016;
05.12.2019 10:16:11;Exchange FQDNs;Info;Getting Autodiscover Hostname;
05.12.2019 10:16:11;Exchange FQDNs;Info;Autodiscover Hostname autodiscover.domain.tld;
05.12.2019 10:16:11;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere External FQDN;
05.12.2019 10:16:13;Exchange FQDNs;Info;Exchange Outlook Anywhere External FQDN mail.domain.tld;
05.12.2019 10:16:13;Exchange FQDNs;Info;Getting Exchange Outlook Anywhere Internal FQDN;
05.12.2019 10:16:14;Exchange FQDNs;Info;Exchange Outlook Anywhere Internal FQDN mail.domain.tld;
05.12.2019 10:16:14;Exchange FQDNs;Info;Getting Exchange OAB External FQDN;
05.12.2019 10:16:16;Exchange FQDNs;Info;Exchange OAB External FQDN mail.domain.tld;
05.12.2019 10:16:16;Exchange FQDNs;Info;Getting Exchange OAB Internal FQDN;
05.12.2019 10:16:17;Exchange FQDNs;Info;Exchange OAB Internal FQDN exch2016.lan.domain.tld;
05.12.2019 10:16:17;Exchange FQDNs;Info;Getting Exchange EAS Internal FQDN;
05.12.2019 10:16:19;Exchange FQDNs;Info;Exchange EAS Internal FQDN exch2016.lan.domain.tld;
05.12.2019 10:16:19;Exchange FQDNs;Info;Getting Exchange EAS External FQDN;
05.12.2019 10:16:21;Exchange FQDNs;Info;Exchange EAS External FQDN mail.domain.tld;
05.12.2019 10:16:21;Exchange FQDNs;Info;Getting Exchange EWS Internal FQDN;
05.12.2019 10:16:23;Exchange FQDNs;Info;Exchange EWS Internal FQDN exch2016.lan.domain.tld;
05.12.2019 10:16:23;Exchange FQDNs;Info;Getting Exchange EWS External FQDN;
05.12.2019 10:16:25;Exchange FQDNs;Info;Exchange EWS External FQDN mail.domain.tld;
05.12.2019 10:16:25;Exchange FQDNs;Info;Getting Exchange ECP Internal FQDN;
05.12.2019 10:16:27;Exchange FQDNs;Info;Exchange EWS Internal FQDN exch2016.lan.domain.tld;
05.12.2019 10:16:27;Exchange FQDNs;Info;Getting Exchange ECP External FQDN;
05.12.2019 10:16:29;Exchange FQDNs;Info;Exchange ECP External FQDN mail.domain.tld;
05.12.2019 10:16:29;Exchange FQDNs;Info;Getting Exchange OWA Internal FQDN;
05.12.2019 10:16:31;Exchange FQDNs;Info;Exchange OWA Internal FQDN exch2016.lan.domain.tld;
05.12.2019 10:16:31;Exchange FQDNs;Info;Getting Exchange OWA External FQDN;
05.12.2019 10:16:33;Exchange FQDNs;Info;Exchange OWA ExternalFQDN mail.domain.tld;
05.12.2019 10:16:33;Exchange FQDNs;Info;Getting Exchange MAPI Internal FQDN;
05.12.2019 10:16:34;Exchange FQDNs;Info;Exchange MAPI Internal FQDN exch2016.lan.domain.tld;
05.12.2019 10:16:34;Exchange FQDNs;Info;Getting Exchange MAPI External FQDN;
05.12.2019 10:16:35;Exchange FQDNs;Info;Exchange MAPI External FQDN mail.domain.tld;
05.12.2019 10:16:35;Exchange FQDNs;Info;Make them unique;
05.12.2019 10:16:35;Exchange FQDNs;Info;FQDNs are unique;
05.12.2019 10:16:35;LE System;Info;Setting LE Mode;
05.12.2019 10:16:35;LE System;Info;Setting LE Mode to PRODUCTION MODE (LIVE SYSTEM);
05.12.2019 10:16:35;LE System;Info;Checking for existing LE Account;
05.12.2019 10:16:35;LE System;Info;Found a existing LE Account;
05.12.2019 10:16:35;LE Certificate;Info;Trying to create a new order for a certificate;
05.12.2019 10:16:37;LE Certificate;Info;Successfully ordered certificate;
05.12.2019 10:16:37;LE System;Info;Creating Autorisation files for LE verification;
05.12.2019 10:16:38;LE System;Info;Asking LE to verify the order;
05.12.2019 10:16:39;LE System;Info;Successfully informed LE to verify the order;
05.12.2019 10:16:39;LE System;INFO;Let's give LE some time to validate (1 min);1 min
05.12.2019 10:17:39;LE System;INFO;Time to wake up, need coffee!;
05.12.2019 10:17:39;LE System;INFO;Let's check the authorization;
05.12.2019 10:17:40;LE System;INFO;Authorization for autodiscover.domain.tld is valid;
05.12.2019 10:17:40;LE System;INFO;Authorization for mail.domain.tld is valid;
05.12.2019 10:17:40;LE System;INFO;Authorization for exch2016.lan.domain.tld is valid;
05.12.2019 10:17:40;LE System;INFO;Let's refresh the order;
05.12.2019 10:17:40;LE System;INFO;Let's check if order is ready;
05.12.2019 10:17:40;LE System;ERROR;Order is NOT ready;

Bin dankbar für jede Hilfe.

Roman_Wien

(@werom-edv)

Estimable Member

Beigetreten: Vor 5 Jahren

Beiträge: 184

5. Dezember 2019 10:49

@pmi

Hi pmi!

http://127.0.0.1/.well-known/acme-challenge/

was kommt im Internet Explorer bei dir?

Frank Zöchling

(@franky)

Honorable Member Admin

Beigetreten: Vor 15 Jahren

Beiträge: 512

5. Dezember 2019 20:12

Hi,

bitte schickt auch einmal die Aussgabe von den folgenden Befehlen:

get-paorder | Get-PAAuthorizations

und

get-paorder | fl

Danke,

Frank

Tweety_2000

(@tweety_2000)

Active Member

Beigetreten: Vor 5 Jahren

Beiträge: 5

5. Dezember 2019 20:50

Namen dazu wären super.

Wer es machen soll

Frank Zöchling

(@franky)

Honorable Member Admin

Beigetreten: Vor 15 Jahren

Beiträge: 512

5. Dezember 2019 20:51

@tweety_2000

Am besten alle die Probleme mit dem Script haben :-)

Tweety_2000

(@tweety_2000)

Active Member

Beigetreten: Vor 5 Jahren

Beiträge: 5

5. Dezember 2019 21:07

Spoiler

Get-PAAuthorizations

[PS] C:\Windows\system32>get-paorder | Get-PAAuthorizations

fqdn status Expires DNS01Status HTTP01Status
---- ------ ------- ----------- ------------
autodiscover.pcspezialist-regensburg.de invalid 11.12.2019 08:09:13 invalid invalid
mail.pcspezialist-regensburg.de valid 09.01.2020 10:19:45 pending valid

Spoiler

[PS] C:\Windows\system32>get-paorder | fl

status : invalid
expires : 2019-12-11T07:09:13Z
identifiers : {@{value=autodiscover.pcspezialist-regensburg.de; type=dns},
@{value=mail.pcspezialist-regensburg.de; type=dns}}
authorizations : { https://acme-v02.api.letsencrypt.org/acme/authz-v3/1540963484,
https://acme-v02.api.letsencrypt.org/acme/authz-v3/1525834394}
finalize : https://acme-v02.api.letsencrypt.org/acme/finalize/73021822/1668056758
MainDomain : autodiscover.pcspezialist-regensburg.de
SANs : {mail.pcspezialist-regensburg.de}
KeyLength : 2048
CertExpires :
RenewAfter :
OCSPMustStaple : False
DnsPlugin :
DnsAlias :
DnsSleep : 120
ValidationTimeout : 60
FriendlyName : autodiscover.pcspezialist-regensburg.de
PfxPass : xxxxxxx (hab ich ausgext)
Install : False
certificate :
location : https://acme-v02.api.letsencrypt.org/acme/order/73021822/1668056758

Frank Zöchling

(@franky)

Honorable Member Admin

Beigetreten: Vor 15 Jahren

Beiträge: 512

5. Dezember 2019 21:21

@tweety_2000

Hi,

die Challange für mail. konnte erfolgreich validiert werden (per IPv4). Die Challange für Autodiscover konnte allerdings nicht durch LE validiert werden. Hier hat LE versucht IPv6 zu nutzen. mail hat nur einen A-Record mit einer IPv4 Adresse, autodiscover hat allerdings zusätzlich eine IPv6 Adresse (AAAA-Record von Strato). Unter der IPv6 Adresse ist der IIS aber nicht erreichbar, daher schlägt die Validierung fehl.

Gruß,

Frank

Tweety_2000

(@tweety_2000)

Active Member

Beigetreten: Vor 5 Jahren

Beiträge: 5

5. Dezember 2019 21:26

Auch. Super danke.

Dann werd ich die IPv6 mal raus und teste erneut.

pmi

(@pmi)

New Member

Beigetreten: Vor 5 Jahren

Beiträge: 4

5. Dezember 2019 23:07

@franky

Spoiler

get-paorder | Get-PAAuthorizations

PS C:\CertificateAssistant\CertificateAssistant_v3\LetsEncrypt\Exchange 2016> get-paorder | Get-PAAuthorizations
Invoke-ACME : Es ist nicht möglich, eine Methode für einen Ausdruck aufzurufen, der den NULL hat.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:45 Zeichen:29
+ ... $response = Invoke-ACME $header ([String]::Empty) $acct -EA Stop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Invoke-ACME], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull,Invoke-ACME

Es ist nicht möglich, eine Methode für einen Ausdruck aufzurufen, der den NULL hat.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:54 Zeichen:13
+ $auth.PSObject.TypeNames.Insert(0,'PoshACME.PAAuthorizati ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

Die Eigenschaft "expires" wurde für dieses Objekt nicht gefunden. Vergewissern Sie sich, dass die Eigenschaft vorhanden ist und festgelegt werden kann.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:58 Zeichen:13
+ $auth.expires = Repair-ISODate $auth.expires
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:61 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'DNSId' -Value ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:62 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'fqdn' -Value " ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:63 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'location' -Val ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:67 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'DNS01Status' - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:68 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'DNS01Url' -Val ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:69 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'DNS01Token' -V ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:80 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'HTTP01Status' ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:81 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'HTTP01Url' -Va ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Das Argument kann nicht an den Parameter "InputObject" gebunden werden, da es NULL ist.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:82 Zeichen:21
+ ... $auth | Add-Member -MemberType NoteProperty -Name 'HTTP01Token' - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Member], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.AddMemberCommand

Invoke-ACME : Es ist nicht möglich, eine Methode für einen Ausdruck aufzurufen, der den NULL hat.
In C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\3.11.0\Public\Get-PAAuthorizations.ps1:45 Zeichen:29
+ ... $response = Invoke-ACME $header ([String]::Empty) $acct -EA Stop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Invoke-ACME], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull,Invoke-ACME