Can't create Autori...
 
Notifications
Clear all

Can't create Autorisation files for LE verification

3 Posts
2 Users
0 Reactions
2,132 Views
(@alexsander)
New Member
Joined: 5 years ago
Posts: 2
Topic starter  

Ich verwende einen Windows Server 2008 R2 mit einem Exchange 2013. Die Powershell 5 habe ich nachinstalliert. Bisher habe ich schon LetsEncrypt-Zertifikate über die Api-Version 1.0 verwendet. Gestern habe ich mich nun an die Arbeit gemacht, dass auf die Version 2 umzustellen. Ich komme da aber jetzt nicht mehr weiter, ich erhalte immer den o.g. Fehler.

Hier mals das Log dazu:

24.01.2020 15:51:52 - Check Posh-ACME - Info - Installation successfull
24.01.2020 15:51:52 - Load Posh-ACME - Info - Posh-ACME is installed, try to load it
24.01.2020 15:51:52 - Load Posh-ACME - Info - Module Import was successfull, PoshACMEVersion 0.0
24.01.2020 15:51:52 - Load Exchange SnapIns - Info - Try to load Exchange SnapIns
24.01.2020 15:51:52 - Load Exchange SnapIns - Info - Sucessfully loaded Exchange SnapIns
24.01.2020 15:51:52 - IIS - Info - Trying to create .Well-Known Directory
24.01.2020 15:51:53 - IIS - Info - Well-Known Folder already exists, skipping
24.01.2020 15:51:53 - IIS - Info - Added Mime Type to Well-Known Folder
24.01.2020 15:51:53 - IIS - Info - Changing Let's Encrypt IIS directory to http
24.01.2020 15:51:54 - IIS - Info - Successfully changed Let's Encrypt IIS directory to http
24.01.2020 15:51:54 - IIS - Info - Checking Let's Encrypt IIS directory to accept validation by http request
24.01.2020 15:51:54 - IIS - Info - .well-known directory accepts http
24.01.2020 15:51:54 - Exchange FQDNs - Info - Getting Exchange FQDNs
24.01.2020 15:51:54 - Exchange FQDNs - Info - Getting local Exchange Server Name
24.01.2020 15:51:55 - Exchange FQDNs - Info - Local Exchange Name EXCHANGE-SERVER
24.01.2020 15:51:55 - Exchange FQDNs - Info - Getting Autodiscover Hostname
24.01.2020 15:51:55 - Exchange FQDNs - Info - Autodiscover Hostname exchange-server.*****.net
24.01.2020 15:51:55 - Exchange FQDNs - Info - Getting Exchange Outlook Anywhere External FQDN
24.01.2020 15:51:55 - Exchange FQDNs - Info - Exchange Outlook Anywhere External FQDN exchange-server.
**.net
24.01.2020 15:51:55 - Exchange FQDNs - Info - Getting Exchange Outlook Anywhere Internal FQDN
24.01.2020 15:51:55 - Exchange FQDNs - Info - Exchange Outlook Anywhere Internal FQDN exchange-server.
**.net
24.01.2020 15:51:55 - Exchange FQDNs - Info - Getting Exchange OAB External FQDN
24.01.2020 15:51:55 - Exchange FQDNs - Error - Error geting Exchange OAB FQDNs
24.01.2020 15:51:55 - Exchange FQDNs - Info - Getting Exchange EAS Internal FQDN
24.01.2020 15:51:55 - Exchange FQDNs - Info - Exchange EAS Internal FQDN exchange-server.
**.net
24.01.2020 15:51:55 - Exchange FQDNs - Info - Getting Exchange EAS External FQDN
24.01.2020 15:51:56 - Exchange FQDNs - Error - Error geting Exchange EAS FQDNs
24.01.2020 15:51:56 - Exchange FQDNs - Info - Getting Exchange EWS Internal FQDN
24.01.2020 15:51:56 - Exchange FQDNs - Info - Exchange EWS Internal FQDN exchange-server.
**.net
24.01.2020 15:51:56 - Exchange FQDNs - Info - Getting Exchange EWS External FQDN
24.01.2020 15:51:56 - Exchange FQDNs - Error - Error geting Exchange EWS FQDNs
24.01.2020 15:51:56 - Exchange FQDNs - Info - Getting Exchange ECP Internal FQDN
24.01.2020 15:51:56 - Exchange FQDNs - Info - Exchange EWS Internal FQDN exchange-server.
**.net
24.01.2020 15:51:56 - Exchange FQDNs - Info - Getting Exchange ECP External FQDN
24.01.2020 15:51:57 - Exchange FQDNs - Error - Error geting Exchange ECP FQDNs
24.01.2020 15:51:57 - Exchange FQDNs - Info - Getting Exchange OWA Internal FQDN
24.01.2020 15:51:57 - Exchange FQDNs - Info - Exchange OWA Internal FQDN exchange-server.
**.net
24.01.2020 15:51:57 - Exchange FQDNs - Info - Getting Exchange OWA External FQDN
24.01.2020 15:51:57 - Exchange FQDNs - Error - Error geting Exchange OWA FQDNs
24.01.2020 15:51:57 - Exchange FQDNs - Info - Make them unique
24.01.2020 15:51:57 - Exchange FQDNs - Info - FQDNs are unique
24.01.2020 15:51:57 - LE System - Info - Setting LE Mode
24.01.2020 15:51:58 - LE System - Info - Setting LE Mode to STAGE MODE (TESTING ONLY)
24.01.2020 15:51:58 - LE System - Info - Checking for existing LE Account
24.01.2020 15:51:58 - LE System - Info - Found a existing LE Account
24.01.2020 15:51:58 - LE Certificate - Info - Trying to create a new order for a certificate
24.01.2020 15:51:59 - LE Certificate - Info - Successfully ordered certificate
24.01.2020 15:51:59 - LE System - Info - Creating Autorisation files for LE verification
24.01.2020 15:51:59 - LE System - ERROR - Can't create Autorisation files for LE verification
24.01.2020 15:51:59 - LE System - Info - Asking LE to verify the order
24.01.2020 15:51:59 - LE System - Info - Successfully informed LE to verify the order
24.01.2020 15:51:59 - LE System - INFO - Let's give LE some time to validate (1 min)
24.01.2020 15:52:59 - LE System - INFO - Time to wake up, need coffee!
24.01.2020 15:52:59 - LE System - INFO - Let's check the authorization
24.01.2020 15:52:59 - LE System - INFO - Authorization for exchange-server.
**.net is valid
24.01.2020 15:52:59 - LE System - INFO - Let's refresh the order
24.01.2020 15:52:59 - LE System - INFO - Let's check if order is ready
24.01.2020 15:52:59 - LE System - ERROR - Order is NOT ready

PS D:\win-acme\Exchange 2013> get-paorder | Get-PAAuthorizations

identifier : @{type=dns; value=exchange-server.**.net}
status : invalid
expires : 2020-01-31T14:51:58Z
challenges : {@{type=http-01; status=invalid; error=;
url= https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/34790356/-GYSbQ;
token=cZLmx
**_NfQuY7ek8A57SjiKobcI; validationRecord=System.Object[]}}
DNSId : exchange-server.
**.net
fqdn : exchange-server.
**.net
location : https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34790356
DNS01Status :
DNS01Url :
DNS01Token :
HTTP01Status : invalid
HTTP01Url : https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/34790356/-GYSbQ
HTTP01Token : cZLmx
*****_NfQuY7ek8A57SjiKobcI

 

Ich bin dankbar für jede Unterstützung...


   
Quote
Frank Zöchling
(@franky)
Honorable Member Admin
Joined: 15 years ago
Posts: 512
 

Servus,

kannst du mir einmal das Log sowie die Ausgabe von "get-paorder | Get-PAAuthorizations" per Mail schicken? (Bitte ungekürzt)

Gruß,

Frank


   
ReplyQuote

(@alexsander)
New Member
Joined: 5 years ago
Posts: 2
Topic starter  

Sorry, dass ich mich jetzt erst wieder melde. Das Thema war erstmal etwas in den Hintergrund gerückt, da die Zertifikate aus der V1-Api ja noch gültig sind.

Hier also jetzt das Log aus der Logdatei:

TimeStamp;ScriptSection;Type;Message;ErrorDetails
14.02.2020 17:13:10;System;Info;Geting system parameters;
14.02.2020 17:13:10;System;Info;Certificate Assistant Exchange 2013 Version;
14.02.2020 17:13:10;System;Info;PowerShell Version: 5.1.14409.1018 OSVersion: 6.1.7601.65536;
14.02.2020 17:13:10;Check Posh-ACME;Info;Check if Module installed;
14.02.2020 17:13:10;Check Posh-ACME;Warning;Posh-ACME not installed, try to install it;
14.02.2020 17:13:10;Check Posh-ACME;Info;Using legacy installation method;
14.02.2020 17:13:10;Check Posh-ACME;Info;Try to download PackageManagement-MSI Path: D:\win-acme\Exchange 2013\poshacme.zip;
14.02.2020 17:13:10;Check Posh-ACME;Error;Installation failed or arborted;Die zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..
14.02.2020 17:13:10;Load Posh-ACME;Info;Posh-ACME is installed, try to load it;
14.02.2020 17:13:12;Load Posh-ACME;Info;Module Import was successfull, PoshACMEVersion 0.0;
14.02.2020 17:13:12;Load Exchange SnapIns;Info;Try to load Exchange SnapIns;
14.02.2020 17:13:14;Load Exchange SnapIns;Info;Sucessfully loaded Exchange SnapIns;
14.02.2020 17:13:14;IIS;Info;Trying to create .Well-Known Directory;
14.02.2020 17:13:14;IIS;Info;Well-Known Folder already exists, skipping;
14.02.2020 17:13:14;IIS;Info;Added Mime Type to Well-Known Folder;
14.02.2020 17:13:14;IIS;Info;Changing Let's Encrypt IIS directory to http;
14.02.2020 17:13:15;IIS;Info;Successfully changed Let's Encrypt IIS directory to http;
14.02.2020 17:13:15;IIS;Info;Checking Let's Encrypt IIS directory to accept validation by http request;
14.02.2020 17:13:15;IIS;Info;.well-known directory accepts http;
14.02.2020 17:13:15;Custom FQDNs;Info;Using Custom FQDNs is configured;
14.02.2020 17:13:15;LE System;Info;Setting LE Mode;
14.02.2020 17:13:15;LE System;Info;Setting LE Mode to STAGE MODE (TESTING ONLY);
14.02.2020 17:13:15;LE System;Info;Checking for existing LE Account;
14.02.2020 17:13:15;LE System;Info;Found a existing LE Account;
14.02.2020 17:13:15;LE Certificate;Info;Trying to create a new order for a certificate;
14.02.2020 17:13:17;LE Certificate;Info;Successfully ordered certificate;
14.02.2020 17:13:17;LE System;Info;Creating Autorisation files for LE verification;
14.02.2020 17:13:17;LE System;ERROR;Can't create Autorisation files for LE verification;Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'FilePath'. Die angegebene Methode wird nicht unterstützt.
14.02.2020 17:13:17;LE System;Info;Asking LE to verify the order;
14.02.2020 17:13:18;LE System;Info;Successfully informed LE to verify the order;
14.02.2020 17:13:18;LE System;INFO;Let's give LE some time to validate (1 min);1 min
14.02.2020 17:14:18;LE System;INFO;Time to wake up, need coffee!;
14.02.2020 17:14:18;LE System;INFO;Let's check the authorization;
14.02.2020 17:14:18;LE System;INFO;Authorization for exchange-server.intra.****.net is valid;
14.02.2020 17:14:18;LE System;INFO;Let's refresh the order;
14.02.2020 17:14:18;LE System;INFO;Let's check if order is ready;
14.02.2020 17:14:18;LE System;ERROR;Order is NOT ready;

 

und auch die Ausgabe von "get-paorder | Get-PAAuthorizations"  noch einmal:

identifier : @{type=dns; value=exchange-server.intra.**.net}
status : invalid
expires : 2020-02-21T16:13:17Z
challenges : {@{type=http-01; status=invalid; error=;
url= https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/38929113/42h58w;
token=Dccv1NPv2vXeRooLttoSIsnpPMf25Scy1iPMd5ga2Fs; validationRecord=System.Object[]}}
DNSId : exchange-server.intra.
**.net
fqdn : exchange-server.intra.
*****.net
location : https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/38929113
DNS01Status :
DNS01Url :
DNS01Token :
HTTP01Status : invalid
HTTP01Url : https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/38929113/42h58w
HTTP01Token : Dccv1NPv2vXeRooLttoSIsnpPMf25Scy1iPMd5ga2Fs

 

Danke für die Hilfe!

Viele Grüße

Alex


   
ReplyQuote
Share: