Skip to content

Submit-Renewal throws errors checking ARI on certs with no AKI #561

New issue
New issue
Closed
Closed
Submit-Renewal throws errors checking ARI on certs with no AKI#561
Assignees
rmbolger
Labels
bugSomething isn't working
@jamesfreeman959

Description

@jamesfreeman959
jamesfreeman959
opened on Aug 16, 2024

Hi there,

I have recently started using Posh-ACME on Windows Server and really appreciate your efforts. Currently experiencing an issue on a machine I've recently installed it on. The machine already had Posh-ACME 3.9.0 installed from a trial run I made a few years ago but abandoned due to lack of time. I'm since getting things going again, and so upgraded Posh-ACME to 4.24.0 and then requested a new certificate using New-PACertificate - this worked on the first try. However I'm now having problems with both Get-PACertificate and Submit-Renewal - output from the latter is given below. I suspect this might be from my prior attempt at using Posh-ACME, but I'm not clear what I need to clear out or where to resolve the issue. Plus although the certificate I obtained doesn't need renewing, the 404 error buried in the output makes me think the renewal will fail.

Any help would be appreciated:

C:\> submit-renewal
Exception calling "GetInstance" with "1" argument(s): "unknown object in factory: System.Byte[]
Parameter name: obj"
At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\4.24.0\Public\Get-PACertificate.ps1:71 char:13
+             $akiBytes = [Org.BouncyCastle.Asn1.X509.AuthorityKeyIdent ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ArgumentException

ConvertTo-Base64Url : Cannot bind argument to parameter 'Bytes' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\4.24.0\Public\Get-PACertificate.ps1:73 char:56
+ ...          $ariID = '{0}.{1}' -f (ConvertTo-Base64Url $akiBytes),(Conve ...
+                                                         ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertTo-Base64Url], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,ConvertTo-Base64Url

WARNING: ARI request failed.
Update-PAOrder : {
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Must specify a request path",
  "status": 404
}
At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\4.24.0\Public\Submit-Renewal.ps1:47 char:21
+                     Update-PAOrder -Order $order
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Update-PAOrder], WebExcept
   ion
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Update-PAOrder
WARNING: Order 'redacted.example.com' is not recommended for renewal yet. Use -Force to override.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions