Virtualization Is Life!
Podcast GTwGT
general

Quick Tip: Let’s Encrypt ACME Powershell Ownership Challenge Can't see Challenge Data

I’m currently going through the process of acquiring a new Let’s Encrypt free SSL Certificate against a new domain I registered. For a great overview of what Let’s Encrypt is and what is can do for you, head over to Luca Dell’Oca’s blog (https://www.virtualtothecore.com/en/use-lets-encrypt-free-certificates-in-windows-for-veeam-cloud-connect/). I was following Luca’s instructions for getting the new domain authorised for use with the Let’s Encrypt service via a DNS challenge when I ran into the following. After running the PowerShell command to generate the challenge, it was not returning the Handler Message as expected form the direct output…well obviously anyway.

PS C:\> Complete-ACMEChallenge vcd -ChallengeType dns-01 -Handler manual

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : vcloud.sliemalabs.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/4tDJyu********Abf7spqzvbe7i1Cpqcus4Do
Status : pending
Expires : 7/4/2018 4:10:34 AM
Challenges : {manual, }
Combinations : {1, 0}

After scratching my head for a bit, I checked to see if the data was contained withing the returned PowerShell command.

PS C:\Windows\system32> (Get-ACMEIdentifier vcd).Challenges

ChallengePart : ACMESharp.Messages.ChallengePart
Challenge : ACMESharp.ACME.DnsChallenge
Type : dns-01
Uri : https://acme-v01.api.letsencrypt.org/acme/challenge/4tDJyuv*******f7spqzvbe7i1Cpqcus4Do/5324479144
Token : 7n4k7t4M3-Vw7UeU2Zdqf****Lqo-xnqje7QeB4k
Status : pending
OldChallengeAnswer : [, ]
ChallengeAnswerMessage :
HandlerName : manual
HandlerHandleDate : 6/27/2018 12:11:04 AM
HandlerHandleMessage : == Manual Challenge Handler - DNS ==
 * Handle Time: [6/27/2018 12:11:04 AM]
 * Challenge Token: [7n4k7t4M3-Vw7UeU2Zdqf8JmR37BLqo-xnqje7QeB4k]

 To complete this Challenge please create a new Resource
 Record (RR) with the following characteristics:
 * RR Type: [TXT]
 * RR Name: 
 * RR Value: 
 ------------------------------------

HandlerCleanUpDate :
HandlerCleanUpMessage :
SubmitDate : 6/27/2018 12:18:12 AM
SubmitResponse : {StatusCode, Headers, Links, RawContent...}

ChallengePart : ACMESharp.Messages.ChallengePart
Challenge :
Type : http-01
Uri : https://acme-v01.api.letsencrypt.org/acme/challenge/4tDJyuv********spqzvbe7i1Cpqcus4Do/5324479145
Token : nxIjZaoag_cJbfrFCt4****MLEoPgIii9eO3cNjyFk
Status : pending
OldChallengeAnswer : [, ]
ChallengeAnswerMessage :
HandlerName :
HandlerHandleDate :
HandlerHandleMessage :
HandlerCleanUpDate :
HandlerCleanUpMessage :
SubmitDate :
SubmitResponse :

From here I was able to create the DNS TXT entry and complete the challenge. Just in case it wasn’t obvious this very quick post will save you a bit of time.