Complete-ACMEChallenge -Handler manual no longer returns manual details

[b9chris]

I can't find any docs on this change. A prior version of ACMESharp had a manual mode that would provide output like:

== Manual Challenge Handler - HTTP ==

• Handle Time: [3/3/2017 9:15:14 PM]
• Challenge Token: [qVDLQxSDQhP76gvJ39XTeC7Ucu4DuUVRDWzgblu0f9M]
  To complete this Challenge please create a new file
  under the server that is responding to the hostname
  and path given with the following characteristics:
• HTTP URL: [http://playingforchangeday.org/.well-known/acme-challenge/qVDLQxSDQhP76gvJ39XTeC7Ucu4DuUVRDWzgblu0f9M
  ]
• File Path: [.well-known/acme-challenge/qVDLQxSDQhP76gvJ39XTeC7Ucu4DuUVRDWzgblu0f9M]
• File Content: [qVDLQxSDQhP76gvJ39XTeC7Ucu4DuUVRDWzgblu0f9M.YA4bIrgFYXO3yMKT6mux45iwsf_AQa6IQHSPItSuLt8]
• MIME Type: [text/plain]

However, none of these critical details appear anymore. Instead, I get:

PS D:\cert> complete-acmechallenge dns104 -ChallengeType http-01 -handler manual -handlerparameters @{ WebSiteRef = 'bra
ss9.com' }

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : brass9.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/U34Rl8g1cox5PMecB6XyhqafIMC2gDTZC5ShP-vq2MQ
Status : pending
Expires : 2/28/2018 12:14:11 PM
Challenges : {, manual}
Combinations : {0, 1}

And that's it - none of what I need to actually perform the manual submit!

What am I doing wrong? Or is the library's manual feature not working properly?

[WallyRanson]

Your complete-acmechallenge actually returns an object, but you are just not catching it.
Try to add $someobjectname = complete-acmechallenge.......
Then after having called the command then do a line with just $someobjectname and press enter, then you see what the object actually holds of information

[KuestenKeks]

I believe that's the result of the following changes in v0.9.1

Changing default "output behavior" of Manual Challenge Handler:

• By default, won't write output to STDOUT, but output will be captured as message attached to Authorization State
• You can override this behavior and specify STDOUT to mimic the old behavior. All other settings are preserved by the Manual Challenge Handler.
• When an output is specified, the message will be written to both the output target, and captured by the authorization state.
• This applies to both handling the Challenge and also cleaning up after handling the Challenge.

See https://github.com/ebekker/ACMESharp/releases/tag/v0.9.1

I think you should be able to write the required output formatted as JSON to a text file like this:

Complete-ACMEChallenge dns104 -ChallengeType http-01 -Handler manual -HandlerParameters @{ WebSiteRef = 'brass9.com' WriteOutPath = "C:\ACMEChallenge.txt"; OutputJson = $true }

[b9chris]

That workaround does work, it's just a major breaking change that disagrees with the docs and breaks the scripts I and I'm sure others have written. I think if the docs are just updated in a way that shows as simply as possible how to dump to the console in the example then we'll be in a good place here. There are many automated ways to do LetsEncrypt, so I think this library, to me, is about breaking down the process for people who are new to it into simple steps where you can easily observe its work.

[MylesPenlington]

I found that this sequence of script throws an error (complains about the ConvertFrom - JSON), but also causes the previous output to be dumped to the console.

Install-Module ACMESharp -Scope CurrentUser
Get-ACMEVaultProfile
Initialize-ACMEVault -Force
New-ACMERegistration -Contacts <your email address> -AcceptTos
New-ACMEIdentifier -Dns <website url> -Alias dnsT
Set-ACMEChallengeHandlerProfile -ProfileName manual-dns-json -ChallengeType http-01 -Handler manual -HandlerParameters @{ OutputJson = $true } -Force
Complete-ACMEChallenge -IdentifierRef dnsT -HandlerProfileRef manual-dns-json | ConvertFrom-JSON | select -Expand DnsDetails | select RRValue

[ACMEChallengeBroken]

Can someone please provide the full command I need to run in order to view the Complete-ACMEChallenge to show the DNS record information I need to actually complete the challenge?

Since the ACMEChallenge was updated to the current broken version of 0.9.1 the dev's deiced not to include the output to the command where you can read it and actually complete the challenge.

In the release notes they state that you simply use the STDOUT but I can't find any documentation on how to do that.

[HiroyukiSakoh]

@ACMEChallengeBroken
I do not understand well, but it works well.
ver 0.9.1

New-ACMEIdentifier -Dns $CertificateDomainName -Alias $alias
Complete-ACMEChallenge $alias -ChallengeType dns-01 -Handler manual
$Challenge = $null
do{
    Write-Host "Wait until Challenge comes"
    Start-Sleep -s 5
    $Challenge = ((Update-ACMEIdentifier $alias -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}).Challenge
}
while($Challenge -eq $null)

$RecordName = $Challenge.RecordName -replace ("\."+$AzureDnsZoneName),""
$RecordValue = $Challenge.RecordValue

Please check my blog post(japanese).
https://qiita.com/HiroyukiSakoh/items/144cc1bc955ac3697b84

[ACMEChallengeBroken]

@HiroyukiSakoh
Thank you for the reply however the script you provided does nothing more than continuously write back to the console "Wait until Challenge comes" probably because ACMEChallenge does not provide the RR values (Why I stand by my username "ACMEChallengeBroken")

If i run the Update-ACMEIdentifier by itself you can see there is nothing there... thus when I try running your script the $Challenge variable never leaves the $null state.

Status : pending
OldChallengeAnswer : [, ]
ChallengeAnswerMessage :
HandlerName :
HandlerHandleDate :
HandlerHandleMessage :
HandlerCleanUpDate :
HandlerCleanUpMessage :
SubmitDate :
SubmitResponse :

[HiroyukiSakoh]

@ACMEChallengeBroken
When I was writing a script I encountered that behavior.

A.Update-ACMEIdentifier $alias
B.Update-ACMEIdentifier $alias -ChallengeType dns-01

Using A will always be $null, and using B will move forward.
I want you to try B once.

I suspect that there is anything related to #72, #90
but I have not investigated in detail as there is no time.

Probably executing A before executing B breaks that ACMEIdentifier.
Try again from New-ACMEIdentifier.