Skip to content

Helpful error message is blocking execution? #577

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Helpful error message is blocking execution?#577
Assignees
rmbolger
Labels
questionFurther information is requested
@mpking828

Description

@mpking828
mpking828
opened on Oct 29, 2024

I was provided this script by someone else to allow a Milestone Camera System to use Let's Encrypt. It's worked great for a few years.

    param([string]$LogPath)

    function WriteLog {
        Param ([string]$message)
        Add-Content -Path $LogPath -Value "$(Get-Date) - $message"
    }

    try {
        $thumbprint = (Get-PACertificate).Thumbprint
        $cert = Submit-Renewal -WarningAction Stop -ErrorAction Stop
        $cert | Set-MobileServerCertificate  #Activate the certificate
        WriteLog "New certificate installed with thumbprint $($cert.Thumbprint)"
        WriteLog "Removing old certificate with thumbprint $thumbprint"
        Get-ChildItem Cert:\LocalMachine\My |
            Where-Object Thumbprint -eq $thumbprint |
            Remove-Item

    } catch {
        WriteLog $_.Exception.Message
        throw
    }

Usually it just puts this error in the log daily:
10/14/2024 03:04:11 - The running command stopped because the preference variable "WarningPreference" or common parameter is set to Stop: Order 'host.domain.com' is not recommended for renewal yet. Use -Force to override.

However, starting on the 19th it started throwing this error:
10/19/2024 03:37:25 - The running command stopped because the preference variable "WarningPreference" or common parameter is set to Stop: The ACME Server has indicated this order's certificate should be renewed AS SOON AS POSSIBLE.

I got an email today from Let'sEncrypt that the certificate expires on the 17th of Nov (it's what triggered me to check the error log)

That is the problem I'm trying to fix.

Looks like the helpful error message saying renew now is triggering the exception logic.

Here is my first attempt to fix it. (Essentially just adding the IF statement from https://poshac.me/docs/latest/Tutorial/#task-scheduler-cron).

Think this will get the job done? I'm open to suggestions

    param([string]$LogPath)

    function WriteLog {
        Param ([string]$message)
        Add-Content -Path $LogPath -Value "$(Get-Date) - $message"
    }

    try {
        $thumbprint = (Get-PACertificate).Thumbprint
        if ($cert = Submit-Renewal) {
			$cert | Set-MobileServerCertificate #Activate the certificate
			WriteLog "New certificate installed with thumbprint $($cert.Thumbprint)"
			WriteLog "Removing old certificate with thumbprint $thumbprint"
			Get-ChildItem Cert:\LocalMachine\My |
				Where-Object Thumbprint -eq $thumbprint |
				Remove-Item
		}
		else {
			WriteLog "Certificate was not renewed")
		}
    } catch {
        WriteLog $_.Exception.Message
        throw
    }

Metadata

Assignees

Labels

questionFurther information is requested

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions