Active24 plugin no longer working about posh-acme HOT 25 OPEN

Default pfx password is just poshacme. It should also be a viewable property on the PAOrder object returned by things like Get-PAOrder and is settable with Set-PAOrder.

from posh-acme.

Hey @Gibonnn, thanks for reaching out. I'm sure it's possible to update the plugin. I'll need to purchase a domain to get access to test with though unless you feel like sharing an existing API key with me. And I can't give a definitive timeframe as I'm about to go out of town for a week.

from posh-acme.

I can't seem to find any references from the Active24 website to this websupport.sk API. All the support documentation still seems to link to the original API. Even the customer center still has my old API tokens there.

https://faq.active24.com/eng/739445-REST-API-for-developers?l=en-US

from posh-acme.

The current API is also still working for me for things like payment history queries. Where are you hearing they have a new management system and that the old API is no longer working?

from posh-acme.

If anything, websupport.sk seems to be its own separate provider. Or is this some sort of rebranding from Active24 to WebSupport.sk?

from posh-acme.

Hi,
Thanks for quick check. Yes websupport.sk and websupport.cz is a new management system for Active24. They also mention it on their website, but maybe that only affects Czech customers, like me. I have to take a closer look again and maybe contact their support.
For my domain hosted there I cant create any cert with the script, it tells me it cant find the zone for the dns challenge, but I know its there.
Sorry Im also leaving for 4 days now and cant provide any error messages now. Will ping when Im back.
Cheers!

from posh-acme.

Here is the info about the change in English.
https://www.active24.com/en/about/active-24-moving-to-new-platform

from posh-acme.

Thanks. That explains why my own account may not have been moved yet. But basically it seems like I just need to develop a new plugin for WebSupport.sk in general and that should cover anyone already there or anyone from Active24 who has been moved already.

from posh-acme.

yea I guess so. Think thats feasable for you? In case, I could at least save you the bucks and pay some dummy domain.
Happy Easter! .)

from posh-acme.

Definitely feasible. I might even be able to whip up a draft plugin before I take off on my trip. It looks like the cheapest TLD there is about 3 EUR right now. I can take care of purchasing the domain. But if you feel like tossing a few bucks my way via the Github sponsors link, that would be appreciated.

from posh-acme.

Sounds great! Yea, I will send some hello card your way ;)

from posh-acme.

Just as a status update, I have working code that can authenticate to the WebSupport API now. But my domain registration is stalled pending some identity verification on their end. So I can't get much further until they validate some documents I sent.

from posh-acme.

Domain registration all set. But now I'm running into some rough edges with their API. In particular, there are only 4 basic DNS operations. But all of them require a service parameter which is apparently an internal ID for the domain in their system. But there does not appear to be a way to use the API to query the list of available services on an account.

So with the new plugin, you're going to have to first look up the service IDs in the GUI control panel associated with the domains in your certificate. Then you'll have to pass them as part of the PluginArgs hashtable you send along with the API credentials. The old Active24 API didn't require this because you could just use the domain name directly in the query.

Their docs and the current functionality of the API also don't quite match up in certain places. So it's a bit slower than it should be figuring out how things are supposed to work. The GET request for records in web-based Swagger testing tool doesn't actually work because it has mandatory filtering values in the Body of the GET request and then complains that GETs aren't allowed to have a Body.

None of this is your problem, btw. I'm just sort of thinking out loud as I work through the process to create this plugin.

from posh-acme.

Ugh, there's also no surefire way to determine what domain a given service ID is associated with. You can infer based on the records that exist in the zone. But if the zone is empty, you're stuck because the GET records query won't return any data with the domain name in it.

from posh-acme.

Hey @Gibonnn, give this draft plugin a try. You can just download the file and throw it into the existing Plugins folder.
https://github.com/rmbolger/Posh-ACME/blob/websupport/Posh-ACME/Plugins/WebsupportSK.ps1

And here's a link to the draft usage guide if you need it.
https://github.com/rmbolger/Posh-ACME/blob/websupport/docs/Plugins/WebsupportSK.md

Once you have the plugin installed and force re-import the module, here's how you can switch the plugin on an existing Posh-ACME order.

$pArgs = @{
    WskCredential = Get-Credential # username is API Identifier, password is API Secret
    WskServiceId = '12345','23456' # These are the domain IDs from the web portal
}
Set-PAOrder example.com -Plugin WebsupportSK -PluginArgs $pArgs -DnsSleep 300

from posh-acme.

Cool, I will check it out hopefully tonight.
Thanks!!

from posh-acme.

I sent an email to support asking about some feature requests to the API to make it less cumbersome to use. Apparently, this v2 version of the API is still pretty new and missing a lot of features that used to exist in v1 they haven't implemented yet.

I'll have to see if I can combine using v1 and v2 so you don't have to do things like specify the Service ID for your domains in the plugin args. But the existing draft plugin should still work for the time being.

from posh-acme.

Ok, updated the draft version and it no longer requires specifying the service IDs. You can now use it like this:

$pArgs = @{
    WskCredential = Get-Credential # username is API Identifier, password is API Secret
}
Set-PAOrder example.com -Plugin WebsupportSK -PluginArgs $pArgs -DnsSleep 300

from posh-acme.

Ryan, I did not have a chance to try it yet. Me and my wife and daughter have returned yesterday evening after 3 days of Handball tournament that my son played.
Thanks for your work and I will let you know the outcome when I can.
Cheeeeers

from posh-acme.

Hi Ryan,
just tried as adviced and nothing happened. Right after I hit enter I got empty line, no error, info, nothing.

Rg

from posh-acme.

Sorry for the confusion. The Set-PAOrder command just changes the active plugin details for that order. If you now want to try renewing the cert, you’d need to run Submit-Renewal as normal or let your scheduled task do it if you have one setup.

from posh-acme.

OK WIth New-PACertificate everything went well and its working fine! I got my certifikace nice and shiny.
Thanks a lot!

from posh-acme.

Excellent! Happy to hear it. I’ll try and wrap everything up into a new release when I get back from my own trip.

from posh-acme.

Sure, thanks again! I have sent some coffee money for the great help.
Just one more question - what would be the password for the PFX file to import? I found something like "PfxPassB64U" in the order.json, but that one is not accepted by Windows import wizard.
Cheers, enjoy your trip .)

from posh-acme.