What credentials I have to place in, when using Microsoft DNS.
i have one win server used as dns server and win server used as web server.
I don’t know which credentials do I put in and also how does Certify works in that case? I put my credentials and what? Do I need to open specific port, do I need to tell him something somewhere? Since I’m getting access denied. @webprofusion
Logs are below.
Failed [Microsoft DNS API]: Microsoft.Management.Infrastructure.CimException: Access is denied.
at Microsoft.Management.Infrastructure.Internal.Operations.CimSyncEnumeratorBase1.MoveNext() at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable1 source)
at Microsoft.Management.Infrastructure.CimSession.InvokeMethod(String namespaceName, String className, String methodName, CimMethodParametersCollection methodParameters, CimOperationOptions options)
at Certify.Providers.DNS.MSDNS.DnsProviderMSDNS.d__29.MoveNext() in D:\a\certify-internal\certify-internal\src\certify-build\certify\src\Certify.Providers\DNS\MSDNS\DnsProviderMSDNS.cs:line 100
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Core.Management.Challenges.DnsChallengeHelper.d__4.MoveNext() in D:\a\certify-internal\certify-internal\src\certify-build\certify\src\Certify.Core\Management\Challenges\DNS\DnsChallengeHelper.cs:line 186
Does your user account have permission to query and update your Microsoft DNS service? You may find the account your using needs to be a local administrator on the DNS server, or if it is AD integrated you would managed the roles/permissions through there.
Our Microsoft DNS provider is community contributed and we don’t currently have a Microsoft DNS service to test against ourselves.
To guess at whether you have the right settings or not we’d need a screenshot of the settings you are using (but nothing confidential).
An alternative to using a specific DNS provider for DNS validation is to use our (separately licensed) Certify DNS service which uses CNAME records to redirect to our service then our service answers the DNS challenge. Certify DNS | Certify The Web Docs
We made it work at the end. Maybe a recommendation or something you can look into in future versions of Certify:
After you have chosen Microsoft DNS api method and after you click “New”, we are asked for credentials and domain. I think it should be clear that domain is mandatory field.
Anyway, it was just that we didn’t put that one in. All good. Thank you for help.
Can I ask you one more question it’s not actually connected to this but I didn’t wanted to start a new theme.
When Certify renew a certificate, does IIS automatically binds that renewed certificate to the site or I have to do it manually? Not sure if this is right place to ask about it but yeah
When Certify renews a managed certificate then by default it will look for IIS sites with hostname bindings that would match that certificate and apply the certificate to those (or it will add an http bindings if the existing binding is http only).
You can preview the binding updates the app will perform in the Preview tab - scroll down to Deployment in the preview and you will see a table of planned bindings updates. If your website bindings do not show that they will be updated then you would need to check that you have existing bindings with hostname set to match the certificate.
Here is an example preview for binding updates:
1 Like