I’m guessing you are trying to do custom DNS scripting validation.
The main issue I can see is that you are using the CertificateThumbPrintHash as your TXT record value, instead you should be using the value of -value that you have passed to your powershell script. Also there will be no param($result) as that is the syntax for post-request deployment scripts, not DNS scripting. I don’t do a lot of powershell but I believe the top of your script would need the following to pass in those parameters
param (
[string]$zone,
[string]$value
)
Secondly, don’t store any scripts under C:\Program Files\CertifyTheWeb\Scripts\Common as this location will be deleted when the app next updates.
The API key you have provided in your example appears to be your real key, so you should change that immediately.
Okay, I able to get certificates now, without any problems. So now the next step is to delete DNS record. And I’m not seeing where there’s a place for testing that is. There’s a button to test to make sure your DNS record is being added into your DNS provider.
When does the “delete script” run, isn’t after it receives the TLS certificate?
Hi, the delete script runs during the ‘cleanup’ phase which is after the DNS record has been validated. Off the top of my head I’m not sure if we currently call it during test, which we should do of course.
I have been working on this project for quite some time. I believe I’ve gotten it all ironed out. If anybody else would like to play with it, here it is, please download. Here’s the link to GitHub.
Thanks for sharing the scripts. When I click the Test button in CTW or recreate and execute each step of your Add.ps1 script in Powershell I can see the Success code 200 and a resulting TXT record in my Dynu control panel, however when I click Request Certificate, no TXT records are added and the challenge process fails.
I have two domains in Dynu and am attempting to request a wildcard certificate for both of them (i.e. *.domain1.com and *.domain2.com)
If you have any suggestions I would be glad to hear them
Thanks for the reply. I’ve created a separate certificate request for just the one wildcard domain to keep things simple and applied your advice above. I’m making progress now as I can see a TXT record is created while Requesting a Certificate, although strangely the value is incorrect (repeatedly using a value starting with “IX_”…) which causes the request to fail.
(edit - system won’t let me add a 4th reply here)
I was able to debug that the line $domainid = $getdomaindata… was returning NULL due to the $zone variable beginning with ‘*.’ which was not present in the domains returned by $getdomaindata
So I added this line just before setting the APIKey variable: $zone = $zone -replace ‘\*.’, ''
I never had a use case for wildcard domains. So, I have never tested it with wildcards. I would have to go back to the drawing board to figure that out.