-
-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows Zonescope mixed environment #168
Comments
In order to get certs for an internal name with a DNS challenge, you still have to create the TXT record in the external zone so the Let's Encrypt validation servers can query it. So even though your So if I understand correctly, your external zone is the default with no scope...so you should be able to just not specify a scope and have it work, right? I'm not super familiar with how Win DNS zone scopes work, so please correct me if I misunderstand how things work. |
I try to explain what I want to to... Lets say I have an exchange server with dns addresses exchange.intra.mydomain.com The exchange.intra.mydomain.com-Domain has two zone scopes, external and internal. exchange.mydomain.com (without intra) has only the main zone. But because of the intra domain I do have to call: New-PACertificate $myDomainArray -DnsPlugin Windows -PluginArgs @{WinServer=$dc; WinZoneScope='external'} This throws an error when adding the exchange.mydomain.com domain because it has no zoneScope with name "external" - and no other too. For this case I would like to add a check if the domain has the given zoneScope; if not, the domain will be added without zone Scope. I hope its clear what I wanted to explain... |
Thanks, I think I got it. I just pushed a fix to the master branch that should fix the issue. Like you said, it will now check that the scope exists on the zone before trying to use it. Let me know if that works for you and I'll see if I can get a new release out with the fix included. |
This fix is now live in 3.7.0 |
Hi,
in some cases, I need to get an certificate for both intranet and external url, e.g. intra.mydomain.com and mydomain.com. In this example, I want to use the certificate for rdp connection; I can only set one certificate for rdp usage, so I need to set both domains to the same certificate. No problem so far.
The internal url intra... has a zoneScope for external and internal scope, so I must add the zoneScope param for creating certificate. But for the external url theres no need to set zoneScopes, so here I do NOT need to add the zoneScope param. Unfortunally, I cant choose for which domains a zoneScope is needed and where not.
I found an easy solution adding three lines of code in the windows.ps1 file on line 39ff:
Old:
new:
Maybe you can add this to upcoming releases...
The text was updated successfully, but these errors were encountered: