Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Certificate error: domain name contains an invalid character #1938

Closed
5 tasks done
J0shev opened this issue Jun 17, 2024 · 6 comments
Closed
5 tasks done

SSL Certificate error: domain name contains an invalid character #1938

J0shev opened this issue Jun 17, 2024 · 6 comments
Labels
bug Problem when deploying a Data Safe Haven.
Milestone
Release 4.2.2

Comments

@J0shev
Copy link

J0shev commented Jun 17, 2024

✅ Checklist

  • I have searched open and closed issues for duplicates.
  • This is a problem observed when deploying a Data Safe Haven.
  • I can reproduce this with the latest version.
  • I have read through the documentation.
  • This isn't an open-ended question (open a discussion if it is).

💻 System information

  • Operating System: Windows 10 Enterprise 22H2
  • Data Safe Haven version: Release v4.2.1

📦 Packages

List of packages 
C:\DSH\data-safe-haven-latest\deployment> .\CheckRequirements.ps1
2024-06-17 11:03:46 [SUCCESS]: [✔] Powershell version: 7.4.1
2024-06-17 11:03:46 [SUCCESS]: [✔] Microsoft.Graph.Identity.DirectoryManagement module version: 1.21.0
2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Network module version: 5.3.0
2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Accounts module version: 2.15.1
2024-06-17 11:03:46 [SUCCESS]: [✔] Microsoft.Graph.Applications module version: 1.21.0
2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Monitor module version: 4.2.0
2024-06-17 11:03:46 [SUCCESS]: [✔] Az.Dns module version: 1.1.2
2024-06-17 11:03:46 [SUCCESS]: [✔] Az.DataProtection module version: 0.4.0
2024-06-17 11:03:46 [SUCCESS]: [✔] Az.MonitoringSolutions module version: 0.1.0
2024-06-17 11:03:46 [SUCCESS]: [✔] Microsoft.Graph.Users module version: 1.21.0
2024-06-17 11:03:47 [SUCCESS]: [✔] Powershell-Yaml module version: 0.4.2
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Compute module version: 5.3.0
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Resources module version: 6.5.1
2024-06-17 11:03:47 [SUCCESS]: [✔] Poshstache module version: 0.1.10
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.PrivateDns module version: 1.0.3
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Automation module version: 1.9.0
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.RecoveryServices module version: 5.4.1
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.OperationalInsights module version: 3.1.0
2024-06-17 11:03:47 [SUCCESS]: [✔] Microsoft.Graph.Authentication module version: 1.21.0
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.KeyVault module version: 4.9.1
2024-06-17 11:03:47 [SUCCESS]: [✔] Az.Storage module version: 4.7.0

🚫 Describe the problem

I am attempting to deploy the SRE and have encountered an issue when running Update_SRE_SSL_Certificate. The same error message occurs regardless whether I use the SRE Deployment script, or run through each step manually. I have pasted the logs below.

🌳 Log messages

Relevant log messages 
C:\DSH\data-safe-haven-latest\deployment\secure_research_environment\setup> .\Update_SRE_SSL_Certificate.ps1
 
cmdlet Update_SRE_SSL_Certificate.ps1 at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
shmId: ddrc
sreId: dsg
2024-06-17 11:03:15 [WARNING]: The remoteDesktopProvider configuration option has been deprecated and will be removed in the future
2024-06-17 11:03:16 [   INFO]: [ ] Checking whether signed certificate 'sre-dsg-lets-encrypt-certificate' already exists in Key Vault...
2024-06-17 11:03:17 [   INFO]: No certificate found in Key Vault 'kv-ddrc-sre-dsg'
2024-06-17 11:03:17 [   INFO]: Preparing to request a new certificate...
2024-06-17 11:03:18 [   INFO]: Generating a certificate signing request for dsg.ddrc.exeter.ac.uk to be signed by Let's Encrypt...
2024-06-17 11:03:20 [SUCCESS]: [✔] CSR creation succeeded
2024-06-17 11:03:23 [   INFO]: Using Let's Encrypt production server!
2024-06-17 11:03:24 [   INFO]: [ ] Checking for Posh-ACME account
2024-06-17 11:03:24 [SUCCESS]: [✔] Using Posh-ACME account: 1690196877
2024-06-17 11:03:24 [   INFO]: Test that we can interact with DNS records...
2024-06-17 11:03:24 [   INFO]: [ ] Attempting to create a DNS record for dnstest.dsg.ddrc.exeter.ac.uk...
VERBOSE: Publishing challenge for Domain dnstest.dsg.ddrc.exeter.ac.uk with Token faketoken using Plugin Azure and DnsAlias ''.
VERBOSE: Authenticating with provided access token for tenant 5ad2ad05-49d1-4dbe-946f-f57367688a7a
VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 1087-byte response of content type application/json
VERBOSE: Content encoding: utf-8
VERBOSE: 2 zone(s) found
VERBOSE: Checking _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk
VERBOSE: Checking dnstest.dsg.ddrc.exeter.ac.uk
VERBOSE: Checking dsg.ddrc.exeter.ac.uk
VERBOSE: Querying _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 184-byte response of content type application/json
VERBOSE: Sending updated _acme-challenge.dnstest
VERBOSE: Requested HTTP/1.1 PUT with 98-byte payload
VERBOSE: Received HTTP/1.1 514-byte response of content type application/json
VERBOSE: Content encoding: utf-8
2024-06-17 11:03:26 [SUCCESS]: [✔] DNS record creation succeeded
2024-06-17 11:03:26 [   INFO]: [ ] Attempting to delete a DNS record for dnstest.dsg.ddrc.exeter.ac.uk...
VERBOSE: Unpublishing challenge for Domain dnstest.dsg.ddrc.exeter.ac.uk with Token faketoken using Plugin Azure and DnsAlias ''.
VERBOSE: Authenticating with provided access token for tenant 5ad2ad05-49d1-4dbe-946f-f57367688a7a
VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk
VERBOSE: Querying _acme-challenge.dnstest.dsg.ddrc.exeter.ac.uk
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 514-byte response of content type application/json
VERBOSE: Content encoding: utf-8
VERBOSE: Deleting _acme-challenge.dnstest. No values left.
VERBOSE: Requested HTTP/1.1 DELETE with 0-byte payload
VERBOSE: Received HTTP/1.1 0-byte response of content type
VERBOSE: Content encoding: utf-8
2024-06-17 11:03:27 [SUCCESS]: [✔] DNS record deletion succeeded
2024-06-17 11:03:27 [   INFO]: Sending the CSR to be signed by Let's Encrypt...
VERBOSE: Publishing challenge for Domain dsg.ddrc.exeter.ac.uk with Token faketoken using Plugin Azure and DnsAlias ''.
VERBOSE: Authenticating with provided access token for tenant 5ad2ad05-49d1-4dbe-946f-f57367688a7a
VERBOSE: Attempting to find hosted zone for _acme-challenge.dsg.ddrc.exeter.ac.uk
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 1087-byte response of content type application/json
VERBOSE: Content encoding: utf-8
VERBOSE: 2 zone(s) found
VERBOSE: Checking _acme-challenge.dsg.ddrc.exeter.ac.uk
VERBOSE: Checking dsg.ddrc.exeter.ac.uk
VERBOSE: Querying _acme-challenge.dsg.ddrc.exeter.ac.uk
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 490-byte response of content type application/json
VERBOSE: Content encoding: utf-8
2024-06-17 11:03:27 [   INFO]: [ ] Creating certificate for dsg.ddrc.exeter.ac.uk...
VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using account 1690196877
VERBOSE: Order name not specified, using 'dsg.ddrc.exeter.ac.uk'
VERBOSE: Creating a new order 'dsg.ddrc.exeter.ac.uk' for dsg.ddrc.exeter.ac.uk, GUACAMOLE-SRE-DSG.ddrc.exeter.ac.uk
OperationStopped: Invalid identifiers requested :: Cannot issue for "GUACAMOLE-SRE-DSG.ddrc.exeter.ac.uk": Domain name contains an invalid character
2024-06-17 11:03:29 [   INFO]: Importing signed certificate into Key Vault 'kv-ddrc-sre-dsg'...
2024-06-17 11:03:29 [FAILURE]: [x] Certificate import failed!
Import-AzKeyVaultCertificate: C:\DSH\data-safe-haven-latest\deployment\secure_research_environment\setup\Update_SRE_SSL_Certificate.ps1:225
Line |
225 |  … lt.name -Name $certificateName -FilePath $certificateFilePath -ErrorA …
     |                                             ~~~~~~~~~~~~~~~~~~~~
     | Cannot bind argument to parameter 'FilePath' because it is null.

♻️ To reproduce
@J0shev J0shev added the bug Problem when deploying a Data Safe Haven. label Jun 17, 2024
@jemrobinson
Copy link
Member

Let's Encrypt no longer support upper-case characters in domain names (see here). I'll put out a fix for this.

@jemrobinson jemrobinson mentioned this issue Jun 17, 2024
Merged
3 tasks
@jemrobinson
Copy link
Member

@J0shev : If you're able to check out the branch 1938-ssl-certificate-error could you let me know whether this fixes your problem?

@J0shev
Copy link
Author

J0shev commented Jun 17, 2024

@J0shev : If you're able to check out the branch 1938-ssl-certificate-error could you let me know whether this fixes your problem?

@jemrobinson This seems to have done the job! Thank you.

@jemrobinson
Copy link
Member

Great - let me know when you've had a chance to check that the full deployment works and we can tag a patch version with this fix.

@jemrobinson jemrobinson added this to the Release 4.2.2 milestone Jun 24, 2024
@jemrobinson
Copy link
Member

Closed by #1939.

@jemrobinson
Copy link
Member

@J0shev: The fix for this issue is in release v4.2.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Problem when deploying a Data Safe Haven.
Projects
None yet
Milestone
Release 4.2.2
Development

No branches or pull requests
2 participants
@jemrobinson @J0shev