Cannot redo http-01 challenge

[AHandless]

If I have an existing and validated ACMEIdentifier, I cannot forcefully redo the challenge.

> Get-ACMEIdentifier | Where {$_.Dns -eq "example.com"}
Seq    : 3
Id     : 84e43cdf-a6fb-47e2-934a-d4c50f20217b
Alias  : example.com
Label  :
Dns    : example.com
Status : valid

> Complete-ACMEChallenge example.com -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = 'example.com' }
IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier     : example.com
Uri            : https://acme-v01.api.letsencrypt.org/acme/authz/GHFKJG7...
Status         : valid
Expires        : 4/11/2017 4:45:12 AM
Challenges     : {, , }
Combinations   : {0, 1, 2}

> Submit-ACMEChallenge example.com -ChallengeType http-01
challenge has not been decoded
    + CategoryInfo          : NotSpecified: (:) [Submit-ACMEChallenge], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,ACMESharp.POSH.SubmitChallenge

[WallyRanson]

Try to do what ebakker suggest here: #210

I had same error and I just restarted the process for that host, but I think ebakker would like to get the feedback on those suggestions. :)

[ebekker]

This issue has been popping up for lots of folks intermittently lately (even me), I'll need to dig into it a bit to see what's changed recently. In the meantime, if you can force the challenge to be completed once again, this has typically cleared up the situation.

Just as @WallyRanson suggested, try doing the step with Complete-ACMEChallenge again, but add the -Regenerate and -Repeat flags.

[Feldegast123]

Isn't this due to the fact that the authorization is only valid for 10 months? I did not take that into account when I wrote a little renewal-script. My current fix is just to create a new certificate for those servers that runs into the issue. Need to incorporate the -regenerate -repeat in that somehow.

[WallyRanson]

No I got it the first week I tried to make my script.
I had never completed a challenge on some of the domains I got the error on and on others I had a standing valid challenge, but when I made a new challenge, then I sometimes got it.
I do not work with renewals as such.
I rechallenge all domains everytime my script runs.

[Feldegast123]

Ah I was thinking that the reason for it popping up intermittently for people was because of the 10 month validity period for domain authorization. I had it happen on two installations this week. Those installations were not the first ones i configured but I think for the ones older than the ones with the issue I have manually recreated the certificates at some point (due to needing to add another domain or similar).

[ebekker]

It's not 10 mos any more, they reduced the validity to only a few weeks now.

But @WallyRanson is right, it's happening for folks (even me) even if they try to complete within a few hours or days.

[Feldegast123]

Well that certainly would explain the issues I've been having. Changed my scripts to authorize the domain every time I need to renew the cert. Thanks for the work @ebekker ☺

[alexhass]

Complete-ACMEChallenge : Parameter cannot be processed because the parameter name 'Repeat' is ambiguous. Possible matches include: -RepeatDecoder -RepeatHandler.

and now?

[alexhass]

-Regenerate -RepeatHandler -Force

[alexhass]

Submit-ACMEChallenge : Unable to update challenge :: The challenge is not pending.

How can I get out of the INVALID loop?

[WallyRanson]

Once the challenge is changed to invalid it is dead and you need to start a new challenge from the beginning again

[alexhass]

Ok. But than I‘m directly at #331

[WallyRanson]

Just add a timestamp