DateTime parse error on Ubuntu & PowerShell Core

[SteveeeP]

Hi,

I'm running a Ubuntu Build Agent with PowerShell Core to generate/renew cert's with posh-acme. Unfortunately, the script is running in a parsing error:

New-PACertificate -Domain $dnsName -DnsPlugin Azure -PluginArgs $paPluginArgs -PfxPass $pw -Force -Verbose

VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using account *******
VERBOSE: Order name not specified, using ****.*****.com'
Update-PAOrder : Exception calling "Parse" with "1" argument(s): "String '2022-06-01T10:10:19Z 2022-05-30T11:45:59Z' was not recognized as a valid DateTime."
At /home/azureadmin/.local/share/powershell/Modules/Posh-ACME/4.14.0/Public/Get-PAOrder.ps1:98 char:17
+                 Update-PAOrder $order
+                 ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Update-PAOrder], MethodInvocationException
+ FullyQualifiedErrorId : FormatException,Update-PAOrder
##[error]Script failed with exit code: 1

seems the method gets two timestamps as parameter.

There are no problems when running the same script on a windows machine.

[rmbolger]

Hi @SteveeeP. That's an odd one for sure. Where I think this happens in the code implies that the order got previously saved with two expires timestamps which is weird because that property is sent directly by the ACME server as part of the response when creating a new order.

Unfortunately, the only way to fix the immediate problem is to either manually edit the existing order.json file so it only has a single timestamp or delete the existing order entirely. The latter is probably easier since you appear to be calling New-PACertificate every time instead of relying on Submit-Renewal. So the previous order being saved doesn't really matter.

I'm not exactly sure how build agents work. So if it's hard to manipulate the state of it outside of an actual build, you could also modify your script to add the Remove-PAOrder line just before the New-PACertificate line. I'd use something like this:

Remove-PAOrder $dnsName -Force -Verbose -ErrorAction Ignore
New-PACertificate -Domain $dnsName -DnsPlugin Azure -PluginArgs $paPluginArgs -PfxPass $pw -Force -Verbose

The other weird thing is that the parsing error shouldn't have cause the New-PACertificate call to exit. In my test, it just continued on and created a new order. Does the build agent fail the job if any error is encountered? Has the $ErrorActionPreference been changed from the default of "Continue"?

Bottom line. We can fix the immediate problem, but we can't figure out why the double time stamp happened in the first place without more data. Hoping it was just a fluke. But if it happens again, you might need to enable debug logging with $DebugPreference = 'Continue'

[SteveeeP]

Hi @rmbolger, thanks for your reply.

I ran into another (known) issue with Azure CLI & Powershell Core on Linux. So I decided to switch to a Windows-based Build Agent and both of my problems are gone.

I just wanted to let you know that there is something odd with POSH-ACME and PowerShell Core on Linux in the first place. If you want, I can provide you with some more detailed information. Just let me know.

Thanks!

[rmbolger]

I'd definitely love any info you can provide.