rmbolger/Posh-ACME.Deploy

Set-IISCertificate doesn't work with Site names that have some uncommon characters.

bkotch opened this issue · 2 comments

Considering how your code uses the M$ Sites lookup, this isn't really your issue, but I DID want to give you a heads up of a FUN FUN FUN bug in the IIS powershell cmds. If you have a site name that contains a funny character like "[ ]" or "*", IIS 7 on Windows 2019 with Powershell 5 will find NOTHING. Not an error, mind you, like you'd get if you sent in an invalid site name, just a blank site. You just get no response and this logic rightly trips.

Cribbed from https://www.powershellgallery.com/packages/Posh-ACME.Deploy/1.0.0/Content/Public%5CSet-IISCertificate.ps1

    # verify the site exists
        $sitePath = "IIS:\Sites\$SiteName" # Returns an empty value if the SiteName contains a [] or * from my testing
        if (!($site = Get-Item $sitePath -EA SilentlyContinue)) {
            throw "Site $SiteName not found."
        }

Not that IIS stops you from naming your sites that way.

Oh, and if you try to be clever and rename your sites, be sure to Reset-IISServerManager to get it to pick up the name changes.

Thanks for the heads up, @brianhatchet. That's super lame. It looks like I could potentially work around the problem using explicit functions like Get-IISSite instead of the "IIS:" provider. But this might have to wait a bit. I've been meaning to update this function so it works with PS 7 and implicit remoting for the WebAdministration module. But it's sort of low priority at the moment.

I believe this can be worked around now using the Set-IISCertificateNew function in 1.4.0 that uses IISAdministration under the hood instead of WebAdministration.