From c478f4d8b5c21eac17f3515213c887542dd61d2b Mon Sep 17 00:00:00 2001
From: David Schroeder <david@schroedercity.com>
Date: Sat, 15 Nov 2025 19:56:59 -0600
Subject: [PATCH] Update vCenter-SSL.ps1

---
 inc/vCenter-SSL.ps1 | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/inc/vCenter-SSL.ps1 b/inc/vCenter-SSL.ps1
index 391d4767..3d8017e2 100644
--- a/inc/vCenter-SSL.ps1
+++ b/inc/vCenter-SSL.ps1
@@ -1,6 +1,6 @@
 #!/usr/bin/env pwsh
 # -----------------------------------------------------------------------------------
-# vCenter + Posh-ACME Script using PowerCLI (TLS-safe, ACME fixed)
+# vCenter + Posh-ACME Script using PowerCLI (Final Corrected)
 # -----------------------------------------------------------------------------------
 
 . /opt/idssys/nodemgmt/conf/powerwall/settings.ps1
@@ -37,9 +37,7 @@ if (-not (Get-Module -ListAvailable -Name VMware.PowerCLI)) {
 }
 Import-Module VMware.PowerCLI -ErrorAction Stop
 
-# ----------------------------
 # Ignore self-signed cert warnings
-# ----------------------------
 Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false | Out-Null
 
 # ----------------------------
@@ -75,9 +73,16 @@ Import-Module Posh-ACME -ErrorAction Stop
 # ----------------------------
 # ACME / PowerDNS certificate request
 # ----------------------------
+# Ensure API key is plain string (Posh-ACME PowerDNS plugin requires string)
+if ($PDNSAPI -is [System.Security.SecureString]) {
+    $PDNSAPI = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
+        [Runtime.InteropServices.Marshal]::SecureStringToBSTR($PDNSAPI)
+    )
+}
+
 $pArgs = @{
     PowerDNSApiHost    = $WDNSHOST
-    PowerDNSApiKey     = $PDNSAPI   # Plain string, do NOT convert to SecureString
+    PowerDNSApiKey     = $PDNSAPI
     PowerDNSUseTLS     = $true
     PowerDNSPort       = 443
     PowerDNSServerName = 'localhost'
@@ -113,7 +118,7 @@ if ($certSuccess) {
 }
 
 # ----------------------------
-# Upload and apply certificate via REST (PowerCLI session)
+# Upload and apply certificate via REST
 # ----------------------------
 if ($certSuccess) {
     try {
@@ -143,12 +148,12 @@ if ($certSuccess) {
 }
 
 # ----------------------------
-# Restart vpxd service via PowerCLI (safe)
+# Restart vpxd service via REST (safe for vCenter appliance)
 # ----------------------------
 try {
-    Write-Host "Restarting vpxd service..." -ForegroundColor Yellow
-    $service = Get-VMHostService -VMHost $VCENTERHOST | Where-Object { $_.Key -eq "vpxd" }
-    if ($service) { Restart-VMHostService -HostService $service -Confirm:$false }
+    Write-Host "Restarting vpxd service via REST..." -ForegroundColor Yellow
+    $uriRestart = "https://$VCENTERHOST/rest/appliance/system/services/vpxd?action=restart"
+    Invoke-RestMethod -Uri $uriRestart -Method Post -Headers $sessionHeaders -SkipCertificateCheck
     Write-Host "vpxd service restart requested." -ForegroundColor Yellow
 } catch {
     Write-Host "Failed to restart vpxd service: $($_.Exception.Message)" -ForegroundColor Yellow