From f7391b49deb3398cd9e8dddb0fbc86f5ae2112bd Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Sat, 15 Nov 2025 20:21:51 -0600 Subject: [PATCH] Update vCenter-SSL.ps1 --- inc/vCenter-SSL.ps1 | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/inc/vCenter-SSL.ps1 b/inc/vCenter-SSL.ps1 index 80aa7095..b0ebb92c 100644 --- a/inc/vCenter-SSL.ps1 +++ b/inc/vCenter-SSL.ps1 @@ -1,6 +1,6 @@ #!/usr/bin/env pwsh # ----------------------------------------------------------------------------------- -# vCenter + Posh-ACME Script (Fully Automated with Verbose Logging and SSH Fallback) +# vCenter + Posh-ACME Script (Fully Automated with Verbose Logging) # ----------------------------------------------------------------------------------- . /opt/idssys/nodemgmt/conf/powerwall/settings.ps1 @@ -36,6 +36,8 @@ if (-not (Get-Module -ListAvailable -Name VMware.PowerCLI)) { Install-Module -Name VMware.PowerCLI -Force -Scope AllUsers } Import-Module VMware.PowerCLI -ErrorAction Stop + +# Ignore self-signed cert warnings Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false | Out-Null # ---------------------------- @@ -102,6 +104,7 @@ try { # Collect certificate paths dynamically # ---------------------------- if ($certSuccess) { + # Get the most recent order $paOrder = Get-PAOrder | Sort-Object Created -Descending | Select-Object -First 1 $certFolder = $paOrder.CertFolder @@ -118,7 +121,7 @@ if ($certSuccess) { } # ---------------------------- -# Upload and apply certificate via REST with verbose logging +# Upload and apply certificate via REST (with verbose logging) # ---------------------------- if ($certSuccess) { try { @@ -132,15 +135,24 @@ if ($certSuccess) { chain = Get-Content -Path $chainPath -Raw } + $jsonBody = $body | ConvertTo-Json -Compress + $uriUpload = "https://$VCENTERHOST/rest/vcenter/certificate-management/vcenter/tls" Write-Host "Uploading TLS certificate to vCenter..." -ForegroundColor Cyan - Invoke-RestMethod -Uri $uriUpload -Method Post -Body ($body | ConvertTo-Json -Compress) -ContentType 'application/json' -Headers $sessionHeaders -SkipCertificateCheck - Write-Host "Certificate uploaded successfully." -ForegroundColor Green + Write-Host "URI: $uriUpload" -ForegroundColor DarkCyan + Write-Host "Headers: $(ConvertTo-Json $sessionHeaders -Compress)" -ForegroundColor DarkCyan + Write-Host "Body length: $($jsonBody.Length) characters" -ForegroundColor DarkCyan + + $uploadResp = Invoke-RestMethod -Uri $uriUpload -Method Post -Body $jsonBody -ContentType 'application/json' -Headers $sessionHeaders -SkipCertificateCheck -Verbose + Write-Host "Upload response: $(ConvertTo-Json $uploadResp -Compress)" -ForegroundColor Green $uriApply = "https://$VCENTERHOST/rest/vcenter/certificate-management/vcenter/tls?action=apply" Write-Host "Applying TLS certificate to vCenter..." -ForegroundColor Cyan - Invoke-RestMethod -Uri $uriApply -Method Post -Headers $sessionHeaders -SkipCertificateCheck - Write-Host "Certificate applied successfully." -ForegroundColor Green + Write-Host "URI: $uriApply" -ForegroundColor DarkCyan + $applyResp = Invoke-RestMethod -Uri $uriApply -Method Post -Headers $sessionHeaders -SkipCertificateCheck -Verbose + Write-Host "Apply response: $(ConvertTo-Json $applyResp -Compress)" -ForegroundColor Green + + Write-Host "Certificate uploaded and applied successfully." -ForegroundColor Green } catch { Write-Host "Certificate upload/apply failed: $($_.Exception.Message)" -ForegroundColor Red $global:helpme = $_.Exception.Message @@ -150,7 +162,7 @@ if ($certSuccess) { } # ---------------------------- -# Automatic vpxd restart via REST with retries, fallback to SSH +# Automatic vpxd restart via REST with retries # ---------------------------- $maxRetries = 20 $retryCount = 0 @@ -158,14 +170,16 @@ $restartSucceeded = $false while ($retryCount -lt $maxRetries -and -not $restartSucceeded) { try { + # Test if REST endpoint is available $healthUri = "https://$VCENTERHOST/rest/appliance/health/system" Write-Host "Checking vCenter REST health endpoint..." -ForegroundColor Cyan $resp = Invoke-RestMethod -Uri $healthUri -Method Get -SkipCertificateCheck -ErrorAction Stop + # Restart vpxd service $restartUri = "https://$VCENTERHOST/rest/appliance/system/services/vpxd?action=restart" Write-Host "Requesting vpxd service restart via REST..." -ForegroundColor Cyan Invoke-RestMethod -Uri $restartUri -Method Post -SkipCertificateCheck -ErrorAction Stop - Write-Host "vpxd service restart requested successfully via REST." -ForegroundColor Green + Write-Host "vpxd service restart requested successfully." -ForegroundColor Green $restartSucceeded = $true } catch { Write-Host "vpxd REST endpoint not ready yet, retrying in 15 seconds... (Attempt $($retryCount+1)/$maxRetries)" -ForegroundColor Yellow @@ -175,18 +189,9 @@ while ($retryCount -lt $maxRetries -and -not $restartSucceeded) { } if (-not $restartSucceeded) { - Write-Host "REST endpoint failed after $maxRetries attempts, falling back to SSH restart..." -ForegroundColor Yellow - try { - Write-Host "Restarting vpxd via SSH..." -ForegroundColor Cyan - $sshCommand = "service-control --stop vpxd; service-control --start vpxd" - ssh root@$VCENTERHOST $sshCommand - Write-Host "vpxd service restarted successfully via SSH." -ForegroundColor Green - $restartSucceeded = $true - } catch { - Write-Host "SSH fallback restart failed: $($_.Exception.Message)" -ForegroundColor Red - Write-Host "Please restart manually via SSH:" -ForegroundColor Red - Write-Host "ssh root@$VCENTERHOST 'service-control --stop vpxd; service-control --start vpxd'" -ForegroundColor Red - } + Write-Host "Automatic vpxd restart failed after $maxRetries attempts." -ForegroundColor Red + Write-Host "Please restart manually via SSH:" -ForegroundColor Red + Write-Host "ssh root@$VCENTERHOST 'service-control --stop vpxd; service-control --start vpxd'" -ForegroundColor Red } # ----------------------------