AlternativeIdentifierRefs problems with ACME New Certificate

The AlternativeIdentifierRefs parameter is used by the New-ACMECertificate cmdlet in ACMESharp when you want Let’s encrypt to have an secondary domain in the same certificate as your primary alias.
This is handy because Let’s Encrypt doesn’t support wildcards. EDIT: Let’s Encrypt ACMEv2 endpoint DOES support wildcards, but the Powershell module as it stands does not use ACMEv2.

I was having an issue when trying to do this;

New-ACMECertificate : The given key was not present in the dictionary

This was because in the previous steps in my script, I was only validating my ownership of the first alias – not of the alternative domains. I need to validate all domains before a certificate will be issued.

Here’s some code snippets of what I ended up with;

Cloud Solution Architect at Microsoft in the UK.

3 Replies to “AlternativeIdentifierRefs problems with ACME New Certificate”

    1. Damn it!! Cheers Rupert ????

      Shame that ACMESharp hasn’t been updated to support it.


      New-ACMEIdentifier : Error creating new authz :: Wildcard names not supported
      At line:1 char:1
      + New-ACMEIdentifier -Dns "*.$rootdomain" -Alias "star"
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidData: (ACMESharp.Vault.Model.IdentifierInfo:IdentifierInfo) [New-ACMEIdentifier], Ac
      meWebException
      + FullyQualifiedErrorId : urn:acme:error:malformed (400),ACMESharp.POSH.NewIdentifier

Leave a Reply

Your email address will not be published. Required fields are marked *