Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Certificate add failed, Error: 1321 A specified logon session does not exist. It may already have been terminated. #566

Open
gfody opened this issue Oct 3, 2024 · 2 comments
Open

SSL Certificate add failed, Error: 1321 A specified logon session does not exist. It may already have been terminated. #566

gfody opened this issue Oct 3, 2024 · 2 comments
Assignees
@rmbolger
Labels
bug Something isn't working

Comments

@gfody
Copy link

gfody commented Oct 3, 2024

I started getting this error message, these scripts were working before. same symptoms as #157 but I'm using 4.25.1

$cert = New-PACertificate 'mydomain' -AcceptTOS -Contact 'mycontact' -Plugin Route53 -PluginArgs @{R53UseIAMRole=$true} -Verbose -Force -AlwaysNewKey -Install
>
VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
...
VERBOSE: Finalizing the order.
VERBOSE: Creating new certificate request with key length 2048.
VERBOSE: Creating new private key for the certificate request.
VERBOSE: Downloading signed certificate
VERBOSE: Updating cert expiration and renewal window
VERBOSE: Successfully created certificate.
VERBOSE: Importing CN=mydomain certificate to LocalMachine\My.
VERBOSE: Chain cert 'CN=R10, O=Let's Encrypt, C=US' with thumbprint 00ABEFD055F9A9C784FFDEABD1DCDD8FED741436 already exists in LocalMachine\CA store.

when I try to bind it to a port I get the error in the title

netsh http add sslcert ipport=0.0.0.0:6516 certhash=($cert.Thumbprint) appid='{20835649-704d-4b8d-8021-46ad962ecb83}'

SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.

I've tried removing and re-installing it but it keeps giving the same error. I can compare the certs in certlm the one that's not working complains if I goto "All Tasks -> Manage Private Keys..." it says "No keys found for certificate!" though if I view it it says "You have a private key that corresponds to this certificate."

The only visible difference in certlm is that the broken one has friendly name matching the domain name.
@rmbolger rmbolger self-assigned this Oct 3, 2024
@rmbolger rmbolger added the bug Something isn't working label Oct 3, 2024
@rmbolger
Copy link
Owner

rmbolger commented Oct 3, 2024

Hey @gfody, thanks for reaching out. Unfortunately, I don't have any insight as to why this would suddenly break for you. The code for importing the certs hasn't changed in 3 years. The only Let's Encrypt related thing that has changed recently was the expiration of the old DST cross-signed root. But it doesn't seem like that should affect Windows' ability to access the private key for your cert. LE certs haven't been chaining to that root in quite some time. You could also rule this out by temporarily switching to another ACME CA.
https://community.letsencrypt.org/t/shortening-the-lets-encrypt-chain-of-trust/201580

Based on the previous issue and some web searching surrounding the error message, there doesn't seem to be any one magic reason this happens. It might be related to the .NET version PowerShell is running on. So differences between running on PowerShell 7+ or 5.1 might matter. It might also be related to a recent hotfix from Microsoft at the OS level. Here's a thread with various potential workarounds/solutions.
https://stackoverflow.com/questions/13076915/ssl-certificate-add-failed-when-binding-to-port

If you can give me some details about your specific environment (OS version, PowerShell version, .NET Framework version if on PowerShell 5.1), I can see if I can try to reproduce it on my end.

@gfody
Copy link
Author

gfody commented Oct 4, 2024

the netsh command succeeded after re-importing the pfx via certlm.msc

If you can give me some details about your specific environment (OS version, PowerShell version, .NET Framework version if on PowerShell 5.1), I can see if I can try to reproduce it on my end.

appreciate it!
PSVersion 7.4.5
Windows Server 2022 (21H2 Build 20348.2402)
.NET 4.8.1 (533325)

here's the output of dotnet --info in case it's relevant

dotnet --info
.NET SDK (reflecting any global.json):
 Version:   6.0.425
 Commit:    fcce060d9f

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.20348
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\6.0.425\

Host:
  Version:      8.0.4
  Architecture: x64
  Commit:       2d7eea2529

.NET SDKs installed:
  6.0.425 [C:\Program Files\dotnet\sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 6.0.33 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.29 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 6.0.33 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 8.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.WindowsDesktop.App 6.0.33 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 8.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Other architectures found:
  None

Environment variables:
  Not set

global.json file:
  Not found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmbolger rmbolger

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gfody @rmbolger