win-acme | A simple ACME client for Windows ( for use with Let | TLS library
kandi X-RAY | win-acme Summary
kandi X-RAY | win-acme Summary
Please check our website for an up-to-date overview, documentation and downloads.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of win-acme
win-acme Key Features
win-acme Examples and Code Snippets
Community Discussions
Trending Discussions on win-acme
QUESTION
Pulling my hair out here. Yesterday I set up an SSL Certificate in IIS10. This is the process I followed:
- In IIS, under Server Certificates complete Create Certificate Request (generated server.csr & server.key)
- Go to sslforfree.com and start "create certificate" process.
- Enter Static IP in Domain box
- In Validity, choose paste Existing CSR (paste in contents of server.csr)
- Select free 90 day certificate
- Choose HTTP file upload and add auth file to virtual share in IIS.
- Verified OK.
- Download certificate
- Back in IIS, select "Complete Certificate Request"
- Browse to and select "certificate.crt" file.
- Give it a friendly name etc, and save.
- Browse to website under sites in IIS, and select Bindings. Choose the IP of the server, the incoming Port, and the newly imported SSL certificate.
- Back in sslforfree, check the installation.
- Everything all good
So everything was working beautifully, could see the certificate in the browser etc, job done.
Now come to today, and the server is actively refusing requests. Go back to check the installation of my SSL on sslforfree, and it's no longer found. Tried removing and re-adding, but nothing I do seems to get the SSL to be visible.
It's not that the certificate is refused, the browser doesn't even think it's there. Why would IIS suddenly stop sharing the certificate? I am totally stumped.
EDIT
As per the advice below, I set up a DNS name with CloudFlare and pointed it at my server.
I Set up the bindings in IIS to link to the new hostname and removed the old certificate (one for port 443 and this one for port 4443 which the API runs on):
Ports 80, 443 and 4443 are all port-forwarded on the router to my server:
I then downloaded Win-ACME and successfully created the Let's Encrypt certificate, and the renewal task created in Task Scheduler.
SSL Cert now shows in Bindings:
SSL Certificate appears to be all good:
...but when I go to the site, using the new domain name. Same problem... no certificate:
So I'm not sure what the problem is here...
...ANSWER
Answered 2022-Apr-15 at 09:31This issue may happens when the imported cert does not have a private key associated. solution would be to import the .CER file to your system(from where certificate is requested) personel store and export it with private key. Then copy the .pfx file to required server and import it from server certificate option under IIS.
And you can refer to this link: The Whole Story of "Server Certificate Disappears in IIS 7/7.5/8/8.5/10.0 After Installing It! Why!".
QUESTION
To the people that close vote this post: it doesn't help if you don't comment why. We're all trying to learn here.
I want to have wildcard certificates for 2 domains of mine using Let's Encrypt. Here's what I did:
In Chrome it all works. In Firefox I get the error below:
So I tested here: https://www.ssllabs.com/ssltest/analyze.html?d=gamegorilla.net
I also checked this other post.
There's talk on making sure that "the server supplies a certificate chain to the client, only the domain certificate". I found validating the certificate chain here.
I then took these steps found here:
- Open the Certificates Microsoft Management Console (MMC) snap-in.
- On the File menu, click Add/Remove Snap-in.
- In the Add or Remove Snap-ins dialog box, click the Certificates snap-in in the Available snap-ins list, click Add, and then click OK.
- In the Certificates snap-in dialog box, click Computer account, and then click Next.
- In the Select computer dialog box, click Finish.
I already see "Let's Encrypt Authority X3" in the Intermediate Certification Authorities. So that should already be handling things correctly I'd presume.
How can I ensure the Let's Encrypt certificate chain is supplied to the client so it works in Firefox too?
UPDATE 1
Based on @rfkortekaas' suggestion I used "all binding identifiers" instead of supplying the search pattern. When Win-acme asked Please pick the main host, which will be presented as the subject of the certificate
, I selected gamegorilla.net. After this gamegorilla.net now works in Firefox, however, on www.karo-elektrogroothandel.nl I now get an insecure certificate.
UPDATE 2
Alright, that seems to fix it. I do see that bindings for smtp/mail (e.g. smtp.gamegorilla.net) are now also added to IIS automatically: Should I leave those or delete those mail+smtp records here?
Also, the certificate is now [Manual], does that mean I need to renew manually (which woud be weird since nowhere during the certificate creation steps did I see an option for auto-renewal):
...ANSWER
Answered 2020-Jun-15 at 14:31The issue is that you only generate the certificate for www.gamegorilla.net
and not gamegorilla.net
if you select all binding identifiers instead of supplying the search pattern I think it should work.
To also get certificates for other names that are not hosted by IIS you cannot use the import from IIS function. You need to supply them all, starting with the common name.
After starting wacs
select M
for a new request and select option 2
for manual input. After that enter the comma separated list with the common name first: gamegorilla.net,www.gamegorilla.net,smtp.gamegorilla.net,karo-elektrogroothandel.nl,www.karo-elektrogroothandel.nl,smtpkaro-elektrogroothandel.nl
(without any spaces). Or when you want to generate a wildcard certificate you can use: gamegorilla.net,*.gamegorilla.net,karo-elektrogroothandel.nl,*.karo-elektrogroothandel.nl
.
Please be aware that for generating wildcard certificates you need to be able to use the DNS-01
challenge. The HTTP-01
challange doesn't support wildcard certificates.
For the certificate renewal you should run wacs --renew
from time to time (for example via a schedules task).
QUESTION
I'm having a weird issue in IIS 10. I have a website that is public facing website and hosted in AWS. The website can browse thru http, but when browse in https it's prompt to ask for credential. If I click on cancel will get 401 unauthorized.
The SSL is get from win-acme.v2.1.6.773.x64.pluggable
Given full control to Application Pool Identity
...ANSWER
Answered 2020-Apr-26 at 16:35I've figured the issue is because of the newly installed Windows Admin Center and cause all the https (443) port route to Admin Center which redirect all the https to Admin Center site.
Do take not that after uninstall the Windows Admin Center, the 443 port is still reserved and cause the https get 503 error. There is another step to unreserved those 443 port by following https://stackoverflow.com/a/50103815/13356372 answer.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install win-acme
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page