LetsEncrypt Windows

By sduncan 0 Comment

LetsEncrypt Windows

Uncategorised

LetsEncrypt provides Free SSL Certificates using automated methods to prove you own the DNS or Website. But the certificates provided are only valid for 90 days. This was done purposefully because Certificate Revocation is broken. The intention is to use automation to work around the 90 day limit.

On Windows we are going to use the Windows ACME Simple tool and a simple HTTP server named MiniWeb

MiniWeb was chosen so we don’t need to change any IIS configuration (if you have TCP port 80 bound on your IIS server you can even use a workstation for this procedure) and we can start and stop it whenever we need to.

Download and start MiniWeb making sure to specify port 80 or it will by default start listening on port 8000. miniweb.exe -p 80

Make sure your Firewall is forwarding Tcp Port 80 to the PC running MiniWeb

Download and run the WACS tool. It will show a simple list of available commands

M: Manual (Full Options)

2: Manual Input

enter a comma separated list of Public DNS names that point to your firewall. Sign into GoDaddy to manage your DNS entries? Use whatsmyip.org to verify the public address of your firewall.

Enter a friendly name or just hit enter to use the DNS name

1: save verification files to a path

enter the path to the miniWeb server. could look something like this C:\Share\miniweb\htdocs HINT: you can paste the path from the clipboard by clicking the lock icon in the top left of the wacs.exe window and choosing Edit, Paste

Copy default web.config before validation = y

Encryption Type = 2 / Enter

1: Store certificate as .pfx file

Path to cert store = whatever i used c:\share

Password = whatever i used ByeByeMissAmericanPie

3: No additional Storage

4: Do not run any Extra installation steps

LetsEncrypt will now try to connect to your HTTP server and retrieve the verification files. If all is working well you should see a bunch of text fly past in the MiniWeb server window, and your Certificate will be created.

If MiniWeb is blank there is a problem with the DNS > FirewalIp > Vip/PortForward > MiniWeb server

Reference here

sduncan