Architectural Recommendations for STAGE Certs for Win2k16


#1

I’m new to Let’s Encrypt and it’s very cool. I work for a company that uses Windows Server 2016 as their back-end, so things are not quite as straight-ahead as an open source solution for Let’s Encrypt.

I’ve found a great solution with WinACME v1.9.10.1 for my Production machines, but I’d like to find a way to setup Let’s Encrypt for a “STAGE” Server.

In my case, the STAGE Server is just like Production, but doesn’t have resolvable IP’s to the wide web.

Ideally I’d like to continue to use the WinACME v1.9.10.1 that I mentioned before.

I’ve been reading around seeing that one way to authenticate maybe using DNS, where Let’s Encrypt would generate a TXT file and I could place that into the Hosted Zone file and confirm ownership that way.

Basically, if anyone could suggest a good architectural solution that would be awesome.

It’s for:
Windows Server 2016
Amazon (EC2 & Route 53) for Private IP Addresses

Thank you.


#2

According to this, WinACME supports the DNS challenge via Azure integration or via a script. Since you’re using Route 53 I guess you would need to use the script option and find or write a script to update your DNS records in Route 53.

If you’re willing to try a different client, some of the other Windows clients eg ACMESharp, Posh-ACME, CertifyTheWeb and perhaps some others claim to support DNS challenges via Route 53.

I haven’t used any of those myself so take the above with a grain of salt.


#3

It you can’t resolve your needs via DNS challenges, you could share the acme-challenge folder from the production server and allow the staging server to use the same working validation “path”.
The staging server would run just as production.
The validations would go to a working production directory.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.