(I filled out the basic questionaire and it got posted as is – see below, but it’s entirely not applicable to my situation)
I understand that it’s possible to create a certificate using Windows without a website installed (using a DNS challenge). I am trying to understand how to do this, without activating IIS. I cannot find instructions for this anywhere. Can someone point me to the right place please?
The OS is Win 10, and I need a cert for IMAP SSL for a bare-bones hMailServer install. The DNS is running locally on a Windows 2012R2 server.
Thanks for the suggestion, but the specific exercise is to do it with the DNS challenge.
I do know how to do it several different ways using web servers, but I’m trying to understand / verify the DNS challenge route on Windows.
The current hMailServer tutorial for setting up a LetsEncrypt certificate is very convoluted, and makes (non-technical) users do apache installs / config edits, which is very much the opposite of what the hMailServer design goals are (it’s exclusively Windows, and deliberately GUI-only).
I would like to create an alternate tutorial for those who cannot, or don’t want to, use a webserver-based challenge authentication. Since they already have to modify their system’s DNS records, a DNS challenge approach would hopefully be simpler.
If there’s a Windows certbot approach that is port 80 based, but mostly GUI, that would be second best. But there will be people who have trouble with things like missing port 80 forwards in their NATs, port 80 forwarded to a different server they’re not allowed to touch, and so on.
Posh-ACME is PowerShell based and comes with a whole bunch of DNS plugins. Though it would likely involve some additional scripting once the cert is obtained in order to deploy it to hMailServer.