Can the acme-v2 s/w generate an SSL certificate for IIS "Default Web Site?"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: SaundersIntl.net

I ran this command: wacs.exe

It produced this output: unable to create a certificate at the IIS "Default Web Site" level

My web server is (include version):IIS 10

The operating system my web server runs on is (include version): Windows Server 2019 Standard

My hosting provider, if applicable, is: Personal Server / Lenovo ThinkSystem SR630

I can login to a root shell on my machine (yes or no, or I don't know):can open command window as administrator

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme v2.1.20.1

I am trying to establish my own personal server and install ESRI ArcGIS software on it. ArcGIS needs two web adaptors to be configured. I have worked with ESRI support for several weeks and they yell me I need to generate an SSL certificate for my Windows Server 2019 Standard / IIS 10 "Default Web Site" and bind the default for 443.
When using the win-acme v2.1.20.1 sw, it would NOT allow me to generate a certificate for "Default Web Site." It only would recognize a second web site (named saundersintl.net) that I have created within IIS. I was able to create that ssl certificate and bind it to my saundersintl.net website. And that website can be seen from a web browser.
Finally my question. How can I generate an ssl certificate for the "Default Web Site" for my server (SI-Server1)???

Welcome @JimSaunders

You can only obtain public CA certificates for domain names in the public DNS. If your default server is really named SI-Server1 that is not a public name.

I am not familiar with ESRI ArcGIS but would it allow you to create a self-signed cert for this private use?

I am puzzled why their support would refer you here if I am understanding your question so I apologize if I have misunderstood.

ESRI support did not refer me to here. I used the win-acme to generate a certificate for saundersintl.net and I have a working website hosted on my server. But when I tried to install the ESRI ArcGIS software, it failed to configure the two web adaptors that are a part of the ArcGIS Software bundle. ESRI could only say that I needed an ssl certificate for the server at the "Default Web Site" level for proper installation. ESRI says that setting up my server with the proper ssl certificate is not their responsibility. But they did say I needed a CA Certificate applied within IIS for my "Default Web Site."
I tried to generate an SSL certificate, but as you say, it only could find a registered DNS of saundersintl.net that I had created in IIS.
Could I register a new certificate or DNS for "SI-Server1.saundersintl.net"? I may be talking nonsense here.
I am relatively new at this and I guess I still have a lot to learn about hosting a website on my personal / home server instead of hosting on AWS etc.

Hmm. Well, I think I should give way to other volunteers with more IIS and/or ArcGIS experience. I might easily lead you astray.

While waiting to see if anyone here can offer advice, you could try the Esri community site:

Thank you for trying.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.