I successfully walked through all the steps listed here through step 5:
This produced certificate files in my certbot/live directory. Now what for IIS?
A Google search returns many articles on what to do with the .pem files, but nothing works with those files. The last thing I tried was using openssl like this:
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in fullchain.pem
...this prompts for a password, which I provide. When I try to import the resulting .pfx file into the Windows certificate store, I get the message "The password you entered is incorrect" after entering the password I provided to the openssl prompt.
What am I doing wrong?
Hi @Euna, welcome to the LE community forum
hmm... that seems like it should create a valid pfx file.
Try using the
cert.pem instead of
[Windows is rather weird at times]
Also make sure to delete any preexisting
certificate.pfx file in that directory.
If not, you could also try using an more developed Windows ACME client.
certbot for Windows is actually still a
Your openssl command to create the PFX looks fine and works for me. Did you happen to use spaces or symbols in the password that might have been parsed weird by openssl? And if so, have you tried using something that is limited to letters/numbers?
You might also want to try one of the other Windows clients that has better built-in support for IIS. I'd only recommend certbot on Windows if you're using a server like Apache or Nginx on it that can use the certbot .pem files directly.
I mean you probably can script a deployment hook that creates the pfx and loads it into IIS, and it will work fine, but if you want you can use other programs that have done that work for you.
Thank you for your assistance. I couldn't get any of the above suggestions to work, but I was finally able to get it to work by using certutil instead of openssl, (see 1st answer here: windows - How to get .pfx file from .cer and .key? - Stack Overflow).
I appreciate the quick replies!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.