Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I would like to install ADFS role on Domain Controller and use Let’s Encrypt certificate to complete ADFS configuration.
I will run ACME client on DC and follow the prompt to complete the process. Where and how do, I provide adfs certificate name (i.e want the certificate called adfs.ramlan.ca)?
My domain is: ramlan.ca
I ran this command:
It produced this output:
My web server is (include version): IIS 10 on Domain Controller
The operating system my web server runs on is (include version): Windows Server 2019 v1809
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes - As Admin
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I’m not in the least familiar with that client. I’d think you should use option M from this screen, but after that consult the documentation for that client and see how to specify a domain name and validate it.
Do, I have the option to pick https validation - if so do, I need to add any entry at GoDaddy and what selection, I should select during acme process?
I did not have this kind of issue when, I obtained SSL certificate for Exchange Server 2019. I did have few issue with autodiscover and firewall port forwarding. I fixed those issue and the certificate was issued and the renewal worked fine. Not this time for ADFS.
...which are of you doing something different than you did last time--at that time, it was trying to validate www.adfs.ramlan.ca. Now it isn't. That's good, but you still need DNS records set up pointing to your server.
On the local dns I created A record pointing to public ip address. Do, I still need to create a record on GoDaddy? Still getting same error. I am too weak in IIS. Might have to learn a lot and understand how IIS works…
I was able to get it working. The screen shot. This is what I did
Local DNS - A record pointing to Public IP
GoDaddy - A record pointing to Public IP
Tried the certificate again and it completed successfully. I was able to export the certificate in PFX so, I can use it during ADFS role install and complete ADFS configuration.
This certificate is valid for 90 day and it will auto renew using task scheduler that is created as well.
Thanks for all the help. Maybe, I will document this entire process for future reference.
