Certificate for Default Web Site, FTP and RDS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: office.mydomain.tld

I ran this command: wacs.exe --source iis --siteid s --certificatestore My --installation iis,script --script "Scripts\ImportRDSFull.ps1" --scriptparameters "{CertThumbprint}"

It produced this output:

My web server is (include version): IIS 10 (up to date).

The operating system my web server runs on is (include version): Windows Server 2022 version 21H2 (up to date).

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme.v2.2.4.1500.x64.pluggable.

Greetings!
I ask for help in issuing a certificate for the following scenario.
There is office.mydomain.tld on which are installed: IIS, FTPS, RDS: RDG, RDCB, RDWA, RD-S, RDSL.
IIS config:
Sites:

  1. Default Web Site, Bindigs:
    http office.mydomain.tld 80 *
    https office.mydomain.tld 443 *
  2. FTP, Bindigs:
    ftp 21 *
    ftp 990*

How should I use wacs.exe to generate a certificate for office.mydomain.tld that will automatically bind (and automatically reissue and rebind) to IIS Default Web Site and FTP, and to all RDS services (primarily RDG , RDCB, RDWA)?
I can only issue a certificate for the Default Web Site and automatically bind it to RDS (via the ImportRDSFull.ps1 script), but the certificate does not automatically bind to the FTP site.
I would be grateful for advice!

Hello @Italert, welcome to the Let's Encrypt community. :slightly_smiling_face:

This seems beyond the scope of issuance of a Let's Encrypt TLS Domain Validation (DV) certificates.
I suggest checking https://www.win-acme.com/ and the induvial services for proper configuration of certificates for each of the given Protocols.

5 Likes

Thank you for your reply!
Beyond? The certificate that Letsencrypt offers is fine for me. The only question is how to automatically bind it not only to the Default Web Site and RDS - this just works, but also to one more site - on which FTP is deployed?
Of course, I looked help on win-acme. It just says that the plugin for binding the certificate to FTP is now part of the general IIS plugin, but in fact the new certificate is not bound to the FTP site.

2 Likes

For automated bindings to work in IIS the hostname of your existing http/ftp binding should match an entry on the certificate - that's how certificates are automatically matched to sites in order to create/update the certificate binding.

You can ask win-acme specific questions here: win-acme/win-acme · Discussions · GitHub

4 Likes
2 Likes

I think Bruce5051 was saying helping you configure certs for all those other services is beyond the scope of this forum. If those other services can use a cert for TLS connections then the LE cert and chain should be fine. Refer to their respective docs or forums for configuration assistance.

5 Likes

Correct @MikeMcQ, thanks! :slight_smile:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.