Certonly --standalone "worked" but not seen in IIS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
certbot certonly --standalone
It produced this output:
C:\Certbot\live\jimtellier.com cert,chain,fullchain,privkey.pem were all updated (per file timestamps).
My web server is (include version):
IIS 10.0.19041.1
The operating system my web server runs on is (include version):
Windows 10 Pro Version 22H2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.5.0

SO, if I go to IIS Manager and look at Server Certificates, under "Issued To" jimtellier.com, I still see only the cert with the OLD Expiration Date (7/30/2023). I don't know how to get IIS to see the updated (renewed) cert in the ..\live.. folder. Isn't the update supposed to be automatic? Thanks in advance for any assist, as this expires Soon! :slight_smile:

Hi @jimtellier, and welcome to the LE community forum :slight_smile:

If you need integration with IIS, you should look into other ACME clients for Windows.
[Certbot [for Windows] is not the best choice for that]

Not automatic.
The .pem files must be converted to .pfx and loaded into the Windows certificate store.


What shows?:
certbot certificates

And what steps did you follow to use the last cert?


Well -- my bad -- I don't really recall, and I suppose I didn't make notes because I thought the "renewal" setup was automatic. :frowning: But your comment re: pem->pfx kinda rings a bell. Do you think I should chase that (again!) or go directly after a different ACME client? (recommendations for IIS use?) Thanks for your quick response!

1 Like

Only if you think you can automate that process.
The different ACME client approach would shorten that learning curve immensely.


So, taking your advice - I installed win-acme and jumped thru a few hoops, but got it to work. Thanks again for the assist!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.