Create certificate let's encrypt with iis

in windows server 2012, I installed IIS . I created a site with host name host1 (name of windows server) and create a folder called host1 under C:\inetpub\wwwroot , contains a html file.

when navigate http://host1/, I got the desired content of the html file

Now, I have to create a certificate using that thread.

I success all the steps, but stucked on step 7:

is

at that step, the cmd of (wacs.exe) is closed by it self.

Could you please help me solving that issue ? Big thanks.

If your site is actually called “host1”, you will not be able to get an LE cert for it.
Only fully qualified domains from real Internet domain names are allowed.
See: https://letsencrypt.org/how-it-works/

Hello Sir, thanks a lot for your reply.
I have deployed my application (java) on tomcat.
the url is with the format http://193.95.99.145:8015/edt/.
I want to add certificate to be able accessing securely with https://193.95.99.145:8015/edt/.

the name of windows server 2012 is host1.
how can I move from http to https

Could you help me ?.
Big thanks Sir

If you want a cert that is globally trusted (and free), you will need:
Step #1 Get a real domain name.
LE can’t doesn’t provide certs for localhost type names nor for IP addresses.

If you don’t need a globally trusted cert, you can create a self-signed cert and use that to move from HTTP to HTTPS and use any name or IP you like in it.

Thanks Sir for your help : I’m beginner with certification.
Ok Sir, let say the domain name is esprit.tn.
My question : how can use the domain esprit.tn in public url http://193.95.99.145:8015/edt/ ?.
I tried with esprit.tn like host name in iis, and I got:

We go back to step one.
If “esprit.tn” is the domain you will be using, then that name needs to resolve to the IP you want to use it at: 193.95.99.145
It does not do that:
Name: esprit.tn
Address: 41.226.11.246
It is in use elsewhere.
You will need to change the IP or simply use another name.
Like:
myservername.esprit.tn
host1.esprit.tm
anything.unique.esprit.tn

Do you own the domain esprit.tn?
If so, you need only to add the name and IP in the global DNS zone.

Yes Sir, I can use the domain esprit.tn

Sorry, but how can I add the name and IP in the global DNS zone.
Shoud I contact the administrator ?.
Or I can do that by my self ?.
Thanks a lot Sir .

Not sure if you have enough access…
Can you add entries to DNS servers below?
nslookup -q=ns esprit.tn
esprit.tn nameserver = ns1.gnet.tn
esprit.tn nameserver = ns2.gnet.tn
esprit.tn nameserver = ns4.gnet.tn
esprit.tn nameserver = ns5.gnet.tn

If not, then you may need to ask whomever can, or use another domain that you can “control”.

Here is what you need (in plain English - or as plain as I can make it - LOL):
DNS A record entry for {insert your desired unique name here}.esprit.tn set equal to IP 193.95.99.145

1 Like

Now just to be sure.
When you spoke about http://193.95.99.145/
That is the public IP that points to the IIS server you are talking about?

Thanks Sir
yes Sir http://193.95.99.145/ id the public IP.

On the server, in cmd : I run nslookup -q=ns esprit.tn
I got:
Sans titre

OK on the IP.
The command was to show you how I got the list of DNS servers.
The question remains:

There are more things to speak about …
But I’ll wait for this answer first.

Thanks a lot Sir.
Sorry Sir, to be in corrected way, could you tell me how Can you add entries to DNS server
Should I use this thread https://www.youtube.com/watch?v=bQbHTOl2lWE

Big thanks Sir.

You start by speaking with your DNS provider or logging in to your “domain control” page and look for “DNS” settings.
It is difficult to say exactly as there are many DNS service providers, some are bundled in with other services. I don’t know who you got your domain from nor who you get your DNS services from.

If you would like, and only for the purposes of moving this forward and getting you familiar with the process, I can provide you with a temporary FQDN (domain name) that you can use to get a cert and test the system.
[very temporary]

Thanks Sir,

So as tha capture presented:
Sans titre
After add entries to DNS server, my url becames:
http://etudiant.esprit.tn:8015/edt/
and on IIS Server, the host name will be etudiant.esprit.tn
and so I can generate the certificate to be able accessing to https.
That’s right Sir ?.

There are some steps to be taken before that can happen.
But that should be the end result.

Big thanks Sir.
With the domain FQDN, wich is the host name that I can put in IIS ?.
Thanks a lot for your kindness .

FQDN = Fully Qualified Domain Name.
You already chose: etudiant.esprit.tn

But that name is not yet ready for use:
*** 8.8.8.8 can’t find etudiant.esprit.tn: Non-existent domain

Thanks Sir, I’ll came back.

Again as a way to “move forward” if only for testing, I can provide you with a temporary domain name.