le64.exe is mostly working great for us. I’m working on a project where we’re using IIS 8 on Server 2012, and we’re using the Central Certificate Store (CCS). The snag I’ve run into is when le64.exe outputs the .pfx file, IIS 8 is displaying a red X in the CCS, and the cert does not work. My current workaround is to run a PowerShell script that gets the PFX imported into IIS correctly. That script I found is here. Also, manually reimporting the cert in IIS 8 accomplishes the same thing. The script is quicker.
Is it possible for le64.exe to output a correctly formatted PFX file? I can give you examples of the PFX file before and after running that PowerShell script so you can compare. Or if you need any other info, I will gladly provide that to you. Just let me know the best way to do that (upload them here?, etc…). The domain I used is purely for testing.
My domain is: test5.madbray.com
I ran this command: (using le64.exe)
le64.exe --key mb_account.key --csr test5.madbray.com.csr --csr-key test5.madbray.com_priv.key --crt test5.madbray.com.pem --domains test5.madbray.com --generate-missing -handle-as dns --api 2 --export-pfx xxxxxxxxxxx --live
It produced this output:
2018/11/28 14:36:58 [ ZeroSSL Crypt::LE client v0.32 started. ] 2018/11/28 14:36:58 Loading an account key from mb_account.key 2018/11/28 14:36:58 Generating a new CSR for domains test5.madbray.com 2018/11/28 14:36:58 New CSR will be based on a generated key 2018/11/28 14:37:00 Saving a new CSR into test5.madbray.com.csr 2018/11/28 14:37:00 Saving a new CSR key into test5.madbray.com_priv.key 2018/11/28 14:37:01 Registering the account key 2018/11/28 14:37:01 The key is already registered. ID: 34310605 2018/11/28 14:37:01 Current contact details: firstname.lastname@example.org, email@example.com 2018/11/28 14:37:01 Challenge for 'test5.madbray.com' requires the following DNS record to be created: Host: _acme-challenge.test5.madbray.com, type: TXT, value: emIoadZ8UunK0r-_7fi-LsmbMBlRwmmNHfsUGKcZla8 Wait for DNS to update by checking it with the command: nslookup -q=TXT _acme-challenge.test5.madbray.com When you see a text record returned, press <Enter> 2018/11/28 14:38:36 Processing the 'dns' verification for 'test5.madbray.com' 2018/11/28 14:38:36 Domain verification results for 'test5.madbray.com': success. 2018/11/28 14:38:36 You can now delete '_acme-challenge.test5.madbray.com' DNS record 2018/11/28 14:38:36 Requesting domain certificate. 2018/11/28 14:38:37 Requesting issuer's certificate. 2018/11/28 14:38:37 Saving the full certificate chain to test5.madbray.com.pem. 2018/11/28 14:38:37 Exporting certificate to test5.madbray.com.pfx. 2018/11/28 14:38:37 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ]
My web server is (include version): IIS 8
The operating system my web server runs on is (include version): Server 2012
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No