Default PFX Password?

sudo · October 8, 2020, 10:34pm

I am trying to import the certificate into my AWS environment (load balancer). WIN ACME has 2 files in %programdata%\win-acme\acme...\certificates.

One of those files is a PEM, another PFX. The PFX is what contains my private key, which I need to import to AWS.

When I try to open it/install it asks for a password. I don't remember putting a password when I ran wacs.exe.

I checked the .json settings file and it says the password is "null". I tried clicking next without typing a password and it said wrong password. I also tries typing 1 space, wrong password. Typed "null", wrong password.

Any idea?

Windows Server 2016 // IIS

griffin · October 8, 2020, 10:51pm

Welcome to the Let's Encrypt Community

I think this might get you going:

sudo · October 8, 2020, 11:58pm

I see, that fixed it. Now I have another issue/question.

When importing a certificate to AWS, it asks for 3 categories:
-Certificate Body
-Certificate Private Key
-Certificate Chain

I have the private key, but not sure how to fill out the other 2 categories.

griffin · October 9, 2020, 12:19am

You've come to THE right place to get that answer.

That's your certificate.

That's the CA intermediate certificate (95% of the time).

What format do you need? (e.g. PEM, PFX)

Usually PEM works. You probably have a file named fullchain.pem. The first certificate in that file is yours. The second certificate is the CA intermediate (Let's Encrypt X3). You may have another file named cert.pem. The certificate in that file is yours (and should be identical to the first certificate in fullchain.pem). They are both text files where a certificate begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.

If you can't find fullchain.pem, here's the CA intermediate certificate:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem

If you also can't find cert.pem, you can find your entire certificate history and download any of your issued certificates here:

sudo · October 9, 2020, 6:11pm

Awesome. I was able to figure everything out from your replies. Thanks a lot!!

griffin · October 9, 2020, 6:12pm

You're very welcome.

stevenzhu · October 10, 2020, 7:12am

Just curious, looks like you are attempting to import the Let's Encrypt certificate to AWS ACM, which also offers certificate and automatic renewal w/ same CNAME validation. Do you mind sharing why you would choose to use Let's Encrypt and import manually every 2 or 3 months?