Generating certificate on windows server 2012 with IIS7

My domain is:

I ran this command:

It produced this output:

My web server is (include version: IIS7

The operating system my web server runs on is (include version): ): windows server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes, I can run CMD as Administrator

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO, I have RD access

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

My issue is that I have two file that have been generated using certbot one request cert and the other request key and both in .pem file format.

I tried to merge them both to generate the certificate in .pfx using openssl but I get the error "unable to load certificates", from my understanding this means that the request and key are not correctly generated for use with Windows server and I need to recreate/ request these files in "base-64 encoding x.509 (.cer)", so my question is how do i do this using certbot?

Thanks in advance.

According to the docs: (
So the problem is within your OpenSSL command.

Many thanks rg305 I'll have a read and try your suggestion. BTW, I'm not renewing, this is a fresh new cert.

1 Like

There is a certbot for windows now.
And also some very well maintained third party windows clients as well.
[that could do the whole integration for you - automatically]

Also, IIS7 may not support SNI.
So if you are only doing one FQDN, that might be OK.

1 Like

Minor correction. You can do multiple FQDNs without SNI. They just have to be tied to the same cert in the same IIS "site". You can also have multiple sites each with a different cert as long as each one is bound to its own IP address.


thanks rmbolger, very helpful.

1 Like