@ahaw021 Thanks for the reply. Actually, I don’t have access to that IIS windows server, there is another guy who will set it up there and it needs us to send the certificate and key files to him. Is there anyway to do it with LetsEncrypt?
Yes Certbot will dump all the certificates, key and intermediates into a known location. You can copy them from there and give them to the windows guys.
So the trouble with using Certbot on a machine that isn’t actually the web server is that Certbot has to make changes to your web site in order to prove that you control the domain name. Its normal methods probably won’t have any effect if the web site is actually served from a separate machine. That’s probably the reason for the error you’re seeing here.
There are many workarounds for this, but I might ask whether you have in mind a way that the Linux machine can change the contents of the web site remotely on the Windows machine, e.g. by something like scp or a network-mounted filesystem. If not, is there a way that the Linux machine can update DNS records in the domain name’s DNS zone file, like via a DNS provider API?
@schoen Thanks for the reply. I don’t have remote access to IIS server however I have access to DNS provider, would it help? can I use this https://zerossl.com/free-ssl/ to get certificate?
Out of curiosity, is there any reason why “another guy” canʼt do this for you? If he has the access to the server serving for your domain then he should have the ability to issue the certificates for your domain. That way he could set up automatic renewal of the certificate.
@Nekit That’s a good question, I’m not sure actually. I have access to the domain provider so I can go for DNS verification. But regarding the automatic renewal, how could it be automatically when I order it using zerossl? (We are gonna upload the certificate on Azure Portal)
Initially you didnʼt specify that the certificate will be (manually, apparently?) uploaded somewhere. In an average windows case suggestions from @ahaw021’s first reply would work.
If you’re going to be on Azure and don’t hit the limitations of using it, the Let’s Encrypt extension you can add to Web Applications works great. We’re using it where I work, and it fits our needs very well.
Likewise, letsencrypt-win-simple is great for full servers.