hey,
I got my letsencrypt beta access a few weeks ago, but was unable to use it until now because I was unable to determine how to get it to work in windows environments.
I just downloaded your client und set it up on my IIS and it works. Really great job!
I have 2 questions though:
Is it by design, that your webserver needs to be accessible via http from the internet to request / renew certificates or is it only required for the initial certificate request?
Yes you would have to have your web server accessible via HTTP for renews. (Last word from jsha was there was no validation period decided upon but should be expected to be about the same time as renewal).
To add to what @molyfra said, there will most likely be a DNS-based challenge in the future, which should make it easier to get certificates for internal services.
Also added a manual certificate mode that will get a cert and install it in the store and save it to disk for you. It’s not going to work well for renewals yet. I’m thinking of adding a system to run a batch file to run
I’d love to see server modules for lighttpd, apache, AWS, azure, etc.
Also improved the error handling in this build to dump errors that come back from the ACME server better.
I have try it. but it seem not normal work. my system windows 2012 R2.
only run to the line,and then it is close. Have you build an GUI softeware ?
Answer should now be browsable at http://office.cooltext.com/.well-known/acme-c
hallenge/ky_uLAH0x2O2452Vos5dMpQ1hiRj6cV7SJAnUoT8qHg
Submitting answer
Refreshing authorization
Hi LoneCoder, Great Code. One question though. Is it possible to use or tweak this for Apache server hosted on Windows or strictly IIS. If just IIS, is it then possible to get the certificate file created and add to the certificate store so same is usable on an Apache engine on IIS
Great work nonetheless. I am looking to try test out but may need to go offline on my Apache to configure IIS
Adding Apache support could be as easy as adding a class and implementing two methods. One that scans config and lists hostnames and another to install the cert with apache. Check the plugin folder for examples.
Manual mode can get a cert without IIS, but can't really do automatic renewals for you.
Yea, it crashes without IIS.
I however went ahead to install an IIS engine on a different port and then ran it again, but specified the path to the Apache point and it connected fine and generated the certificate but installed it into IIS.
For now I just exported it and then went ahead to use OpenSSL to convert to get the necessary pem and cer files for Apache. Kinda a long process but it worked. My thought is that a lot of people use Apache on Windows so in the end, I’ll hope someone looks at a direct way to help sort this.
Thanks for the great tool. I met problems during the application of certificates. the 1st one is the port 80. Because my ISP blocked the port 80 for HTTP, I have to use port 443 for HTTPS for my websites. I got the information below:
Authorizing Identifier xxx.xxx.com Using Challenge Type http-01
Writing challenge answer to xxx.xxx.com
Writing web.config to add extensionless mime type to xxx.xxx.com
Answer should now be browsable at http://xxx.xxx.com/…
As I mentioned, duo to the blocked port 80, the http://xxx.xxx.com is not browsable for my websites. I wonder whether there is a way to force the Challenge through port 443 rather than 80.
the 2nd issue is that my server is Windows 2012 R2 with IIS 8.5 and I don’t use the default webroot (%SystemDrive%\inetpub\wwwroot) for mywebsites (I use d:\website). It seems your software can not find my websites when scanning. I wonder whether there is any way to automatically scan the customized webroot.
Just as a follow up to this, I have been working on a new GUI tool called Certify which builds upon the ACMESharp project and provides a GUI for creating new certificate requests, renewing certificates and seeing more information about the certificates, sites etc you already have on a server. It’s not quite ready yet but I’ll be welcoming beta testers soon: http://webprofusion.com/apps/certify
You can provide your email address via the website, I’ll then notify subscribers when the app is released or at least available for testing. I’m hoping for an early-mid December release for v1.