Does it create the file with the complete chain as that seemed a bit of gap on the previous version and hence why Mozilla could not authenticate the cert even after other browsers worked.
Will try this new version out and give you feedback once done.
You can use fullchain.pem if you want, it has the serverās certificate and the intermediates all in one file. You can also use cert.pem (the serverās issued certificate) and chain.pem (the intermediate certificates) individually for systems where that is a better idea.
LoneCoder, Superb work!
Can You confirm that if you run the .exe several times then all certificates are updated. I notied only one task is created (which is good). Does it look in a config file for the domains to be updated?
Thanks
LoneCoder, also if I have setup an IIS redirect for all non www and non https traffic to go to https://www will that still work as I though the confirmation from letsencrypt has to have access to www. Regards.
The config data is stored as JSON in the windows registry under HKCU\Software\letsencrypt-win-simple
Hi @LoneCoder,
You should consider the use of the new ASP.Net vNext / ASP.Net 5 stuff as there is a self-hosted server which intergrates with Http.Sys: (WebListener)
https://github.com/aspnet/Home/wiki/Servers
The advantage of this is that you benefit from the port sharing so it can run along-side IIS or any other web server on port 80. The challenge can then be completed without additional configuration, as long as the domain in question is pointing at the server.
Of course, the Owin server (Katana) could also be used.
Thanks. The only thing I need to confirm now is the port 80 traffic that I redirect to 443 http to https will that prevent any validation?
Thanks in advance.
I wonder whether you can add options for using port 80 or 443 in your software, just like the plugin āStandaloneā:
To obtain a cert using a āstandaloneā webserver, you can use the standalone plugin by including certonly and --standalone on the command line. This plugin needs to bind to port 80 or 443 in order to perform domain validation, so you may need to stop your existing webserver. To control which port the plugin uses, include one of the options shown below on the command line.
āstandalone-supported-challenges http-01 to use port 80
āstandalone-supported-challenges tls-sni-01 to use port 443
so that the web servers with blocked port 80 can receive certs through port 443.
Thanks
1 Like
Yea, now it no longer just closes out. If there is an error it pops it and in RED also which is great.
The certificate generated only works with WWW.domain.com or domain.com but does not work with both. Also, with Mozilla, it is not able to trace back to the CA although Edge and Chrome work fine and trace back fully to the cert authority.
LoneCoder, is there a way to also drop the certificate chain file within the same folder as all the other pem files?
Hi LoneCoder,
Iām trying to get https://github.com/Lone-Coder/letsencrypt-win-simple/releases/tag/v1.7 working on my Windows 2008 R2 server but am receiving an āAuthorization Result: invalidā error. The acme-challenge file is being created and I have verified that itās accessible via a browserā¦
Is there something obvious I might be overlooking? Is there any way I can find out why the result is coming back āinvalidā.
Thanks
I believe once you have received an āinvalidā result for an Authorization you need to start again with a new Identifier (same hostname/domain, different alias). So if it failed because of an earlier configuration problem, it will continue to be invalid for the original identifier (correct me if Iām wrong!).
Thanks for your response webprofusion,
Can you clarify what you mean by āidentifierā and āaliasā, is this something in the letsencrypt-win-simple configuration or something in IIS?
Iāve tried removing the C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple folder and running the exe again, this time with a different email address but it gets the same resultā¦
v0.97 still not normal work. How I delete before version config?
I Guess he is taking about the subdomain e.g the www in www.yourdomain.com
Hmmmā¦ Iāve tried 3 different domains now: demo.my_domain.com.au, www.my_domain.com.au and my_domain.com.au have exactly the same behaviour, the acme-challenge file is browsable but āAuthorization Result: invalidāā¦
Double check the permissions on .well-known and acme-challenge.
The folders are writable by my command line user (letsencrypt.exe is after all creating them fine).
They are also accessible by the web siteās user (as they are viewable in a web browser. the URL returns the response code string and HTML response code of 200ā¦ )
my IIS8.5 server response code of 500
We need a little more information to be able to help.
Whatās your domain name ?
What command are you running ( or link trying to reach) when you get a server response code of 500 ?
I just found a reason, When I use the tool http://certify.webprofusion.com/ v0.971, it is auto creat a web.config file in acme-challenge folder.
the file show mimeMap fileExtension="." mimeType=ātext/jsonā
I try delete the file just ok.
then I using the tool https://github.com/oocx/acme.net/releases just work .