How to create cert (windows, apache and no 80 port)

My domain noip)

I am using win-acme

My web server is (include version):Apache, also can run flask(python)

The operating system my web server runs on is (include version):windows 10

I can login to a root shell on my machine (yes or no, or I don’t know):yes, standart windows cmd

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

how to make cert file?
1)all people are using certbot, but i have windows
i downloaded win-acme from github
2)ISP port 80 is blocked (port 443 is working)
3)what choose in win-acme and how to configure no-ip domain
P.S. i have static ip

Hi @denis550555

then you have two options:

  • Ask your ISP if unblocking is possible (there are some ISP with that option),
  • use dns-validation, perhaps manual. Should work, but you have to do that every 60 - 85 days.


noip has a lot of modes:
which of them i should choose?

i tryed to use dns and console is closing:

[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version (RELEASE)
[INFO] IIS not detected
[WARN] Scheduled task not configured yet
[INFO] Please report issues at

M: Create new certificate (full options)
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew all
O: More options…
Q: Quit

Please choose from the menu:

Please choose from the menu: m

[INFO] Running in mode: Interactive, Advanced

Please specify how the list of domain names that will be included in the
certificate should be determined. If you choose for one of the “all bindings”
options, the list will automatically be updated for future renewals to reflect
the bindings at that time.

1: Manual input
2: Read a CSR created by another program
: Abort

How shall we determine the domain(s) to include in the certificate?: 1

Enter comma-separated list of host names, starting with the common name:

[INFO] Target generated using plugin Manual:

Suggested FriendlyName is ‘[Manual]’, press enter to accept or type an alternative:

The ACME server will need to verify that you are the owner of the domain names
that you are requesting the certificate for. This happens both during initial
setup and for every future renewal. There are two main methods of doing so:
answering specific http requests (http-01) or create specific dns records
(dns-01). For wildcard domains the latter is the only option. Various
additional plugins are available from

1: [http-01] Save verification files on (network) path
2: [http-01] Serve verification files from memory (recommended)
3: [http-01] Upload verification files via FTP(S)
4: [http-01] Upload verification files via SSH-FTP
5: [http-01] Upload verification files via WebDav
6: [dns-01] Create verification records manually (auto-renew not possible)
7: [dns-01] Create verification records with acme-dns (
8: [dns-01] Create verification records with your own script
C: Abort

How would you like prove ownership for the domain(s) in the certificate?: 6

After ownership of the domain(s) has been proven, we will create a Certificate
Signing Request (CSR) to obtain the actual certificate. The CSR determines
properties of the certificate like which (type of) key to use. If you are not
sure what to pick here, RSA is the safe default.

1: Elliptic Curve key
2: RSA key

What kind of private key should be used for the certificate?: 2

When we have the certificate, you can store in one or more ways to make it
accessible to your applications. The Windows Certificate Store is the default
location for IIS (unless you are managing a cluster of them).

1: IIS Central Certificate Store (.pfx per domain)
2: PEM encoded files (Apache, nginx, etc.)
3: Windows Certificate Store
C: Abort

How would you like to store the certificate?: 2

Path to folder where .pem files are stored: D:/programs

1: IIS Central Certificate Store (.pfx per domain)
2: Windows Certificate Store
3: No additional storage steps required
C: Abort

Would you like to store it in another way too?: 3

With the certificate saved to the store(s) of your choice, you may choose one
or more steps to update your applications, e.g. to configure the new
thumbprint, or to update bindings.

1: Start external script or program
2: Do not run any (extra) installation steps

Which installation step should run first?: 2

i created cert. but with
and i added redirection server to noip

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.