Ok we have it, let might write a short guide:
After installing Git and Let’s Encrypt:
In Dirextory: ~/src/letsencrypt# Command: ./letsencrypt-auto certonly --manual --text
(we specified --text to get rid of the blue screen stuff)
The output we recieved is:
Please enter in your domain name(s) (comma and/or space
separated) (Enter 'c’to cancel): access.ourwebsite.com
Are you OK with your IP being logged? Yes
Make sure your web server displays the following content at
If you are doing a manual installation and running a webserver somewhere else, like in IIS:
Then you will make a copy of the on-screen instructions and opened a 2nd console window and do the following:
mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
printf “%s” (whatever our challenge code was)
$(command -v python2 || command -v python2.7 || command -v
“import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer((’’, 80),
BEFORE PRESSING ENTER: We had opened WinSCP and had to manually enter the path /tmp/letsencrypt/public_html/.well-known/acme-challenge because you cannot browse through winscp to this directory as it is hidden.
You then see your challenge files. These files need to be copied to your ISS server:
In our case we had an IIS server running on port 80: access.ourserver.com and created the virtual directory /.well-known/acme-challenge and placed the challenge files in that path.
THEN in the linux console you hit Enter to continue and you should see:
- Congratulations! Your certificate and chain have been
saved at /etc/letsencrypt/live/access.ourserver.com/fullchain.pem. Your cert will expire on 2016-03-03. To obtain a new version of the certificate in the future, simply run Let’s Encrypt again
… Some text ommitted
lrwxrwxrwx 1 root root 42 Dec 4 19:22
cert.pem -> …/…/archive/access.ourserver.com/cert1.pem
lrwxrwxrwx 1 root root 43 Dec 4 19:22
chain.pem -> …/…/archive/access.ourserver.com/chain1.pem
lrwxrwxrwx 1 root root 47 Dec 4 19:22
fullchain.pem -> …/…/archive/access.ourserver.com/fullchain1.pem
lrwxrwxrwx 1 root root 45 Dec 4 19:22
privkey.pem -> …/…/archive/access.ourserver.com/privkey1.pem
You will then again need to manually browse in winSCP to this directory as it is hidden and you then have your free certificate
Sorry for the bad editing, but all the necessary info should be here: With this we were able to accomplish a few things. A manual certificate creation. A IIS server certificate installation, and an F5 device certificate installation.
What we did on our F5:
We have an F5 running on https://access.ourserver.com running on port 443 obviously. And on an internal network we just started up a window server and added the IIS service to host a webpage.
In the F5 we created a virtual server named access.ourserver.com with the same IP as our webtop link that accesses the internal network172.25.1.100 : (example: if we go to https://172.25.1.100 we arrive at our webtop and start a remote session to internal server at 192.168.1.x.) The virtual server is on port 80 and we created a pool with the internal address 192.168.1.10:80 for our webserver)
Also note: 172.25.1.100 and access.ourserver.com resolve to the same F5 webtop
By doing this we were able to resolve http://access.ourserver.com to our IIS landing page. In IIS, as I said we added the virtual directory /.well-know/ and added the directory /acme-challenge/ and added the created challenge file into this directory.
Sorry for rambling and the incoherentness of this post.