I am using letsencrypt-win on an IIS 8.5 server. I have two sites on the server, each with their own IP address (using bindings). One has https on the normal port, but the other is on a special port. Neither have port 80 enabled. When letsencrypt runs, it shows two options [DNS] and [IIS] for the site on the normal SSL port, but nothing for the site on the different port.
Is there a way to specify a port for each site? I cannot quite figure out how to get this to show both sites.
Thanks!
I don’t think “other” ports are supported in the authentication mechanism - only 80 and 443.
If either of those ports is reachable to any IP in your system, then you could use a catch-all to handle the .well-known/acme-challenge requests via a common folder.
The trick is (two-part and probably unautomateable) [I think I just made up a word!]
Getting IIS to see them individually - that requires SNI and separation (like my.server:80 is a distinct site from my.server:8888) letsencrypt-win would see the :80 site but not the :8888 site
Getting the :8888 site to use the same cert as the :80 site.
An alternate would be to use a different client - one that has figured out how to automate IIS and alternate ports.
Maybe this new PowerScript client can help: WAT - Windows ACME Tool
He seems to be concerned about not allowing any port 80 access.
Maybe the :80 sites could be turned up just for the validation and then disabled.
And locked down to just a common/public/empty folder.
@rg305 he should set up a separate webroot on port 80 with only the .well-known directory and a default page that serves a 301 redirect to his https version.
I think that would be the simplest solution.
Wow folks - thanks - got to work this morning and it was like opening presents with all these responses!
So is the consensus that even with a redirect to https that having port 80 open will allow it to work properly? If so, that will definitely be the way to go.