Import certificate from certbot to iis 8.5

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:certbot certonly --cert-name --manual --preferred-challenges dns

It produced this output: The date on my certificate is the same (no renew)

My web server is (include version):iis 8.5

The operating system my web server runs on is (include version): Windwos server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I wrote an article on this a while ago

You will need to use PFX to import in to the cert store so IIS can pick it up


Relevant Bits:

Part 6: Create .PFX file from key and certificate [IMPORTANT]

Windows prefers .pfx format for certificates. We are going to create a .pfx file using OpenSSL.

NOTE: I always recommend putting a password on .pfx files as the private key and original certificate can be exported from these.

openssl pkcs12 -export -out <name of the .pfx file> -inkey -in

If successful you should get a file created with the .pfx extension.

NOTE : more on the unable to write random state “error” -

Part 7: Install The Certificate and Reverse the MIME mapping

Installing Certificate - I will not cover this here as there are plenty of guides available on this step.

You will also need to tell IIS to start using the certificate through the bindings. Once again there are plenty of guides on how to do this.

Lastly remove Remove the MIME extension from the IIS site by simply deleting it.

If all is successful you should be able to browse to your site and verify the various comments (e.g. expiry, certificate issuer and certificate serial).

I got my certificate usinf certbot.
i got a folder with this files
I tryed to run this command :

openssl pkcs12 -export -out <path\\letsencryptgh.pfx> -inkey path\\privkey.pem -in C:\Certbot\live\\cert.pem

I get a cannot find file error.
Do you see any problem with the command?

Sorry for my very little knowledge on the subject

I notice your files are symbolic links rather than the real files, that could be your problem. I assume you already have openssl working from the command line (i.e, it’s already installed).

I’m guessing from this that your cert was generated elsewhere and that’s why you are converting it. If your windows server is running the website you’re certificate is for (i.e. you can do http validation) or you are able to do DNS validation, just download and use on your server (it’s a UI which I develop for Windows).

win-acme is also a good tool if you prefer the command line.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.