Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:rpstpa.com
I ran this command: certbot certonly --standalone
It produced this output: cert.pem chain.pem fullchain.pem privkey.pem
My web server is (include version): IIS 10
The operating system my web server runs on is (include version): Server 2016
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I can get as far as getting the pem files created but when I import the private key isn't attached.
This creates the combined file but when I try to import this into certificates it asks for the private key password. From what I understand this shouldn't have a password so I'm stuck.
Just don't provide the password and when it prompts, press enter (for a blank password). You can then open and import the PFX etc without being prompted.
For general IIS use the most popular client choices are win-acme and Certify The Web (the app I develop) because these have direct support for updating IIS bindings etc. You can also use Posh-ACME (powershell) and a few other tools. This list has other tools but it can be hard to find the good ones if you don't know them already: ACME Client Implementations - Let's Encrypt
I have tried to leave it blank but I run into the same issue where the private key has an import password.
I tried win-acme during troubleshooting and I run into the same issue as with cert bot where the auto deploy didn't work properly with the error timeout during connect.
I did the manual validation just to try to get a cert created by putting DNS records in and was able to make the certs but I still have the issue where it wants a private key password.
I went ahead and open some ports up and the auto generation applied properly now. So consider this resolved but it's not generating a wildcard like I had wanted.
Port 80 was blocked on the firewall on this IP for the auto generation to work.