Issuing Certificates on Windows IIS 7 With Plesk Panel


#1

Hello Support Team,

This is in regards with renewal process for SSL. We have recently configured LetsEncrypt SSL on IIS for our UAT website. We would like to know how we can set auto renewal for the same. We have configured SSL using PowerShell cmdlets.


#2

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

Thanks For the inputs. We have already implemented , just wanted to know the process to renew at its renewal time.

Please find below detail to one of the site which is managed through Plesk for which we want to set Letsencrypt SSL. Do let us know when and how we can get and set the same.

My domain is: pmdisha.com

I ran this command: Not executed any cmdlet

It produced this output: N/A

My operating system is (include version):Microsoft Windows Server 2008 R2 Service Pack 1

My web server is (include version): IIS 7

My hosting provider, if applicable, is: Hostgator

I can login to a root shell on my machine (yes or no, or I don’t know): Yes (RDP Access)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk 11.0.9 Update (Service Provider May Update to 17.0.17 in future)


#4

do you know how you obtained the certificate intially?

Andrei


#5

Hi Andrei,

We have generated and configured through PowerShell.


#6

Hi @ecotechsysadmin

this forum is for letsencrypt it’s not a general TLS/SSL forum for other certificate authorities

I see you have a comodo certificate

Unfortunately we are not going to be able to help as the scripts you are talkling about are not related to letsencrypt

Also - if you do ask for help it’s worthwhile mentioning commands etc but you should work with comodo on this issue

You should also address some of the issues raised by this report

https://www.ssllabs.com/ssltest/analyze.html?d=pmdisha.com&hideResults=on

Andrei


#7

if you update to plesk 17,07 it will allow you to manage you cetificates with letsencrypt (as well as a whole lot of other things)

Andrei


#8

Hi Andrei,

Yes. We have used it as trial, we were waiting inputs on LE, have not received in time so went fro trial.


#9

Hi @ecotechsysadmin,

I think the confusion is that there are several different tools that obtain Let’s Encrypt certificates, not just one. The renewal process depends on exactly which client application was used.

I’m not familiar with the Windows clients, but I can try to put you in touch with people who work on them if you can identify the specific software.


#10

@schoen

if the domain is correct the renewal question doesn’t seem to line up with what i am observing

i checked the domain in https://crt.sh/?q=%pmdisha.com and there are currently no valid LetsEncrypt certs for that domain

logic follows if there are no certificates then a renewal is not possible (no matter the client)

comodo also issues free 3 months certificates and I think that is the one being used here

@ecotechsysadmin

can you share the commands you ran and confirm from whom (if you know) the certificate was obtained


#11

Hello,

I think it will be easier not to reinvent the wheel. Use letsencrypt-win-simple (https://github.com/Lone-Coder/letsencrypt-win-simple) coupled with the Windows Tasks Scheduler for the renew process. It works like a charm.

Kind regards,

Guy


#12

Hi Schoen,

Thanks for the input. It will be great if connect us with respective team.


#13

Hello,

YES, after some googling we found the utility you are talking about. Till that time we had implemented LE through PS, is it possible to renew the same with LE-win-simple utility?


#14

Hi ahaw021,Andrei,schoen,guyvaio,

In continuation with this thread, we are managing our websites through plesk for windows and WHM for Linux. For windows, can we use LE-win-simple utility (though using cPAnel) ? Because we have received below error after installation of LE plesk extension to one of the cPAnel

Error: Let’s Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs\letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain name
Starting new HTTPS connection (1): 127.0.0.1
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/x5btFzhPzQ674gbiHpM3g5_8B-Ps_OA1KccVvmiP5ns: "<!DOCTYPE HTML PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html"
IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: domain.com
Type: unauthorized
Detail: Invalid response from
http://domain.com/.well-known/acme-challenge/x5btFzhPzQ674gbiHpM3g5_8B-Ps_OA1KccVvmiP5ns:
"<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.


#15

A) CPANEL and PLESK are not the same in fact they are competitors
B) PLESK has their own LetsEncrypt plugin
C) https://ext.plesk.com/packages/f6847e61-33a7-4104-8dc9-d26a0183a8dd-letsencrypt

Andrei


#16

also assuming your domain is pmdisha.com

you should be able to browse to http://pmdisha.com/.well-known/acme-challenge/x5btFzhPzQ674gbiHpM3g5_8B-Ps_OA1KccVvmiP5ns:

when i do this i see this:

this tells me that an something is blocking the request, if certbot is not able to get the file then it will not validate your domain.

I am not sure if Plesk has uploaded the file but you should be able to verify this by browsing to the webroot of the site and seeing if there is a ./well-known folder

for example:

Andrei


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.