LetsEncrypt on Windows server

Hi there,

Since we are bored with renweing our certificates we want to make use of LetsEncrypt.

Only I can’t find any support or information about LetsEncrypt ssl certificates and/or the automation of renewal for the Windows Servers…

Please help!

Greetings,
Ramon Schouten

Hi @rschouten - glad to hear you're giving Let's Encrypt a shot :stars:

I personally don't know of any good guides off-hand but we do list a number of Windows ACME clients in our documentation. Hopefully one of those would be a good starting point for finding further docs, or perhaps someone more familiar with Windows can reply to this thread with better links.

Good luck!

Very good explanation here :https://weblog.west-wind.com/posts/2016/feb/22/using-lets-encrypt-with-iis-on-windows

@guyvaio Thanks!

I will let you know how it goes!

I have implemented the Letsencrypt-win-simple and after some fiddling around and some adjusting it works perfectly.

Though, I have one more issue.
I am trying to get my Tomcat based website to SSL certified aswell, but I can't seem to work it out using Letsencrypt.
I can find support for it regarding other servers than a Windows server, but sadly we are a Microsoft only company.

I am once again, asking for any help I can get :slight_smile:

@rschouten, are you using IIS on Windows as your web-server, with Tomcat behind it serving up your web applications (recommended practice) - or is Tomcat acting as the front-end web-server itself?

If Tomcat is behind IIS, then you don't have to do anything about SSL in Tomcat itself, IIS will handle the SSL connections with the Let's Encrypt certificate that you installed on your Windows server. Tomcat, in this case, will be sending and receiving clear-text between itself and IIS - and IIS will send and receive SSL encrypted traffic between itself and the remote client.

Tomcat behind IIS requires the use of an IIS-Tomcat redirector (an IIS plugin). You may have (depending on the connector you choose) some one-time IIS and (mostly) Tomcat configuration, but it will be worth it to offload the SSL configuration to the IS server and use the automatic renewal capabilities (and free SSL certs) of Let's Encrypt.

This connector comes with a setup package that will automate the configuration for you:

IIS to Tomcat Connector
http://tomcatiis.riaforge.org/

...with the newest verson of this connector at:

BonCode Connector – BonCode
BonCode Connector – BonCode

Otherwise, here are a couple of sites where you can get instructions for doing it yourself using the IIS to Tomcat director that comes in the Tomcat distribution:

The Apache Tomcat Connectors - Web Server HowTo - ISAPI redirector for Micrsoft IIS HowTo
The Apache Tomcat Connectors - Web Server HowTo (1.2.50) - ISAPI redirector for Micrsoft IIS HowTo

How to Configure IIS 7 and Tomcat Redirection on Windows Server 2008 (64 Bit) « Sharing the Point
How to Configure IIS 7 and Tomcat Redirection on Windows Server 2008 (64 Bit) « Sharing the Point

On the other hand, if Tomcat is your front-end web-server, then you've got to deal with the mess of getting SSL set up on Tomcat to begin with (keygens, CSRs, etc.) - and, unless there is someone with a Java ACME client; I don't know of a way to automate the initial request or the renewal of Let's Encrypt SSL certificates in your Tomcat server.

CBruce

Thank you so much for your detailed and explicit explanation!

The Tomcat server is “hosted” by the provider/supplier Progress, we are using their product called Rollbase.

Since we have sort of an instance of their tomcat server, we can’t really manage much of the tomcat ourselves.
Tomcat is now serving as the frond-end web-server itself (I think).

We have asked the provider/supplier if we can user IIS as the web-server or host the webapps via IIS.
They did not know the answer.

I will try your solutions and as soon as I know more I will post the solution or where it went wrong.

Thanks!

hi @rschouten

there have been some good discussions on tomcat that may be worth reviewing :smiley:

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.