Letsencrypt-win-simple and custom renew

tylerdurden · February 3, 2017, 6:14am

Hi,

After read these articles: (west-wind & gooroo) I chose to use letsencrypt-win-simple for my window server (IIS).

It works good but I have an issue with the task created to renew certificate. This task launch everyday this cmd:

letsencrypt.exe --renew --baseuri https://acme-v01.api.letsencrypt.org/

The issue is, I would like to check the certificates only for some sites instead of all of them. Can I do this with letsencrypt-simple or I need to use another soft?

Thanks a lot.

serverco · February 3, 2017, 8:20am

using “–renew” it will only renew certificates that need renewing, rather than all certificates.

When you say " I would like to check the certificates only for some sites instead of all of them" do you mean that you don’t want the system to even check if they need renewing ? you just want those to elapse and not be renewed ? I’m just trying to understand what your requirements are.

tylerdurden · February 6, 2017, 1:26am

For exemple: I run letsencrypt.exe and after “Scanning IIS Site Bindings for Hosts”, I have 5 results. They have all a certificate. I don’t want to use “https” anymore for one of them but I don’t want to revoke the certificate. So I would like to renew the certificate only for the four others.

I hope it’s clearer. So maybe we can create a file with the hostnames for which we want to renew the certificates?

Thanks for your reply.

ahaw021 · February 6, 2017, 10:30am

hi tylerdurden

I believe if you remove the HTTPS bindings in IIS it won’t be included.

From what I understand of win-simple it will list all bindings HTTP and HTTPS but you can limit the certificate to HTTPS binding only

guyvaio · February 19, 2017, 9:04am

Hello,

Not tested but should work:

In the registry, HKEY_CURRENT_USER\Software\letsencrypt-win-simple\https://acme-v01.api.letsencrypt.org/, edit the key “Renewals” and delete the line corresponding to the certificate you don’t want to renew.
In the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory, delete all files associated with this certificate.
In MMC.exe, plugin “Certificates” (Computer), “webhosting” node : delete the certificate

There is no way to revoke certificates with letsencryptsimple but as far as the certificate is only valid for 90 days, it is perhaps not a real concern.

Regards,

Guy

tylerdurden · February 20, 2017, 12:52am

Thanks for your replies guys.

@guyvaio I have nothing displayed in MMC. The window is empty. I deleted the line in the registry, we’ll see what happens.

ahaw021 · February 20, 2017, 7:46am

fyi screenshots always help but since there isn’t one i am going to assume you didn’t add the certificate snap in

some guidance: https://msdn.microsoft.com/en-us/library/ms788967(v=vs.110).aspx

system · March 22, 2017, 7:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Letsencrypt-win-simple - Renewal Dates Don't Match Certificate Dates Help	7	2851	June 28, 2017
IIS issue adding certificates with letsencrypt-win-simple Help	2	1724	August 28, 2017
Auto-renew of letsencrypt-win-simple-v1.9.1.1 fails Help	4	1188	May 16, 2019
Second IIS binding not updated on renewal? - letsencrypt-win-simple Help	4	1373	July 28, 2017
Renewing cert from Windows client started with ACMESharp Server	4	2967	March 3, 2017

Letsencrypt-win-simple and custom renew

Related topics