After read these articles: (west-wind & gooroo) I chose to use letsencrypt-win-simple for my window server (IIS).
It works good but I have an issue with the task created to renew certificate. This task launch everyday this cmd:
letsencrypt.exe --renew --baseuri https://acme-v01.api.letsencrypt.org/
The issue is, I would like to check the certificates only for some sites instead of all of them. Can I do this with letsencrypt-simple or I need to use another soft?
Thanks a lot.
using “–renew” it will only renew certificates that need renewing, rather than all certificates.
When you say " I would like to check the certificates only for some sites instead of all of them" do you mean that you don’t want the system to even check if they need renewing ? you just want those to elapse and not be renewed ? I’m just trying to understand what your requirements are.
For exemple: I run letsencrypt.exe and after “Scanning IIS Site Bindings for Hosts”, I have 5 results. They have all a certificate. I don’t want to use “https” anymore for one of them but I don’t want to revoke the certificate. So I would like to renew the certificate only for the four others.
I hope it’s clearer. So maybe we can create a file with the hostnames for which we want to renew the certificates?
Thanks for your reply.
I believe if you remove the HTTPS bindings in IIS it won’t be included.
From what I understand of win-simple it will list all bindings HTTP and HTTPS but you can limit the certificate to HTTPS binding only
Not tested but should work:
- In the registry, HKEY_CURRENT_USER\Software\letsencrypt-win-simple\https://acme-v01.api.letsencrypt.org/, edit the key “Renewals” and delete the line corresponding to the certificate you don’t want to renew.
- In the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory, delete all files associated with this certificate.
- In MMC.exe, plugin “Certificates” (Computer), “webhosting” node : delete the certificate
There is no way to revoke certificates with letsencryptsimple but as far as the certificate is only valid for 90 days, it is perhaps not a real concern.
Thanks for your replies guys.
@guyvaio I have nothing displayed in MMC. The window is empty. I deleted the line in the registry, we’ll see what happens.
fyi screenshots always help but since there isn’t one i am going to assume you didn’t add the certificate snap in
some guidance: https://msdn.microsoft.com/en-us/library/ms788967(v=vs.110).aspx
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.