Need help getting started - win 2008R2


#1

My first post on this board. Hi Everyone!

I guess the first thing I need to do is find an ACME client for a Windows 2008R2 Server Edition running IIS7.5. Can anyone recommend one that they know works on this server?

I use a dedicated IP for each domain.

As my user name implies, I know little about SSL.

Thanks!


#2

One really BIG question:
Will you be hosting more than just one site (SNI) ?

The reason I ask, is that IIS 7.5 will NOT support SNI.
[That means only one site will be hosted per port (per IP)]
So that would place a big fork in the road…
Requiring (at least) one of the following paths:

  • Upgrade IIS (and/or Windows)
  • Use something other than IIS 7.5 (for initial TLS/SSL termination)

If you are only hosting one site, then you have some choices:
[scroll down to “Windows / IIS”]


#3

In answer to your BIG question: I will be hosting one site per IP. However, two of my IP’s are shared with name servers (NS1 & NS2). Based on this, how can I proceed? Thank you for your help.


#4

As you have a dedicated IP for each domain this should be ok using either https://certifytheweb.com (my app) or https://github.com/PKISharp/win-acme as these are both commonly used on server 2008 r2. There are specific requirements for .net framework depending on the app so you need to be able to install the best available for your OS.

As I’m biased towards Certify, try that and see how you get on with one site, then add another - it should auto configure the https binding to the correct IP but let me know if it doesn’t. The most common problem on server 2008 (or r2) is a binding conflict. If you maintain one IP per cert binding then it will be OK but if you start seeing one site serving the certificate for another site you know you’ve got a binding conflict to sort out.


#5

p.s. if you can conceivably move to a more recent version of windows then please do. There is only 1 year left of patches from Microsoft then they won’t be updating it at all, which is inappropriate for a device connected to the internet.


#6

Do you mean rDNS or the IPs host DNS services? or what?
[The main issue with IIS 7.5 is only with HTTPS]


#7

rg305 here is an example of what I mean:

IP 11.22.33.44 domainA.com, NS1.domainB.com
IP 11.22.33.45 domainB.com, NS2.domainB.com

Will the above configuration cause problems?


#8

I think I will start with certifytheweb. If I have trouble installing it, I might like to ask your help :slight_smile:


#9

No.
Even if you expect to host https sites on those names.
[since each name has its’ own IP]

The problem arises when using more than one name on the same IP (for https).


#10

When you said “(my app)” I thought you meant the one you were ‘using.’ Now I see that you are the app!!

It says “managing up to 5 certs.” What is you have more?

By the way, I tested one site and it works great. Even an SSL dummy can manage it!! :slight_smile:


#11

It’s actually 10 managed certs in the free version, the text is out of date in the current release. In the future it may have no limit at all but yes this is software you can use for free or you can pay for a license key and unlock unlimited managed certificates. For the majority of users the free version is ideal however businesses running many sites or requiring support often prefer to purchase a key.


#12

I have only used your app and am in no position to judge which are good, but everything went well. Thanks!