New Windows client - ZeroSSL as Win32/Win64 binaries

ZeroSSL client is now available as portable Win32/Win64 binaries. Both were tested on Win8+, Win32 was also checked on XP and seemed to work fine. Both are based on the most recent client version (so ECC support included).

They should not be dependent on .Net or anything and the command line is exactly the same as for client itself, so technically could be used as CLI interface if anyone fancies creating a nice GUI for it :slight_smile:


awesome :smiley:

a good windows client that is easy to use has always been a need


1 Like

Thanks, I added this to the List of Client Implementations post.

1 Like

hi @leader

I followed the usage instructions here.

With the HTTP-01 Challenge

There are no issues (works like a charm)

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains -crt .\zerossl-win-firecube-xyz.crt -csr .\zerossl-win-firecube-xyz.csr -csr-key .\zerossl-win-firecube-xyz.key -path C:\LetsEncrypt.well-known\acme-challenge -generate-missing -live

DNS Challenge

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains -crt .\zerossl-win-dns-firecube-xyz.crt -csr .\zerossl-win-dns-firecube-xyz.csr -csr-key .\zerossl-win-dns-firecube-xyz.key -generate-missing -handle-with Crypt::LE::Challenge::Simple -handle-as dns

I get errors if I use the suggested syntax and a HTTP challenge (instead of DNS challenge) if I leave the handle-with parameter out

What I am hoping for is a challenge with TXT file like I get on the ZeroSSL website that I can then configure. What am I missing?


HTTP-01 Challenge with ECC Keys

Once again works like a charm :smiley:

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains -crt .\zerossl-win--ecc-firecube-xyz.crt -csr .\zerossl-win-ecc-firecube-xyz.csr -csr-key .\zerossl-win-ecc-firecube-xyz.key -path C:\LetsEncrypt.well-known\acme-challenge -generate-missing -curve default -live

Version 0.23 of the client :slight_smile: Basically this is indeed what I have spotted about two days ago and it has now been fixed in a new version, but it is still sitting in git at the moment and should be released this evening - I need to run a few tests for IDN support, which is also being added. Not that you couldn't use punicode names with the client before, but now it should be converting names into punycode automatically if needed.

So, with a bit of luck, that gets changed tonight and specifying -handle-as dns without -handle-with will behave as you expect it to :slight_smile:

1 Like

awesome!!! so I am not going stupid :smiley:

And by the way thanks for working on this :smiley:

Will TLS-SNI be supported the same way as DNS (i.e. challenge presented in CLI?)


Thanks, it good to know people find it useful :slight_smile:

v0.23 just went to - while it was mostly related to IDN support (so you donā€™t have to know what punycode is, client should be able to translate into it automatically), some additional changes, including the fix for le.exe DNS verification issue on Windows, should also be there.

Re TLS - that probably will be added, though I planned to make some other changes first - specifically one to make it possible for people with IIS to pass HTTP verification without messing with reconfiguration for files not having an extension.


can confirm DNS challenge is now working as expected :smiley:


.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains -crt .\zerossl-win-dns-firecube-xyz.crt -csr .\zerossl-win-dns-firecube-xyz.csr -csr-key .\zerossl-win-dns-firecube-xyz.key -generate-missing -handle-as dns -live

Ah, brilliant - thank you for the confirmation! :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.