New Windows client - ZeroSSL as Win32/Win64 binaries


#1

ZeroSSL client is now available as portable Win32/Win64 binaries. Both were tested on Win8+, Win32 was also checked on XP and seemed to work fine. Both are based on the most recent client version (so ECC support included).

They should not be dependent on .Net or anything and the command line is exactly the same as for le.pl client itself, so technically could be used as CLI interface if anyone fancies creating a nice GUI for it :slight_smile:


Setting up LetsEnccrypt on IIS 6.x Windows Server 2003
Le64.exe not creating file in windows server 2012?
Using CSR method to Obtain Certificates for Windows IIS
SSL Certificate on AWS EC2 Server (Windows 2012 R2) running IIS
#2

awesome :smiley:

a good windows client that is easy to use has always been a need

Andrei


#3

Thanks, I added this to the List of Client Implementations post.


#4

hi @leader

I followed the usage instructions here. https://zerossl.com/usage.html

With the HTTP-01 Challenge

There are no issues (works like a charm)

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains zerossl-win.firecube.xyz -crt .\zerossl-win-firecube-xyz.crt -csr .\zerossl-win-firecube-xyz.csr -csr-key .\zerossl-win-firecube-xyz.key -path C:\LetsEncrypt.well-known\acme-challenge -generate-missing -live

DNS Challenge

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains zerossl-win-dns.firecube.xyz -crt .\zerossl-win-dns-firecube-xyz.crt -csr .\zerossl-win-dns-firecube-xyz.csr -csr-key .\zerossl-win-dns-firecube-xyz.key -generate-missing -handle-with Crypt::LE::Challenge::Simple -handle-as dns

I get errors if I use the suggested syntax and a HTTP challenge (instead of DNS challenge) if I leave the handle-with parameter out

What I am hoping for is a challenge with TXT file like I get on the ZeroSSL website that I can then configure. What am I missing?

Andrei


Help With ACMESharp
Le64.exe: Can't locate utf8_heavy.pl in @INC
Migrating webserver off ISP to own boxes (IIS 8.5)
Setting up LetsEnccrypt on IIS 6.x Windows Server 2003
#5

HTTP-01 Challenge with ECC Keys

Once again works like a charm :smiley:

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains zerossl-win-ecc.firecube.xyz -crt .\zerossl-win–ecc-firecube-xyz.crt -csr .\zerossl-win-ecc-firecube-xyz.csr -csr-key .\zerossl-win-ecc-firecube-xyz.key -path C:\LetsEncrypt.well-known\acme-challenge -generate-missing -curve default -live


#6

Version 0.23 of the client :slight_smile: Basically this is indeed what I have spotted about two days ago and it has now been fixed in a new version, but it is still sitting in git at the moment and should be released this evening - I need to run a few tests for IDN support, which is also being added. Not that you couldn’t use punicode names with the client before, but now it should be converting names into punycode automatically if needed.

So, with a bit of luck, that gets changed tonight and specifying -handle-as dns without -handle-with will behave as you expect it to :slight_smile:


#7

awesome!!! so I am not going stupid :smiley:

And by the way thanks for working on this :smiley:

Will TLS-SNI be supported the same way as DNS (i.e. challenge presented in CLI?)

Andrei


Configuring Internal Environment to Suit Externally Validated Domains
#8

Thanks, it good to know people find it useful :slight_smile:

v0.23 just went to https://github.com/do-know/Crypt-LE/releases/latest - while it was mostly related to IDN support (so you don’t have to know what punycode is, client should be able to translate into it automatically), some additional changes, including the fix for le.exe DNS verification issue on Windows, should also be there.

Re TLS - that probably will be added, though I planned to make some other changes first - specifically one to make it possible for people with IIS to pass HTTP verification without messing with reconfiguration for files not having an extension.


#9

can confirm DNS challenge is now working as expected :smiley:

command:

.\le64.exe -key .\LETSECRYPT_ACCOUNTKEY_PRIVATE.pem -domains zerossl-win-dns.firecube.xyz -crt .\zerossl-win-dns-firecube-xyz.crt -csr .\zerossl-win-dns-firecube-xyz.csr -csr-key .\zerossl-win-dns-firecube-xyz.key -generate-missing -handle-as dns -live


#10

Ah, brilliant - thank you for the confirmation! :slight_smile:


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.