I have been trying to get this working for a few months now in my spare time, but have had no success with either ACME-POSH (latest official release) or Win-simple (1.9.1.1).
I got everything setup using a slightly modified version of the netometer process (as I’m using ex2013 not ex2016 as depicted) and put in what I thought was everything I needed and I get the following errors when running without admin privileges:
New-ACMEIdentifier : An item with the same key has already been added.
Complete-ACMEChallenge : Filename: redirection.config. Error: Cannot read configuration file due to insufficient permissions
When using admin priviledges:
New-ACMEIdentifier : No registrations found. At C:\Scripts\Exchange_server\ACME-Exchange\ACME-Exchange.ps1:8 char:2
if anyone has got this working using either method, I would be very greatful to chat with you (especially if your available to chat real time to help me out of this painful pickle.
if you need more information, I’m happy to provide it, if you need the actual script, PM me and I will provide it.
Both of these packages are maintained by others, and both look as if they are not recently updated ( looking at github). Normally I’d suggest raising an issue with the developer, but the best option here may be to use one of the alternative clients that is more recently maintained.
I haven’t personally used either of the clients you mention, so can’t help directly, sorry.
thanks serverco, but as these are the only 2 windows clients that don’t require PHP, I am stuck using one or the other (the remaining “apps” just use AMCE-POSH in the background.
letsencrypt-win-simple looks to be the best option for my purposes, but I just cannot get it to work in the non test mode …
if anyone has any experience with SAN certs on windows, I’m curious what you used and how you got it working.
Thanks Andrei, but, acme posh is part of the acme sharp distrobution and I have already tried that.
I was looking for a windows client, so that I can automate the renewals. The link you provided doesnt appear to mention windows servers at all in the post.
I am happy to pay a developer friend to update either of the two packages I mentioned above, but am not sure what has changed in the protocol (if anything) to break them (?).
I took a look at the letsencrypt-win-simple issue you reported. letsencrypt-win-simple exposes more error details if you enable debug logging. I assume this would be done by changing the following line in letsencrypt.exe.config:
When you re-run the client, you should now get something like “Full Error Details …” in the output. Hopefully something in there will point you in the right direction.
Regarding your issue with ACMESharp, I would guess that New-ACMEIdentifier is failing because you haven’t run Initialize-ACMEVault and New-ACMERegistration under the admin user (from the docs: “Note, if you run as Administrator, your Vault will be created in a system-wide path, otherwise it will be created in a private, user-specific location.” The registration is probably stored in that vault, so running it under a different user means there’s no existing registration.)
I agree with your observation. A lot of the windows clients are over-complicated (in my opinion) and lack what some of the other clients have (good solid building block)
I am in the process of putting something together based on PowerShell, OpenSSL and SQLite
Building a solid core (much like SImpleLE for python) and then will have auxiliary functions
developers then can pick if they want to just use the “API” wrapper or the full stack
