I must be blind, I don't remember that 'www prefixed' dialog!! I use NoScript in Firefox, maybe that dialog was blocked?
I'll regenerate the cert, but ... my organization name would be www.computerdatabase.com and my common name would be computerdatabase.com, right?
close
ZeroSSL is a good client and will create a SAN (multi domain certificate) for you. You should cover both of these as it looks like your server is listening for both www.computerdatabase.com and computerdatabase.com domains 
The names that will be covered
computerdatabase.com
www.computerdatabase.com
Once you obtain and install the new certificate (covering www.computerdatabase.com and computerdatabase.com ) you should be all good
Andrei
These are both terms from X.509 jargon, but Let's Encrypt in particular ignores organization name because of the theory that we cannot really confirm automatically what "organization" operates a particular site. So, the subject ON field is left out of all Let's Encrypt certificates. By an old convention, the CN field is used to list a DNS domain name for a site, but modern certificate-issuing practice also uses subject alternative names (the SANs that @ahaw021 mentions), of which there can be more than one, to list all of the domain names.
Andrei - I just tried again, but never saw that dialog about including www.prefixed version too?
I'm using a csr generated by IIS6.
I just paste it into the 'paste your CSR' box, that dialog never pops up between when I verify the key presented to me.
I'm perplexed, are you using other steps? Possibly you're not using an IIS6 generated CSR, and it's acting differently?
I'm using Firefox with NoScript, but I've given zerossl,com and letsencrypt.org permissions. When does the popup appear?
hi @sslWannabe
Apologies - should have explained it a bit more
If you paste your own CSR then the www-prefix will not show up
If you just paste the domain name it will (ZeroSSL will then generate the CSR etc for you)
I had a look and there is no apparent way for SAN CSRs from IIS 6.x
The workaround would be to create a CSR for www.computerdatabase.com (so you will manage two individual certificates) and create bindings for each version (i.e. www.computerdatabase.com and computerdatabase.com) each with itās own certificate
Andrei
Andrei - Iām behind ISA Server - each SSL has to have itās own listener, itās own ip address, so from what youāre saying (two certificates would be necessary), Iād have to use two ip addresses for each domain?
I thought Iād try the REE SSL Certificate Wizard to start and debug the process and then move on to the other techniques, but ā¦ would the technique the author of that site suggested here work on IIS6?
https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke
thanks!!
Or - should I just create the CSR totally within the FREE SSL Certificate Wizard? And then import that into IIS? Iām about out of my league with SSL I guess?
create a certificate using the ZeroSSL client
Convert to PFX and import to Cert Store and Assign to IIS and ISA
I am not sure how well they will do with a SHA256 SAN Certificate so the best thing to do is try
Andrei
The tech note
worked perfectly for www and no www.
Thanks for your patience!
My next step is to try the Crypt-LE tools Releases Ā· do-know/Crypt-LE Ā· GitHub to automate things a bit more.
i am also running that client through itās paces
my findings thus far: New Windows client - ZeroSSL as Win32/Win64 binaries
Your testing results look very promising!
All thatās left is a way to automate adding the keys to the certificate stores on Windows, probably with PowerShell - and deleting any older expired certificates?
I have updated the documentation for ZeroSSL downloadable client to outline how you might automate renewal on Windows - https://zerossl.com/usage.html
Hopefully it might be helpful.
Is it possible to create a wildcard cert using the ZeroSSL downloadable client? I often have a prefix when Iām testing other than www or nothing.
I read the doc where you referenced for ECC certs. Iād heard about Elliptic Curve Cryptography on the Security Now podcast.
If Iām reading it properly, even the latest Firefox on an XP machine wouldnāt be able to read it - or ā¦ will it? I actually have some clients running XP.
Since ZeroSSL uses Letās Encrypt API and Letās Encrypt does not provide wildcard certificates (at least for now), the answer to the first question is no.
As for the ECC compatibility, recent versions of Firefox on XP do not seem to have any problems with that at all. Additionally, if you are using NginX for example as your web-server, you can easily specify both ECC and RSA versions - see https://scotthelme.co.uk/hybrid-rsa-and-ecdsa-certificates-with-nginx/ for details.
Which version of Perl and download location do you recommend for Windows?
If you want the client specifically in Perl (for example to develop additional modules), then Strawberry Perl portable edition would be the best choice. Installation instructions can be found at https://zerossl.com/installation.html
However, if you just want a Windows client and do not plan to do any Perl development, then you might consider using Windows binaries instead - they are also fully portable and do not require any installation.
My preference is the windows binaries alone - I looked at the readme.md and it seem to imply Iād need Perl āWith Windows you donāt have to install anything but Perlā, which confused me. Thanks!!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.