Swapping from LE64.exe to letsencrypt-win-simple

mushu · June 9, 2017, 9:15pm

Win 2012R2, IIS 8.5

I used the LE64.exe tool with openssl on command line to create my cert. Can I now use the letsencrypt-win-simple tool to automate the renewal process? I read that it creates a task scheduler task that runs daily (I’d change that to once a week) and then I won’t have to worry about manually renewing every 2 1/2 months…?

ahaw021 · June 12, 2017, 9:20am

Hi @mushu

No. Create a new certificate with letsencrypt-win-simple

The two clients have different approaches to certificates etc.

Andrei

mushu · June 13, 2017, 5:10pm

Will that work if I have already configured my site to URLrewrite all http traffic to https?

leader · June 13, 2017, 7:41pm

If you have previously successfully created the certificate with LE64, you can just as well add it (with whatever other commands you might have used to convert the resulting certificate/key to a pfx file) to a task scheduler:

But if win-simple can do it for you, you might prefer trying that one of course.

mushu · June 19, 2017, 3:44pm

Yes I already created it with LE64.exe so if I can use that in a fully-automated process for renewal that I can simply schedule and forget about, that would be perfect.

Is there a place I can go to read about the process of renewal so I understand what actually needs to happen when a cert is renewed under Windows? I can certainly schedule batch files to run but I want them to replace the old cert and install it in the store automatically and all that.

leader · June 19, 2017, 6:12pm

The usage documentation is available at https://zerossl.com/usage.html for example (and also if le64 is run with --help, there will be usage examples shown).

As for the renewal command - it is basically the same as the one you used to get the initial certificate, but with two additional options:

--renew X (for example --renew 5) - sets the number of days before the expiration when the renewal should be attempted.

--issue-code XXX - sets the "exit code" to signal that the certificate has been renewed.

So for example if you want to attempt the renewal if it is 5 days or less left before the expiration, the batch file might look like this:

le64.exe [ here goes your original command line ] --renew 5 --issue-code 100
if errorlevel 100 (
echo Time to do something with the certificate file and restart the server
echo Put appropriate commands here
)

system · July 19, 2017, 6:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ssl auto renew using win-simple Server	9	21681	June 10, 2018
What is easiest way to automate cert renewal? Help	3	3350	November 4, 2017
LE64.exe question on renewals Help	6	4054	April 29, 2019
Automated renewals Help	2	596	September 6, 2018
Renew Certificate in Windows Server 2012 R2 Issuance Tech	16	13842	January 19, 2019

Swapping from LE64.exe to letsencrypt-win-simple

Related topics