Swapping from LE64.exe to letsencrypt-win-simple

Win 2012R2, IIS 8.5

I used the LE64.exe tool with openssl on command line to create my cert. Can I now use the letsencrypt-win-simple tool to automate the renewal process? I read that it creates a task scheduler task that runs daily (I’d change that to once a week) and then I won’t have to worry about manually renewing every 2 1/2 months…?

Hi @mushu

No. Create a new certificate with letsencrypt-win-simple

The two clients have different approaches to certificates etc.

Andrei

Will that work if I have already configured my site to URLrewrite all http traffic to https?

If you have previously successfully created the certificate with LE64, you can just as well add it (with whatever other commands you might have used to convert the resulting certificate/key to a pfx file) to a task scheduler:

But if win-simple can do it for you, you might prefer trying that one of course.

Yes I already created it with LE64.exe so if I can use that in a fully-automated process for renewal that I can simply schedule and forget about, that would be perfect.

Is there a place I can go to read about the process of renewal so I understand what actually needs to happen when a cert is renewed under Windows? I can certainly schedule batch files to run but I want them to replace the old cert and install it in the store automatically and all that.

The usage documentation is available at https://zerossl.com/usage.html for example (and also if le64 is run with --help, there will be usage examples shown).

As for the renewal command - it is basically the same as the one you used to get the initial certificate, but with two additional options:

--renew X (for example --renew 5) - sets the number of days before the expiration when the renewal should be attempted.

--issue-code XXX - sets the “exit code” to signal that the certificate has been renewed.

So for example if you want to attempt the renewal if it is 5 days or less left before the expiration, the batch file might look like this:

le64.exe [ here goes your original command line ] --renew 5 --issue-code 100
if errorlevel 100 (
echo Time to do something with the certificate file and restart the server
echo Put appropriate commands here
)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.