The certificate has 0 byte

I got a certificate through certbot successfully. The following is what i got:

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\asas.ee.ncku.edu.tw\fullchain.pem
Key is saved at: C:\Certbot\live\asas.ee.ncku.edu.tw\privkey.pem
This certificate expires on 2022-10-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

However, I found that all the .pem files have 0 byte and i failed to install it on my IIS.
could anyone tell me what went wrong?
image

thanks a lot in advance.

1 Like

Welcome to the Let's Encrypt Community! :slightly_smiling_face:

Those are symbolic link (.symlink) files, not the actual certificate files. I'm going to tag @webprofusion to help you out. As the developer of Certify The Web, he's much more familiar with the IIS certificate installation process.

6 Likes

I'll add to griffin's comment that I think Certify The Web is much easier to use for IIS than certbot.

Certbot on Windows is fine with, for example, apache or nginx but not very good for IIS. It can be done it is just more manual steps.

Certify The Web is one of the other choices recommended by Let's Encrypt and is an easy to use gui.

4 Likes

Does this return anything?:
more C:\Certbot\live\asas.ee.ncku.edu.tw\fullchain.pem

4 Likes

The /live/ folder contains folders of "certificate names" that contain symbolic links, which should link back to the actual certificate, with a versioned suffix, in a folder with the same "certificate name" in /archive/.

usually /live/example.com/cert.pem -> will correspond to /archive/example.com/cert1.pem

3 Likes

thank you very much for all the explanations. I followed through this document trying to install the certificate. Dropbox Paper
Basically there are two stages based on the document: (1) What You’ll Need (2) Binding Your Certificate to Your Website. I went through the (1) successfully and got the result

However, in (2), at step 4, 4. Input the following the SSL certificate box does not show up and I could not enter anything. I went back to (1) at step 4 trying to see my server certificate. The server certificate asas.ee.ncku.edu.tw disappeared.
Could anyone help me out! Thank you very much in advance.

I am sorry that I did not give you a correct docuement that i used. The document should be How to Install an SSL/TLS Certificate In Microsoft IIS 7 - The SSL Store™.

Although I've tried certbot (on windows) just to order certificates I've never tried to actually use them on Windows - the main limitation regarding IIS is that certbot doesn't produce a PFX nor store it in the computer certificate store. If you are manually converting to PFX and storing the cert, store it under Local Computer > Personal > Certificates or Local Computer > Web Hosting > Certificates (IIS will look in either of these places).

You will find these symlinks are created by the Administrator account and as such can only be read by someone running under elevate privileges. Try opening cmd as Administrator, then run dir /al and you should see the paths of the files the links point to (under the archive folder).

As others have helpfully mentioned, you will find https://certifytheweb.com relatively easy if you are having difficulties with Certbot on windows. The UI does have some (not all) translated elements and you can choose your language under Settings > UI Settings, which may help.

5 Likes

Note that as the files (which the symlinks are pointing to) are created by an Administrator account, you can also try changing the read permission of the files under certbot/archive/ so your account can read them, then these symlinks will start working again.

5 Likes

thank you very much for your suggestion. I checked that my account is an administrator account. Therefore, the problem is not supposed to happen. Is there any other reason that may cause the problem I mentioned before?

1 Like

Sorry, I don't know enough about the permission certbot sets on windows (and why) to help more. Perhaps someone else will know.

4 Likes

thanks a lot. It is still nice to know what you mentioned.

1 Like