Using CSR method to Obtain Certificates for Windows IIS

I know this is probably a FAQ but hopefully a quick answer. I’m familiar with the “traditional” ways to install SSL certificates on Windows II using CSR files such as using this process from GoDaddy:

https://uk.godaddy.com/help/iis-8windows-server-2012-generate-csrs-certificate-signing-requests-4950

I’ve just had a quick glance at the “Getting started” page and it mentions some new ways of doing it. My question is can you use the CSR route or do I need to find time to look at the newer (to me) methods?

You can go CSR route, but itʼs much easier to use new methods. In an average case you can issue a ready-to-use certificate+key in one simple command.

hi @munrobasher

You can obtain without a CSR created by windows

There is also certify (google search it) and letsencrypt-winsimple which are popular clients

These clients will do the CSR for you and will install the certificates in the stores that you need and even configure IIS bindings (in the case of letsencrypt-winsimple and certify)

Andrei

Thanks for the replies. I’ve looked at the Letsencrypt-win-simple client and whilst the test mode worked, there appears to be a problem adding the task to the task scheduler. I assume I’ll have to head off over to the support for that product for help?

See I knew it wasn’t going to be that simple although I do admit the task scheduler idea to auto renew the certificate is a good idea as the 90 day expiry is the slight downside of the free certificate. But of course, on the other hand it’s better as you can’t forget to renew every year :slight_smile:

Creating Task letsencrypt-win-simple httpsacme-v01.api.letsencrypt.org with Windows Task scheduler at 9am every day.
Error NotV2SupportedException {Message=“Task Scheduler 2.0 (1.2) does not support setting this property. You must use an InteractiveToken in order to have the task run in the current user session.”, MinimumSupportedVersion=V1, Data=[], InnerException=null, TargetSite=Void set_RunOnlyIfLoggedOn(Boolean), StackTrace=" at Microsoft.Win32.TaskScheduler.TaskSettings.set_RunOnlyIfLoggedOn(Boolean value)
at LetsEncrypt.ACME.Simple.Program.EnsureTaskScheduler()
at LetsEncrypt.ACME.Simple.Program.ScheduleRenewal(Target target)
at LetsEncrypt.ACME.Simple.Program.Auto(Target binding)
at LetsEncrypt.ACME.Simple.Plugin.Auto(Target target)
at LetsEncrypt.ACME.Simple.Program.GetCertificateForTargetId(List`1 targets, Int32 targetId)
at LetsEncrypt.ACME.Simple.Program.Main(String[] args)", HelpLink=null, Source=“Microsoft.Win32.TaskScheduler”, HResult=-2146233088}

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.