WinAcme: Backup/Restore While Importing Renewals - win-acme 1.9.11.2 to win-acme 2.1.7.807

My domain is: We have multiple domains

I am looking to run an import of our renewals from win-acme 1.9.11.2 to win-acme 2.1.7.807 using the built in import process (https://www.win-acme.com/manual/upgrading/to-v2.0.0)

My web server is (include version): IIS v8.5

The operating system my web server runs on is (include version): Windows Server 2012 R2 v6.3

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site: no

The version of my client is: Currently WinAcme v2.1.7.807; Upgraded from v1.9.11.2.

Question: I’m looking for a way to backup/restore if things go sideways. Before making changes to IIS, we run “Backup-WebConfiguration -Name.” However, I feel like there has to be something more for the import process.

Do I make just a basic backup of C:\ProgramData\win-acme\ and the scheduled task? Is there anything else?

Possibly important as well, we have several SAN certs that are renewed using “Certify The Web” under the same site in IIS. The import wouldn’t pick those up, would it?

Notes:

1. Your file structure and import process may differ.
2. This might not be best practices. Please take with a grain of salt and do your own tests

Things To Know:

  1. Creating a certificate in V2 will generate a .json file in the main folder and some certificate files under the Certificates folder

  2. Importing a renewal from V1 will only generate a .json file. However, as good pratice, the program will want you to manually renew the newly imported items which will then create items in the Certificates folder.

  3. In V2, the .json files tell the program what websites it needs to renew. If you remove the .json file the program doesn’t know it exists. However, the cert is still present and attached to the binding in IIS. It will continue to work until it expires.

  4. If the folder for V2 does not it exist Under C:\ProgramData\win-acme the program will create it.

  5. Under the same idea as #4, you can backup the V2 folder simply by making a copy of it and renaming it.

  6. The import tool in V2 only looks at the Renewals file in the V1 folder when determining what to import. Therefore, the Renewals file is all we need to care about.

  7. Running Backup-WebConfiguration -Name in powershell will backup IIS, but it does not backup which certs were assigned to what bindings. Therefore, it’s important to know what site bindings will be updated in case you need to fall back to old certs for some reason.

Our Process

  1. Backup IIS using Backup-WebConfiguration -Name DESIRED_FILE_NAME_HERE

  2. Made a copy of Renewals and renamed it to Renewals_emptying

  3. Deleted all items out of Renewals

  4. Cut a few websites from Renewals_emptying and placed it into Renewals

  5. Ran the import process in V2

  6. Renewed the certificates in V2

  7. Made a copy of renewals in V1 folder and renamed it to renwals_run##

  8. Repeated the process until all sites were imported.

2 Likes

Great post @M_Q! I’m glad you’ve figured it out. As you might have noticed by the lack of replies, knowledge about the Windows clients/IIS isn’t that widespread on this community as far as I know. But now other people searching for a solution might benefit from your post! :slight_smile:

1 Like