Hey all Letsencryt noob here. I’ve got what i suspect is a painfully unique set of problems and if im wrong in that regard I’d love to know about how i’m wrong
Goal: Use Lets Encrypt leveraging a bot to renew certs on a windows 2012, IIS set up.
RoadBumps: Most of these boxes are in dev and are unable to be allowed out of our network for regulatory reasons. So I tried setting up win-acme.v184.108.40.206 to leverage its ability(to my understanding) to use an intermediary iis site(which is allowed out on a different binding *Foobar.Barfoo-dev.com")
M: Create new certificate with advanced options
Which kind of certificate would you like to create?: 1: Single binding of an IIS site
[Picks site wit port 80 binding that cant be outsite mydev1-1-1.foobar-dev.com]
How would you like to validate this certificate?: Create temporary application in IIS
Use different site for validation? (y/n): y
Validation site, must receive requests for all hosts on port 80: [Picks dumby site that is published externally]
Which installer should run for the certificate?: 3: Do not run any installation steps [just trying to get this to the point it will make a cert let alone install it]
The errors I get at this point are about not being browsable on the outsite for the site im trying to renew not the dumby. At this point Im pretty sure I misunderstand the role of the temporary IIS site option or that im using it wrong.
More notes: I’ve also looked at Certify the web but it doesn’t look like it can renew behind the network wall. Does anyone have any suggestions?
We need certs on these boxes for testing https dependencies in dev. At some point in staging these will have access to the outside but it will be behind a basic auth prompt which I suspect will cause similar road blocks.
MoreMore Notes: it looks like this uses acme1 and id need acme2 for wildcards which would be ideal though its not 100% needed as I can have loads of certs for each of these but a program that can do acme2 would be better.
Does anyone have any guidance or suggestions? I’m willing to dig through documentation if needed I just feel like im going about this with some incorrect understandings.