Windows ACME Simple - certificate renewals windows 2012

Hi, I am running the latest Windows ACME Simple on windows and my site works fine.

I do however use websocket as well which requires the service updating each time my certificate is renewed on my windows 2012 server.

I used to use letsencrypt-win-simple which created my cert files in this location:

cert:
C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\app.domain.com-crt.pem

and key:
C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\app.domain.com-key.pem

Now i am using Windows ACME Simple i notice the cert file is stored in:
C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
along with a cache.pfx

I cannot however find where the server key file is stored. Should I use my previous one here:
C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\app.domain.com-key.pem

also, is there a way I can get Windows ACME Simple to call my certificate a certain name and location so i dont have to keep manually update my socket services settings to point to the new cert file everytime its updated?

thanks
.

Hi @millzee

I don’t use Letsencrypt-win-simple. But one rule with Windows: Private keys shouldn’t be stored in the file system.

So the certificate is in the Webhosting - Machine-Certificate Store. Find the certificate, there you should see the information: “You have a private key”.

There you can export the certificate as .pfx file with the private key.

Hi, JuergenAuer

I don’t use Letsencrypt-win-simple. But one rule with Windows: Private keys shouldn’t be stored in the file system.

I have to point my websocket service to both key and cert files so I need to be able to locate them both on my local file system…

Manually having to export the cert every 3 months is a no go unfortunately.

Then write a small .NET program to export the certificate.

LOL, YOU SIR are very constructive arent you!

Did you actually Read the question?

in case you missed it:

is there a way I can get Windows ACME Simple to call my certificate a certain name and location so i dont have to keep manually update my socket services settings to point to the new cert file everytime its updated?

I am simply asking if this can be done with [Windows ACME Simple]. I wasn’t asking your opinion on how to secure my app!

This is incorrect. There are plenty of Windows apps that don’t use the native cert store and need both cert and private key on the filesystem.

1 Like

I managed to sort it without having to write a .net program or leave my system open for attacks :slight_smile: Windows ACME can be cmd lined to create the certs and store them in a programatic folder. You just have to tell ACME not to use any cert stores.

Happy days and well done to the clever guys who setup Letsencrypt and the ACME! its time this solution started winning awards because not only is it free its super simple to renew compared to the hassle we used to have. Is there a place we can donate to the project?

1 Like

You can donate to Let’s Encrypt here: https://letsencrypt.org/donate/ :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.