Windows client with IIS cert installation - specify alternate port for HTTP?


#1

We use IIS for our web app that needs to be secured.

I got this client installed and everything is working great: https://github.com/Lone-Coder/letsencrypt-win-simple

To force all clients to the SSL site, we’ve setup two sites in IIS. The ‘Default Web Site’ is listening on port 443, and the ‘HTTP REDIR’ is listening on port 80. ‘HTTP REDIR’ does a 301 redirect to the https listener ‘Default Web Site’.

When I made this change and manually ran the letsencrypt-win-simple application, it no longer sees the ‘Default Web Site’ as an option to install the cert into, it only sees the ‘HTTP REDIR’ one, since it’s got the port 80 listener.

Is there a way to add port 8080 (or another port) onto ‘Default Web Site’ and then have the letsencrypt-win-simple client use that port for the verification and installation of the SSL cert? I know I was able to specify an alternate port with letsencrypt-auto on our centos machines, so I know LetsEncrypt server end supports it!

Or if there’s a better way to achieve this, that would be awesome as well!


#2

That’s not exactly true. The client supports listening to other ports, but only with the standalone authenticator. The Let’s Encrypt CA server, Boulder, will still try to connect to port 80 or 443 for the http-01 or tls-sni-01 challenges. Always. The only scenario in which setting a different port for the challenge(s) in the client is when you’ve got some sort of reverse proxy or firewall/portmap which will redirect the challenge request to said different ports.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.