Windows IIS support - official

Is planned official support of IIS?

I have here found several projects that should support IIS, but I think, that there are unofficial and I’m afraid to deliver certificate via untrusted application of for me unknown author.

Or exists an manual, how get certificate manualy and manualy it deploy to IIS… on Windows?

1 Like

well you can use a Linux VM or another PC/raspi or whatever, and do manual mode, it’s annoying if you wanna do more than just 2 domains, but it wworks, you get ger your key and cert out of there and put it into windows, you only have to convert it from the open format to the windows format, because the key has to be included.

You can get certificate with letsencrypt-win Powershell module


And here is List of Client Implementations
You have other option letsencrypt-win-simple: https://github.com/Lone-Coder/letsencrypt-win-simple

1 Like

@ITCorp did you read the op properly? he did say that he wants rather official solutions because he doesnt want to trust unofficial software, a part that I surely can understand.

Yes, I know this two projects… but I don’t know Lone-Coder either ebekker :frowning:

There are no official clients for Windows. However the two mentioned above are the ones which are furthest in development and are supporting most of the features.

I doubt an official client will be released but it would be good to see these clients ‘officially supported’ as external projects. In a manner that they are supported through code auditing.

I personally use the Lone Coder version of which I compiled myself after looking through the source. Not many however would do that.

Bumping: The Lone Coder letsencrypt-win-simple client has been changed to win-acme and is found at https://github.com/PKISharp/win-acme/

I just used it, on an Azure Windows 2016 VM and it worked flawlessly.

1 Like

Excuse the topic bump, if anybody are still looking for a supported Let’s Encrypt client on Windows it’s worth checking out my own app Certify The Web: https://certifytheweb.com which is a full GUI for LE certificate management on Windows. The app is free to use but has a paid version for commercial use and where support is required. The app has been going since 2015 and has many thousands of users (in the region of 200K downloads) including many .gov.* installations.

The reason I felt it worth commenting here is Windows users are often businesses (or large organisations) and are therefore specifically looking for supported products (over free, but unsupported tools), it can also be pretty difficult to find proven solutions that are continuously maintained.

While the app is typically used on a Windows Server with IIS, the next major version will have new support for Apache, nginx etc and unlimited deployment tasks (local or remote) including deployment to remote services over SFTP/SSH. Beta testers wanted! https://github.com/webprofusion/certify/issues/440

3 Likes

Here are some Windows options blogged about on the Microsoft MSDN by one of their employees. https://blogs.msdn.microsoft.com/mihansen/2018/01/25/azure-web-app-with-lets-encrypt-certificate-powershell-automation/

1 Like

Hi, Respect and many thanks to LetsEncrypt.
CertifyTheWeb is great, I have been using this for a while now even though it has bugs (may have been fixed), and beware…
They are dropping the v1 API so it will fail unless you update to latest version, those still running 2008 whilst migrating will be unable to update to the latest version as this OS does not support the required .NET version.
I found this post in my search for an alternative and have found win-acme, lets hope this works.

@plonkatronix if you’re on a version of Certify The Web that’s old enough to support V1 then the bugs you hint at have most likely been fixed - our ACME V2 support came out with v4.x about 18 months ago. The current app is very stable, has been downloaded and used several hundred thousand times and is well supported (I know because I spend hours per day providing support for it!). Some users have been happy to stay on old versions up until now and are only changing because Let’s Encrypt are dropping ACME V1 support.

win-acme is a great command line tool and I have a lot of respect for it, it’s ideal for people who don’t want a GUI. It too will likely have to drop support for old versions of windows.

Regarding Windows Server 2008 - If you are using a version of Windows no longer updated by Microsoft then you risk your server being compromised by script kiddies and bots due to unpatched security flaws. https://support.microsoft.com/en-au/lifecycle/search/1163 - if you are serious about the services your server runs you need to upgrade now.

Don’t panic lol, said 2008 server is a honeypot for the exact reasons you describe and is locked down in ways one can not post :wink: I just want to keep the SSL going

1 Like

Certify is amazing, thank you.

1 Like