Windows nginx help

Hi I’m trying to create a cert for home assitant on a Rpi3
And I already have nginx on my windows Which proxies all my usenet programs to my own domain with a paid ssl.

I’ve created a server block to link from mydomain directly to my RPI3 via a host domain through nginx which works, I would now like to add an SSL

I came across letsencrypt but Im really having issues setting it up.

I’ve installed letsencrypt-win-simple and ran the .exe

Here is what I’ve done

  1. Added my email address
  2. Agreed to the terms
  3. Picked M install manually (as it didn’t find IIS)
  4. Typed in my domain (host domain via no ip:
  5. Provided a folder link to my html
    now I don’t quite get this so I linked my main page to the server block, ran it and got this:

[INFO] Authorizing identifier using http-01 challenge
[INFO] Answer should now be browsable at
[INFO] Authorization result: valid
[INFO] Requesting certificate:
[INFO] Saving certificate to C:\ProgramData\letsencrypt-win-simple\\
[INFO] Saving issuer certificate to C:\ProgramData\letsencrypt-win-simple\\ca-0A0141420000015385736A0B85ECA708-crt.pem
[INFO] Saving certificate to C:\ProgramData\letsencrypt-win-simple\\
[INFO] Installing Non-Central SSL Certificate in the certificate store
[INFO] Installing Non-Central SSL Certificate in server software
[WARN] Unable to configure server software.
[INFO] Removing certificate 2017/8/24 10:38:49 PM
[INFO] Closing certificate store
[INFO] Adding renewal for [Manual] [1 binding - @ C:\nginx-1.8.0\html]
[INFO] Creating task letsencrypt-win-simple with Windows Task scheduler at 9am every day.

  1. I give it a username and password yet it fail and asks if I want to start again (don’t know If that matter)

Now when I check the following folder C:\ProgramData\letsencrypt-win-simple\

I see the following files.

Have I created them correctly and which ones are needed for nginx?

Many thanks

Hi @phairplay,

I haven’t used letsencrypt-win-simple but it’s sure being thorough about what different applications might potentially want. :slight_smile: The relevant files for nginx are ← certificate chain (intermediate certificate) ← your certificate (end-entity certificate) ← your private key

However, apparently nginx wants you to combine the certificate and chain into one file (in Certbot we call that “full chain”, but letsencrypt-win-simple possibly did not create it). At that point, you can tell nginx where to find the full chain and the private key:

It’s possible that might already contain the chain certificate. If you look at the contents of that file, there will either be one block that starts -----BEGIN CERTIFICATE----- or two such blocks. If there are two, then it’s pre-combined and you could just point nginx to that file as the ssl_certificate.

1 Like

When you get it set up correctly, you may also want to think about what will happen with certificate expiry and renewal. Remember that Let’s Encrypt certificates expire after 90 days.

1 Like

Thank you for the quick response.
I’ll Now the chain file did have everything I need (along with the key). I’ll start looking into how to auto create a renewal

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.