I am trying to follow the example code, and am using Windows as the OS. Installing Git was easy, and I got the letsencrypt directory just fine. But the commands to run the letsencrypt-auto don’t work. Okay, so probably need Python, so I found a mention of that and downloaded and installed it, but nothing magic happened, and I don’t know enough about it to make it work. There appears to not be a command line that allows me to run the script, and various other things didn’t work.
Now, I know it is a beta, but Windows is surely fairly big on certificates, and not everyone is set up for Python expertise. Some sort of assistance / documentation for the Windows newbie might be handy. My long term aim is to wrap the required commands in a tool for myself, but right now the basic tool is non-functional for me.
Pointers to specific solutions for the letsencrypt package use welcome.
Thanks - that appears to be an IIS thing, with some custom module for making it happen. I just want to use the python scripts as-is to create some certificate files on the disk, not to integrate them or anything (our server is not common, so we just need the pem etc.)
Hmm, that sounds poor. So the "it's this simple" description is not really true - it has to be run on the specific server or something to make it work? I think that needs more explanation. On the page at Getting Started - Let's Encrypt is says
Without Automatic Web Server Configuration
This will simply place your new certificate in the current directory.
$ letsencrypt -d example.com auth
I was sort of assuming that was exactly what it did. Okay, so I followed the technical link. The protocol is obviously a lot more than I was lead to believe so I will give up for the moment. The script will be completely inappropriate for me, I'll have to do my own interface to the public API. I find it ironic that the server being challenged for a signed nonce file is https, given it can't have a valid certificate at that point surely, but I presume the challenger will accept any old certificate at that point. Anyway, thanks for the help, but I'll await details of the API to be published and try again then.
Where can I learn about your client please? I don’t like to just download zips of unknown origin… How does it fit into the technical process of needing to put a page on the web server for validation?
Currently the simple client scans IIS for host name bindings and gives you a menu to choose which one. It will then grab an answer from the ACME server and write out a file to the web site and then tell ACME it’s ready. Then it will get the cert and give you an option to install it and add an https binding for you.
Renewals are not working yet. Might be along soon though.
by the way a gui would be rather epic where it could obtain the file needed for manual and give a save dialog to select the root for each domain you request.
Please forgive me if this is too obvious, but the Windows OS can run lots of different servers, from Microsoft’s IIS to IIS Express to Apache HTTP Server down to the tiny Mongoose (see https://en.wikipedia.org/wiki/Comparison_of_web_server_software#Operating_system_support)… Let’s Encrypt (the project) needs to decide which Windows servers it will support with its automatic operations.
If Let’s Encrypt (the project) succeeds and makes HTTPS popular, supporting Aplache on Windows (at least) will be expected.
I've added a server plugin system to my simple client. Adding support for a new server type can now be done with as little as implementing two methods.
This reply is for my own comment. I made a simple batch file for the above. I am using letsencrypt win simple. I think it updates the fullchain.pem automatically. Here is the batch file.
My server is as below.
Windows7 HE SP1 (x86)
Apache2.4.23 with VC14 from Apache Lounge.
I couldn’t renew my certs by letsencrypt win simple because of something like this. I gave up to use letsencrypt win simple and looked for other ways. Then I found Letsencrypt.sh. I use it on Cygwin and made another batch for renewing. See my post.