Windows operation

I am trying to follow the example code, and am using Windows as the OS. Installing Git was easy, and I got the letsencrypt directory just fine. But the commands to run the letsencrypt-auto don’t work. Okay, so probably need Python, so I found a mention of that and downloaded and installed it, but nothing magic happened, and I don’t know enough about it to make it work. There appears to not be a command line that allows me to run the script, and various other things didn’t work.

Now, I know it is a beta, but Windows is surely fairly big on certificates, and not everyone is set up for Python expertise. Some sort of assistance / documentation for the Windows newbie might be handy. My long term aim is to wrap the required commands in a tool for myself, but right now the basic tool is non-functional for me.

Pointers to specific solutions for the letsencrypt package use welcome.

They talk about it there : How Letsencrypt work for windows IIS?

Thanks - that appears to be an IIS thing, with some custom module for making it happen. I just want to use the python scripts as-is to create some certificate files on the disk, not to integrate them or anything (our server is not common, so we just need the pem etc.)

The python script need to prove ownership, it’s little more complicated than just creating a cert file.

Hmm, that sounds poor. So the "it's this simple" description is not really true - it has to be run on the specific server or something to make it work? I think that needs more explanation. On the page at Getting Started - Let's Encrypt is says

Without Automatic Web Server Configuration
This will simply place your new certificate in the current directory.
$ letsencrypt -d auth

I was sort of assuming that was exactly what it did. Okay, so I followed the technical link. The protocol is obviously a lot more than I was lead to believe so I will give up for the moment. The script will be completely inappropriate for me, I'll have to do my own interface to the public API. I find it ironic that the server being challenged for a signed nonce file is https, given it can't have a valid certificate at that point surely, but I presume the challenger will accept any old certificate at that point. Anyway, thanks for the help, but I'll await details of the API to be published and try again then.

1 Like

The latest build of my simple windows CLI client is available here:

Let me know if it works or if you run into problems with it.

Where can I learn about your client please? I don’t like to just download zips of unknown origin… How does it fit into the technical process of needing to put a page on the web server for validation?

Here’s a link to the project and source:

Currently the simple client scans IIS for host name bindings and gives you a menu to choose which one. It will then grab an answer from the ACME server and write out a file to the web site and then tell ACME it’s ready. Then it will get the cert and give you an option to install it and add an https binding for you.

Renewals are not working yet. Might be along soon though.

Thanks, but I am not using IIS. Windows is not necessarily IIS unfortunately, so I need the manual mode command line.

Give the powershell version a try then. It’s much more flexible:

by the way a gui would be rather epic where it could obtain the file needed for manual and give a save dialog to select the root for each domain you request.

There is a guy that's working for a GUI that wraps the powershell version.

I've been tempted to fire off a save file dialog from the text mode client. So wrong!

Please forgive me if this is too obvious, but the Windows OS can run lots of different servers, from Microsoft’s IIS to IIS Express to Apache HTTP Server down to the tiny Mongoose (see… Let’s Encrypt (the project) needs to decide which Windows servers it will support with its automatic operations.

If Let’s Encrypt (the project) succeeds and makes HTTPS popular, supporting Aplache on Windows (at least) will be expected.

I've added a server plugin system to my simple client. Adding support for a new server type can now be done with as little as implementing two methods.

1 Like

Thanks for your great code, Lone Coder.

I used your letsencrypt-win-simple and had pems, and the letsencrypt-win-simple daily task works well.

My server is as below.
Windows7 HE SP1 (x86)
Apache2.4.18 with VC14 from Apache Lounge.

As I need a fullchain.pem, I did the following command on a cmd.exe after getting pem files.
copy sever-crt.pem + ca-xxxx-crt.pem server.crt

This is manually, but I want it automatically when my certs are renewed.
Will you make your code create the fullchain.pem automatically?


Works on windows with cygwin installed.

This reply is for my own comment. I made a simple batch file for the above. I am using letsencrypt win simple. I think it updates the fullchain.pem automatically. Here is the batch file.

My server is as below.
Windows7 HE SP1 (x86)
Apache2.4.23 with VC14 from Apache Lounge.

I couldn’t renew my certs by letsencrypt win simple because of something like this. I gave up to use letsencrypt win simple and looked for other ways. Then I found I use it on Cygwin and made another batch for renewing. See my post.