Windows Server 2003


#1

Hello, everyone,

I have an annoying problem and I just don’t know how to proceed.

We still have an old Windows 2003 R2 server, which we are not allowed to replace for stupid reasons.
On this one I would need an SSL certificate. However, all tools known to me require Windows Server 2008 or newer (.NET Framework 4.5+).

Is there a possibility to provide this 2003 server with a certificate?

Many thanks and cheers!


#2

Hi,

It’s possible, however i’m not sure if you could install it manually to the server… (since i’m not familiar with win 2003)

You could always use an online tool to request & issue the certificate… (However this will need to renew manually, without automatic renewals it would be painful…)

Try zerossl.com / sslforfree.com (sslforfree.com also provide you the option to use dns validations)

Thank you


#3

Thanks a lot for your answer stevenzhu :slight_smile:

I already saw zerossl but I do not understand the function of HTTP verification. Where exactly do I have to store the required file in a Windows system?


#4

It’s stored underyour website root/.well-known/acme-challenge folder…

Thank you


#5

I’m sorry to ask like a complete idiot, but I don’t have that directory… Do I have to go there via IIS?
Thank you so much for taking the time for me


#6

The website root is just where you store the website files on the server…

For example, it might look like D:/somefiles/mynewsite/site1/

Thank you


#7

Ha-ha-ha, now I really had to laugh.

First of all, I got it right. The path is C:\Inetpub\wwwroot.well-known

Then I had problems on Zero-SSL. Attempt to verify the file came an error with “DNS problem: NXDOMAIN looking up A…”.
Then I noticed the following constellation:

The server is called with FQDN: server1.example.net
But example.net is a completely different company and of course we have nothing to do with their DNS. Our domain is example.com

I was so shocked that I need a cold beer for now. Does anyone have any further suggestions during this time?


#8

Hi @Kathaki

before you try the next step: Create the directory C:\Inetpub\wwwroot.well-known\acme-challenge and put there a file named 123456789 without file-extension.

Then try to fetch this file with your browser:

http://yourdomain/.well-known/acme-challenge/123456789

There may be a problem with such files without extension. Perhaps you have to add a mime type. Later versions can use a configuration file, but I don’t know how to do that with Win2003.


#9

Already finished the verification JuergenAuer :slight_smile:

And you are absolutly right. You need to add a MIME to the new virtual Directory with “. and text/plain” or something like that.

I have now issues with some DNS error cause the FQDN is server1.example.net but our domain ist example.com


#10

You’re not allowed to get a certificate from a publicly-trusted CA like Let’s Encrypt for names that you don’t control. If server1.example.net belongs to a different company in the public DNS and is pointed at your server only from the point of view of your internal LAN, Let’s Encrypt and other publicly-trusted CAs won’t be able to issue you a certificate for server1.example.net.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.