Windows Server 2008R2 - lestencrypt-win-simple Renewal Behaviour

Windows 2008 R2 Server
ACME client = letsencrypt-win-simple

In [MMC]-[Certificate Manager]-[User Accounts] my Let’s Encrypt certificate is under the [Personal]-[Certificates] key.

I want to move my certificate from [User Accounts] to [Computer Accounts], but I need to know this first…

  • Will the RENEW TASK, that letsencrypt-win-simple created, still find my LE certificate - even though it is in a different Windows certificate account than it was originally installed in?

Thanks,
CBruce

Hi @CBruce

I am 90% sure that Letsencrypt-win-simple is built on top of ACMESharp.

ACMESharp retains all artifacts (Certificates, Keys, CSRSs) in a construct called a vault (independent of the Mirosoft Certificate Store

You should be able to test this theory by running

letsencrypt.exe --renewal --test

I am deducing this from the documentation here: https://github.com/Lone-Coder/letsencrypt-win-simple/wiki/Command-Line-Arguments

Note: I haven’t tested this yet but the impact should be minimal (worse case is you issue an extra certificate)

Andrei

The letsencrypt-win-simple stores the renewal config in two places (it doesn’t care about your existing certificate):

  1. The registry
  2. The renewal command in the task scheduler

The problem is that the renewed certificate will be placed again under [user accounts].

@NetoMeter

do you know what the rationale behind storing these in the user store rather than the computer store?

Andrei

Hi Andrei,

My guess is that’s how it’s been easier for the developer - it’s plain wrong if you ask me.

Regards,

Dean

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.