Windows Server 2008R2 - lestencrypt-win-simple Renewal Behaviour


#1

Windows 2008 R2 Server
ACME client = letsencrypt-win-simple

In [MMC]-[Certificate Manager]-[User Accounts] my Let’s Encrypt certificate is under the [Personal]-[Certificates] key.

I want to move my certificate from [User Accounts] to [Computer Accounts], but I need to know this first…

  • Will the RENEW TASK, that letsencrypt-win-simple created, still find my LE certificate - even though it is in a different Windows certificate account than it was originally installed in?

Thanks,
CBruce


Using Lets-encrypt-win-simple with Another User Account
#2

Hi @CBruce

I am 90% sure that Letsencrypt-win-simple is built on top of ACMESharp.

ACMESharp retains all artifacts (Certificates, Keys, CSRSs) in a construct called a vault (independent of the Mirosoft Certificate Store

You should be able to test this theory by running

letsencrypt.exe --renewal --test

I am deducing this from the documentation here: https://github.com/Lone-Coder/letsencrypt-win-simple/wiki/Command-Line-Arguments

Note: I haven’t tested this yet but the impact should be minimal (worse case is you issue an extra certificate)

Andrei


#3

The letsencrypt-win-simple stores the renewal config in two places (it doesn’t care about your existing certificate):

  1. The registry
  2. The renewal command in the task scheduler

The problem is that the renewed certificate will be placed again under [user accounts].


#4

@NetoMeter

do you know what the rationale behind storing these in the user store rather than the computer store?

Andrei


#5

Hi Andrei,

My guess is that’s how it’s been easier for the developer - it’s plain wrong if you ask me.

Regards,

Dean


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.