Skip to main content

Let's Encrypt for IIS with Win Acme

 

I finally think I have my arms around using Win Acme for IIS to generate and renew site certificates for "Let's Encrypt."  I know this should be simple, but for some reason, I continue to mess it up by trying to make it more complicated than it is.  There are a lot of options in Win Acme, but I do not need to deal with most of them. 

 

Win Acme can be found at:  https://www.win-acme.com/

 

More on Let's Encrypt:  https://letsencrypt.org/

 

  • Edit Site bindings in IIS.  Add both internal and external DNS names and ports.

 

 

  • Add the DNS Name in the hostname field.

 

 

  • Run Win Acme as administrator.

 

 

  • Work through the prompts for IIS (most of the default options should be fine).

 

 

 

  • Win Acme should create the certificates and replace the existing certificates in IIS with the 

    new ones from Let's Encrypt and create a schedule to auto-renew in the Window's 

    Task Scheduler.

 

  • Verify the certificate in your web browser.

 

 

Labels:

Comments

Post a Comment

Popular posts from this blog

Firepower Threat Defense HA Upgrade

Upgrading an HA Pair of Firepower 2110s in FTD mode ~~~~~~~~~ UPDATE!!  ~~~~~~~~  As of FMC and FTD 7.0 this process is much more straightforward.  Readiness Check is now enabled for an HA pair of firewalls.  After pushing the update to the appliances, you can go into the upgrade screen and select both and do the "Check Readiness" button on both and wait for the results prior to doing the install.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you are like me you don't upgrade an FTD appliance often enough to remember the procedure. Today I installed the 6.3.0.1 update to an HA pair of FTD 6.3.0 2110s. This document assumes you have already updated the Firepower Management Center (FMC). Download Updates to the FMC From the FMC click on "System" then the "Updates" tab. If the update desired is not listed, click the "Download Updates" button. Push the update to the HA pair of devices Click the button on the far right marked "Push or Stag...
13 comments
Read more

Nexus 7000 as a Collapsed Core/Distribution Switch

I work for a mid-sized business that continues to grow and utilizes a lot of bandwidth.  While we had a 6513 in our core that continued to operate just fine, it was beginning to show it's age.  We had maxed out the 10Gig capacity and really had need of chassis redundancy in our core.  We already had Nexus 5000's in our Data Center as well as Nexus 1000v in our virtual environments, however using Nexus as your core routers is a completely new challenge.  I had spent several weeks reading up on vPC limitations and the advantages Nexus 7000 has with certain FHRPs but actually doing it, after more than a decade of installing only Catalyst switches into the core of networks, was a new challenge.  This is my first, and perhaps last post but I think that an actual working design and configs may bring some value to those of you out there who, like me, have a little network know-how but little or no experience with Nexus. The image above is the actual design of ou...
6 comments
Read more