IT Wizard Professional

User Tools

Site Tools

Trace:
sysadmin:windows:windows_iis_install_configure_certbot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
sysadmin:windows:windows_iis_install_configure_certbot [2021/03/01 22:17]
vidyasb 		sysadmin:windows:windows_iis_install_configure_certbot [2021/03/02 15:08] (current)
vidyasb
Line 1: Line 1:
-====== Install & CertBot on Windows with IIS ======+====== Install & Configure CertBot on Windows with IIS ======
  
 [[https://certbot.eff.org/lets-encrypt/windows-other.html|CertBot - Windows Other]] [[https://certbot.eff.org/lets-encrypt/windows-other.html|CertBot - Windows Other]]
  
-  - Install [[https://dl.eff.org/certbot-beta-installer-win32.exe|CertBot (beta)]] +  - Download & Install [[https://dl.eff.org/certbot-beta-installer-win32.exe|CertBot (beta)]] 
-  - Open MS-DOS command prompt in _Administrator_ mode, run following commands:<WRAP center round alert 60%> +  - Open MS-DOS command prompt in //Administrator// mode, run the following commands to generate SSL certificate using //DNS// challenge:<WRAP center round info 100%>There are 2 types of Challenges that CertBot supports in-order to validate ownership of Domain for which the SSL certificate is being generated, they are: 
-Replace <<Email Address>> +  - HTTP 
-Replace <<Domain Name>>+  - DNS 
 +For more details refer to [[https://certbot.eff.org/docs/challenges.html|https://certbot.eff.org/docs/challenges.html]] 
 +</WRAP><WRAP center round alert 60%> 
 +<block>Replace <<Email Address>></block
 +<block>Replace <<Domain Name>></block>
 </WRAP><code> </WRAP><code>
 certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>> certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>>
 </code> </code>
-  - Type **Y** at the following prompt:<WRAP center round alert 60%> +  - Type //Y// and press //[ENTER]// key at the following prompt:<code>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
 Would you be willing, once your first certificate is successfully issued, to Would you be willing, once your first certificate is successfully issued, to
 share your email address with the Electronic Frontier Foundation, a founding share your email address with the Electronic Frontier Foundation, a founding
Line 18: Line 21:
 EFF news, campaigns, and ways to support digital freedom. EFF news, campaigns, and ways to support digital freedom.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-(Y)es/(N)o:  +(Y)es/(N)o: </code>You will see following output:<code>Obtaining a new certificate
-</WRAP><code>Obtaining a new certificate+
 Performing the following challenges: Performing the following challenges:
 dns-01 challenge for <<Domain Name>> dns-01 challenge for <<Domain Name>>
Line 28: Line 30:
 your server, please ensure you're okay with that. your server, please ensure you're okay with that.
 </code> </code>
-  - Type **Y** at the following prompt:<WRAP center round alert 60%>+  - Type //Y// and press //[ENTER]// key at the following prompt:<code>
 Are you OK with your IP being logged? Are you OK with your IP being logged?
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 (Y)es/(N)o:  (Y)es/(N)o: 
-</WRAP><code>+</code>You will see the following output:<code>
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Please deploy a DNS TXT record under the name Please deploy a DNS TXT record under the name
Line 43: Line 45:
 Press Enter to Continue Press Enter to Continue
 </code> </code>
-  - Download and Install OpenSSL for Windows +  - Download Install OpenSSL for Windows <WRAP center round info 60%> 
 +<block>[[https://slproweb.com/products/Win32OpenSSL.html|https://slproweb.com/products/Win32OpenSSL.html]]</block> 
 +<block>[[https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe|https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe]]</block> 
 +</WRAP> 
 +  - Select option to copy OpenSSL libraries to OpenSSL ///bin// folder 
 +  - In the MS-DOS command prompt window in Step 2 or a new MS-DOS command prompt window, run the following commands to create PFX file:<WRAP center round info 60%> 
 +[[https://community.letsencrypt.org/t/create-pfx-certificate/86949|https://community.letsencrypt.org/t/create-pfx-certificate/86949]] 
 +</WRAP><WRAP center round alert 60%> 
 +Replace <<Domain Name>> 
 +</WRAP><code>cd /d "C:\Program Files\OpenSSL-Win64\bin" 
 +openssl pkcs12 -export -out "C:\Certbot\archive\<<Domain Name>>\<<Domain Name>>.pfx" -inkey "C:\Certbot\archive\<<Domain Name>>\privkey1.pem" -in "C:\Certbot\archive\<<Domain Name>>\cert1.pem" -certfile "C:\Certbot\archive\<<Domain Name>>\chain1.pem" -password pass:<<password>> 
 +</code> 
 +  - Launch //Internet Information Services (IIS) Manager// from //Control Panel// → //Administrative Tools// 
 +  - Click on Server tree node underneath //Start Page// in the left-side navigation panel 
 +  - Click on //Server Certificates// under //IIS// section in the middle work area 
 +  - Click on //Import...// link in right side actions panel 
 +  - Using //...// button next to //Certificate file (.pfx)://, select the PFX file generated in Step 7 
 +  - Enter the password entered in Step 2 in //Password// field 
 +  - Click //OK// to Import the certificate<WRAP center round info 60%>Now you should see the imported certificate in the list of IIS Server Certificates in middle work area</WRAP> 
 +  - Expand //> Sites// underneath the Server tree node in left-side navigation panel 
 +  - Click on the Site that has HTTPS binding to which the certificate needs to be assigned-to 
 +  - Click on //Bindings...// in right-side action panel 
 +  - Select the HTTPS Binding and Click on //Edit...// or create a new binding (if not present) 
 +  - In the //SSL certificate:// drop-down, select the newly imported SSL certificate in Step 14 
sysadmin/windows/windows_iis_install_configure_certbot.1614637030.txt.gz · Last modified: 2021/03/01 22:17 by vidyasb

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki