IT Wizard Professional

User Tools

Site Tools

Trace:
sysadmin:windows:windows_iis_install_configure_certbot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
sysadmin:windows:windows_iis_install_configure_certbot [2021/03/02 14:26]
vidyasb 		sysadmin:windows:windows_iis_install_configure_certbot [2021/03/02 15:08] (current)
vidyasb
Line 1: Line 1:
-====== Install & CertBot on Windows with IIS ======+====== Install & Configure CertBot on Windows with IIS ======
  
 [[https://certbot.eff.org/lets-encrypt/windows-other.html|CertBot - Windows Other]] [[https://certbot.eff.org/lets-encrypt/windows-other.html|CertBot - Windows Other]]
  
-  - Install [[https://dl.eff.org/certbot-beta-installer-win32.exe|CertBot (beta)]] +  - Download & Install [[https://dl.eff.org/certbot-beta-installer-win32.exe|CertBot (beta)]] 
-  - Open MS-DOS command prompt in **Administrator** mode, run following commands:<WRAP center round info 60%> +  - Open MS-DOS command prompt in //Administrator// mode, run the following commands to generate SSL certificate using //DNS// challenge:<WRAP center round info 100%>There are 2 types of Challenges that CertBot supports in-order to validate ownership of Domain for which the SSL certificate is being generated, they are: 
-Replace <<Email Address>> +  - HTTP 
-Replace <<Domain Name>>+  - DNS 
 +For more details refer to [[https://certbot.eff.org/docs/challenges.html|https://certbot.eff.org/docs/challenges.html]] 
 +</WRAP><WRAP center round alert 60%> 
 +<block>Replace <<Email Address>></block
 +<block>Replace <<Domain Name>></block>
 </WRAP><code> </WRAP><code>
 certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>> certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>>
 </code> </code>
-  - Type **Y** at the following prompt:<WRAP center round info 100%> +  - Type //Y// and press //[ENTER]// key at the following prompt:<code>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br> +Would you be willing, once your first certificate is successfully issued, to 
-Would you be willing, once your first certificate is successfully issued, to<br> +share your email address with the Electronic Frontier Foundation, a founding 
-share your email address with the Electronic Frontier Foundation, a founding<br> +partner of the Let's Encrypt project and the non-profit organization that 
-partner of the Let's Encrypt project and the non-profit organization that<br> +develops Certbot? We'd like to send you email about our work encrypting the web, 
-develops Certbot? We'd like to send you email about our work encrypting the web,<br> +EFF news, campaigns, and ways to support digital freedom. 
-EFF news, campaigns, and ways to support digital freedom.<br> +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br> +(Y)es/(N)o: </code>You will see following output:<code>Obtaining a new certificate
-(Y)es/(N)o:  +
-</WRAP><code>Obtaining a new certificate+
 Performing the following challenges: Performing the following challenges:
 dns-01 challenge for <<Domain Name>> dns-01 challenge for <<Domain Name>>
Line 28: Line 30:
 your server, please ensure you're okay with that. your server, please ensure you're okay with that.
 </code> </code>
-  - Type **Y** at the following prompt:<WRAP center round info 100%>+  - Type //Y// and press //[ENTER]// key at the following prompt:<code>
 Are you OK with your IP being logged? Are you OK with your IP being logged?
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 (Y)es/(N)o:  (Y)es/(N)o: 
-</WRAP><code>+</code>You will see the following output:<code>
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Please deploy a DNS TXT record under the name Please deploy a DNS TXT record under the name
Line 43: Line 45:
 Press Enter to Continue Press Enter to Continue
 </code> </code>
-  - Download and Install OpenSSL for Windows <WRAP center round info 60%> +  - Download Install OpenSSL for Windows <WRAP center round info 60%> 
-[[https://slproweb.com/products/Win32OpenSSL.html|https://slproweb.com/products/Win32OpenSSL.html]] +<block>[[https://slproweb.com/products/Win32OpenSSL.html|https://slproweb.com/products/Win32OpenSSL.html]]</block> 
-[[https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe|https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe]]+<block>[[https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe|https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe]]</block>
 </WRAP> </WRAP>
-  - Select option to copy OpenSSL libraries to OpenSSL **/bin** folder +  - Select option to copy OpenSSL libraries to OpenSSL ///bin// folder 
-  - Launch MS-DOS command prompt and run following commands:<WRAP center round info 60%>+  - In the MS-DOS command prompt window in Step 2 or a new MS-DOS command prompt window, run the following commands to create PFX file:<WRAP center round info 60%>
 [[https://community.letsencrypt.org/t/create-pfx-certificate/86949|https://community.letsencrypt.org/t/create-pfx-certificate/86949]] [[https://community.letsencrypt.org/t/create-pfx-certificate/86949|https://community.letsencrypt.org/t/create-pfx-certificate/86949]]
 +</WRAP><WRAP center round alert 60%>
 Replace <<Domain Name>> Replace <<Domain Name>>
 </WRAP><code>cd /d "C:\Program Files\OpenSSL-Win64\bin" </WRAP><code>cd /d "C:\Program Files\OpenSSL-Win64\bin"
 openssl pkcs12 -export -out "C:\Certbot\archive\<<Domain Name>>\<<Domain Name>>.pfx" -inkey "C:\Certbot\archive\<<Domain Name>>\privkey1.pem" -in "C:\Certbot\archive\<<Domain Name>>\cert1.pem" -certfile "C:\Certbot\archive\<<Domain Name>>\chain1.pem" -password pass:<<password>> openssl pkcs12 -export -out "C:\Certbot\archive\<<Domain Name>>\<<Domain Name>>.pfx" -inkey "C:\Certbot\archive\<<Domain Name>>\privkey1.pem" -in "C:\Certbot\archive\<<Domain Name>>\cert1.pem" -certfile "C:\Certbot\archive\<<Domain Name>>\chain1.pem" -password pass:<<password>>
 </code> </code>
 +  - Launch //Internet Information Services (IIS) Manager// from //Control Panel// → //Administrative Tools//
 +  - Click on Server tree node underneath //Start Page// in the left-side navigation panel
 +  - Click on //Server Certificates// under //IIS// section in the middle work area
 +  - Click on //Import...// link in right side actions panel
 +  - Using //...// button next to //Certificate file (.pfx)://, select the PFX file generated in Step 7
 +  - Enter the password entered in Step 2 in //Password// field
 +  - Click //OK// to Import the certificate<WRAP center round info 60%>Now you should see the imported certificate in the list of IIS Server Certificates in middle work area</WRAP>
 +  - Expand //> Sites// underneath the Server tree node in left-side navigation panel
 +  - Click on the Site that has HTTPS binding to which the certificate needs to be assigned-to
 +  - Click on //Bindings...// in right-side action panel
 +  - Select the HTTPS Binding and Click on //Edit...// or create a new binding (if not present)
 +  - In the //SSL certificate:// drop-down, select the newly imported SSL certificate in Step 14
  
sysadmin/windows/windows_iis_install_configure_certbot.1614695189.txt.gz · Last modified: 2021/03/02 14:26 by vidyasb

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki