User Tools
sysadmin:windows:windows_iis_install_configure_certbot
This is an old revision of the document!
Install & Configure CertBot on Windows with IIS
- Install CertBot (beta)
- Open MS-DOS command prompt in Administrator mode, run following commands:
Replace «Email Address»
Replace «Domain Name»
certbot certonly --manual --preferred-challenges dns --email "<<Email Address>>" --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d <<Domain Name>>
- Type Y and press [ENTER] key at the following prompt:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:
You will see following output:
Obtaining a new certificate Performing the following challenges: dns-01 challenge for <<Domain Name>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that.
- Type Y and press [ENTER] key at the following prompt:
Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:
You will see the following output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.<<Domain Name>> with the following value: <<DNS TXT Record>> Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
- Download and Install OpenSSL for Windows
- Select option to copy OpenSSL libraries to OpenSSL /bin folder
- In the MS-DOS command prompt window in Step 2 or a new MS-DOS command prompt window, run the following commands to create PFX file:
Replace «Domain Name»
cd /d "C:\Program Files\OpenSSL-Win64\bin" openssl pkcs12 -export -out "C:\Certbot\archive\<<Domain Name>>\<<Domain Name>>.pfx" -inkey "C:\Certbot\archive\<<Domain Name>>\privkey1.pem" -in "C:\Certbot\archive\<<Domain Name>>\cert1.pem" -certfile "C:\Certbot\archive\<<Domain Name>>\chain1.pem" -password pass:<<password>>
- Launch Internet Information Services (IIS) Manager from Control Panel → Administrative Tools
- Click on Server tree node underneath Start Page in the left-side navigation panel
- Click on Server Certificates under IIS section in the middle work area
- Click on Import… link in right side actions panel
- Using … button next to Certificate file (.pfx):, select the PFX file generated in Step 7
- Enter the password entered in Step 2 in Password field
- Click OK to Import the certificate
Now you should see the imported certificate in the list of IIS Server Certificates in middle work area
- Expand > Sites underneath the Server tree node in left-side navigation panel
- Click on the Site that has HTTPS binding to which the certificate needs to be assigned-to
- Click on Bindings… in right-side action panel
- Select the HTTPS Binding and Click on Edit… or create a new binding (if not present)
- In the SSL certificate: drop-down, select the newly imported SSL certificate in Step 14
sysadmin/windows/windows_iis_install_configure_certbot.1614697293.txt.gz · Last modified: 2021/03/02 15:01 by vidyasb
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
