Install or renew an SSL certificate on Windows/IIS (Certbot): Difference between revisions

From Apoyar Wiki
Jump to navigation Jump to search
(Created page with "* Download https://dl.eff.org/certbot-beta-installer-win32.exe * Install the file * Make sure IIS has all required sited (the ones requiring SSL) set up and with proper ssl ho...")
 
No edit summary
Line 1: Line 1:
* Download https://dl.eff.org/certbot-beta-installer-win32.exe
* Download https://dl.eff.org/certbot-beta-installer-win32.exe
* Install the file
* Install the file
* Make sure IIS has all required sited (the ones requiring SSL) set up and with proper ssl host headers (using appcmd)
* Make sure IIS has all required sites (the ones requiring SSL) set up and with proper ssl host headers (using appcmd)
* Make note of all required urls and place them into a text file, separated by spaces
* Stop the World Wide Web Publishing Service
* Stop the World Wide Web Publishing Service
* Open Command prompt as admin
* Open Command prompt as admin
* cd C:\Program Files (x86)\Certbot\bin
* cd C:\Program Files (x86)\Certbot\bin
* run certbot certonly –standalone
* Run certbot certonly –standalone
* follow the guidelines/prompts
* Follow the guidelines/prompts
* find the saved cert and private key (usually in C:\Certbot\archive)
* When asked to enter the domain names, copy and paste the text file content from above
* Find the saved cert and private key (usually in C:\Certbot\archive)
* cd to the above folder
* cd to the above folder
* Make sure you have openssl installed. On Windows it comes with Git.
* Make sure you have openssl installed. On Windows it comes with Git.
* use openssl to convert it to *.pfx (including the quotes; replace the below path with the actual one you found above)
* Use openssl to convert it to *.pfx (including the quotes; replace the below path with the actual one you found above)
** “C:\Program Files\Git\usr\bin\openssl” pkcs12 -export -out *.pfx -inkey *.key -in *.crt
** “C:\Program Files\Git\usr\bin\openssl” pkcs12 -export -out *.pfx -inkey *.key -in *.crt
* start the World Wide Web Publishing Service
* Start the World Wide Web Publishing Service
* Open IIS manager
* Open IIS manager
* Find Server Certificates
* Find Server Certificates

Revision as of 09:01, 4 November 2020

  • Download https://dl.eff.org/certbot-beta-installer-win32.exe
  • Install the file
  • Make sure IIS has all required sites (the ones requiring SSL) set up and with proper ssl host headers (using appcmd)
  • Make note of all required urls and place them into a text file, separated by spaces
  • Stop the World Wide Web Publishing Service
  • Open Command prompt as admin
  • cd C:\Program Files (x86)\Certbot\bin
  • Run certbot certonly –standalone
  • Follow the guidelines/prompts
  • When asked to enter the domain names, copy and paste the text file content from above
  • Find the saved cert and private key (usually in C:\Certbot\archive)
  • cd to the above folder
  • Make sure you have openssl installed. On Windows it comes with Git.
  • Use openssl to convert it to *.pfx (including the quotes; replace the below path with the actual one you found above)
    • “C:\Program Files\Git\usr\bin\openssl” pkcs12 -export -out *.pfx -inkey *.key -in *.crt
  • Start the World Wide Web Publishing Service
  • Open IIS manager
  • Find Server Certificates
  • Import the pfx
  • Go to Default web site/Bindings
  • Find the https(443) binding and edit
  • Change the certificate to the one you’ve imported
Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Install_or_renew_an_SSL_certificate_on_Windows/IIS_(Certbot)&oldid=115