Install or renew an SSL certificate on Windows/IIS (Certbot)

From Apoyar Wiki
Revision as of 10:38, 4 November 2020 by 86.49.71.103 (talk)
Jump to navigation Jump to search
  • Download https://dl.eff.org/certbot-beta-installer-win32.exe
  • Install the file
  • Make sure IIS has all required sites (the ones requiring SSL) set up and with proper ssl host headers (using appcmd)
  • Make note of all required urls and place them into a text file, separated by spaces
  • Stop the World Wide Web Publishing Service
  • Open Command prompt as admin
  • cd C:\Program Files (x86)\Certbot\bin
  • Run certbot certonly –standalone
  • If you are renewing and not adding new urls (or creating the whole certificate anew) run certbot renew
  • Follow the guidelines/prompts
  • When asked to enter the domain names, copy and paste the text file content from above
  • Find the saved cert and private key (usually in C:\Certbot\archive)
  • cd to the above folder
  • Make sure you have openssl installed. On Windows it comes with Git.
  • Use openssl to convert it to *.pfx (including the quotes; replace the below path with the actual one you found above)
    • “C:\Program Files\Git\usr\bin\openssl” pkcs12 -export -out *.pfx -inkey *.key -in *.crt
  • Start the World Wide Web Publishing Service
  • Open IIS manager
  • Find Server Certificates
  • Import the pfx
  • Go to Default web site/Bindings
  • Find the https(443) binding and edit
  • Change the certificate to the one you’ve imported
Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Install_or_renew_an_SSL_certificate_on_Windows/IIS_(Certbot)&oldid=116