Generating a LetsEncrypt certificate - both Linux and Windows

From Apoyar Wiki
Jump to navigation Jump to search

Installing SSL Certificate for Website on Linux & Windows


For Linux

Connect to server

Go to below path

• cd /etc/nginx/sites-enabled

Run below command there

• certbot certonly - - nginx

It will show you all websites hosted on that server and ask to enter numbers according to the server for which certificate need to install

Note - if you want to list domains to be renewed/added and there are some which you want to leave out, use a space separated list of the site numbers

If you keep that blank and hit enter, then it will renew the existing certificate and create new one for those website, which don’t have it

If you want to install for specific website only, then type according number and hit enter, after you hit enter it will ask you to expand, so just type e and press enter

Then it will give you two options, select there second option (renew and replace) and hit enter

It will generate certificate, we can see the generated certificate at below path

• cd /etc/letsencrypt/live



For Windows

Login to server using RDP

Note – Stop the "World Wide Web" service first

Open command prompt as administrator

Go to below path

• cd c:/certbot

Run below command

• certbot certonly

It will give you two options, select first option (Spin up temporary)

Enter domain names and hit enter

To convert crt and key to .pfx and generate certificate go to below path

• C:/programfiles/Git/usr/bin

Run below command to generate certificate with appropriate information (fullchain and key file locations and names)

openssl” pkcs12 -export -out *.pfx -inkey *.key -in *.crt

For ex. - openssl pkcs12 -export -out "C:\certbot\archive\support.apoyar.net\support.apoyar.net.pfx" -inkey "C:\certbot\archive\support.apoyar.net\privkey1" -in "C:\Certbot\archive\support.apoyar.net\fullchain1.pem"

Note – while executing above command for generating certificate we have to use quotation for file locations (“”)

Also we can rename the fullchain.pem file to fullchain.crt, and if we double click it, we can see certificate details


Note- Start "World Wide Web" service first

Go to IIS (Internet Information Services)

- click on NEPTUNE

– server certificates

– import

New window will open, browse the certificate path and select certificate

• Check the box ( Allow certificate )

Go to default web – Bindings – https – edit

And select the according certificate (support.apoyar.net)

Click Ok

Then click YES for all popups

Note – Sometimes error might comes, so no need to worry... just click OK and continue

Note – Default web is used to store settings/certificates

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Generating_a_LetsEncrypt_certificate_-_both_Linux_and_Windows&oldid=280