Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.basic.visual.misc > #3227

Let’s Encrypt On Windows With ACMESharp And Letsencrypt-win-simple

Show all headers | View raw

That's a little strange as usually it is scheduled about 30 days before expiry. You might have changed RenewalDays in a configuration file or you might be using an old version of letsencrypt-win-simple (recently renamed to win-acme) that does things differently.



Lets Encrypt on Windows with ACMESharp and letsencrypt-win-simple

Download https://t.co/edmC33u7WT 






The Web Management console for my 3CX Voip Server show SSL error because the certificate has expired. Like I would normally do, I ran the command to renew the cert. through Letsencrypt using windows ACME Client, but the Cert. generation process fails with the "Error UriFormatException { ... "

Nothing has changed on the server since my last renewal and countless other times.

I appreciate your assistance.


I don't know in what version letsencrypt-win-simple added ACMEv2 support, but,  mda.ssl, you might need to switch to a newer version of your client software (now renamed from "letsencrypt-win-simple" to "win-acme").


The utility also creates a scheduled task that runs this command once a day and fires update requests. Note you might have to tweak the task User Identity settings as described here to ensure that the user is logged on properly when running the scheduled task. Note that the user is the logged on user because this tool creates the Let's Encrypt vault in a %appdata%\letsencrypt-win-simple which is a user specific profile. It'd be much better if the vault was in a global location like \ProgramData so it can run under any account including system accounts. But that's a minor issue.






After you create a LE account (that's the first thing the client does) and a private/public key pair which is used for encrypting the communication with LE servers, the registration of the domain names that you need to have included in the certificates is performed, and a successful domain name registration (http-01 validation) with LE is valid for slightly longer than 11 months.


I don't find the switch for "including the www." to the certificate.So do I have to install 2 certs for www. and without www. in windows (?) because Plesk on Linux offers the option to do that by cheching a box.Is that a limitation doing that under windows?


Hi Rick great article! HUGE fan of lets encrypt it is like something i never knew existed but desperately need!I am using asp.net core with a reverse proxy (not the aspcore IIS module) - this doesnt play nicely with the auto-renew as you need to disable the reverse proxy (unless your proxied app runs in the same folder as your IIS web application)


ISTR the Windows scheduled renewal task runs every 24hrs but only actually renews the cert when it needs to. It's a hidden task and runs let'sencrypt with these flags.. --renew --baseuri " -v01.api.letsencrypt.org/"


I run letsencrypt on one of my production servers. I then export the certificates to my stage server. On the stage server I bind the certificate to the site. I then push everything back to the 2 productions servers. The only way I can think of making this easier is to run letsencrypt on both production servers and let the scheduled task renew certificates on both servers. In this case my production servers would have certificates with different keys.


Hello, I'm working with your script for over one year. It is working well!There is one thing I would like to know: I have some sites which are secured with comodo certificates. Today a customer called me that the SSL binding was down. The script had renewed a LetsEncrypt certificate instead of the customers comodo cert but did not bind it to the domain on port 443.So what I would like to know: How can I exept a domain from renewing the certificates with LetsEncrypt certificates? I already tried to delete it in the certificate console and all files with domain*.* below C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.orgBut after 3 months all is back again an my customers cert is unbind. I don't know if it matters to delete and recreate the site in IIS - I did not already tried.Would be great to get a workaround from you!Best regards


#1 In the registry,HKEY_CURRENT_USER\Software\letsencrypt-win-simple\ -v01.api.letsencrypt.org/,edit the key "Renewals" and delete the line(s) corresponding to the certificate(s) you don't want to renew.#2 In the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory,delete all files associated with this certificate(s).#3 In MMC.exe, plugin "Certificates" (Computer), "webhosting" node : delete the certificate(s)


Hello Rick, great work on Let's encrypt ... I use it on my 4 domains with auto-update and it work really well . I think for non-commercial , startup and even for small businesses this is the way to go ... sometime small business owner who want a site dont understand very well that a domain name is not all what is needed, but on top developping the site come hosting fee , now SSL if you want any chances to be showing in a Search Engine .. so to be able to get a low cost/free certificate is obviously welcome ... cheer.


-Coder/letsencrypt-win-simple is a .net client built around ACMESharp, which is a library that implements the ACME (Automated Certificate Management Environment) protocol, which is what makes all of this so easy to use. We really are standing on the shoulders of giants, and I thank all of the people that have built up this fantastic stack.


In short, TLS is no longer an option but a necessity for any website, large and small. And now, with new tooling and free certificates available from Let's Encrypt and a few other providers, there's no longer any excuse to not use encrypted HTTP, even on small hobby or sample sites. Anything public should just run on HTTPS. Setting up a new certificate, even on Windows and IIS, can now literally be done in a few minutes and the renewal process can be fully automated. It's essentially fire and forget. If you haven't secured your sites yet, this article is for you.


Lets-Encrypt-Win-Simple is a very easy to use command-line utility that lets you get Let's Encrypt going on an IIS-based Web Server in a couple of minutes. Literally. To get the utility, go to the Let's Encrypt-Win-Simple GitHub repository and the Releases page here: -Coder/letsencrypt-win-simple/releases.


First challenge is to create a folder called .well-known because on a windows system, it is impossible to create a folder that starts with a dot using File Explorer. Hang over from the old days I guess. You can do one of 2 things. Create a folder (called LetsEncrypt or anything really) in File Explorer and then create a .well-known Virtual Directory in IIS or simply fire up PowerShell cd to your site root and use


Though the majority of LetsEncrypt support is for Linux-based systems, there exist Windows APIs for interfacing with the certification process. letsencrypt-win-simple is a good starting choice since it can manage IIS settings itself, and performs all the heavy lifting transparently: just point it at an IIS site, and get HTTPS enabled within a few seconds. If you're looking for a more programmatic solution, ACMESharp (the library letsencrypt-win-simple is based on) may be of use, but there are others as well.


The encrypted channel is created using the Transport Layer Security (TLS) protocol, previously called Secure Socket Layer (SSL). The terms SSL and TLS are often used interchangeably, with SSL 3.0 being replaced by TLS 1.0. SSL was a Netscape-developed protocol, while TLS is an IETF standard. At the time of writing, all versions of SSL (1.0, 2.0, 3.0) are deprecated due to various security problems and will produce warnings in current browsers, and the TLS versions (1.0, 1.1, 1.2) are in use, with 1.3 currently a draft.


For example, the setting ECDHE-RSA-AES256-GCM-SHA384 means that the key will be exchanged using the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm; the CA signed the certificate using the Rivest-Shamir-Adleman (RSA) algorithm; the symmetric message encryption will use the Advanced Encryption Standard (AES) cipher, with a 256-bit key and GCM mode of operation; and message integrity will be verified using the SHA secure hashing algorithm, using 384-bit digests. (A comprehensive list of algorithm combinations is available.)


You can import the certificate to the local store (windows only), export it to a file or have it automatically update it in the Octopus Certificate store if there are any certificates due to expire within N days (you can specify it as a parameter).


Si noti che verrà richiesto un certificato con periodo di rinnovo di 60 giorni e che per default il path in cui verranno memorizzati i file di configurazione e il certificato sarà %AppData%\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org.


This is a set of notes on how to debug a Windows service starting up, mostly for my reference. Building on -msft-blogs/alejacma/how-to-debug-windows-services-with-windbg.aspx with command line steps where possible.


One of the most important aspects of a REST API server is security. It should be mandatory that your data is encrypted while being transferred between client and server. And the standard way to do such encryption is using HTTP Secure (HTTPS).







To support HTTPS in your server, you need an SSL/TLS certificate. Not so long ago, this was a task that was relatively annoying/hard to do, and it would also require you to pay yearly fees for that. Thats not true anymore, since the release of Lets Encrypt. From their website: Lets Encrypt is a free, automated and open Certificate Authority. What does that means, basically? You can now have SSL/TLS certificates for free. And automatically!



The purpose of this article is to give you direct step-by-step instructions for you to install your SSL/TLS certificate for any TMS Sparkle-based server (like TMS XData, for example). Thus, if you want more info about Lets Encrypt and how its system works, please visit their web site to learn more about how it works.



To install a Lets Encrypt certificate in your TMS Sparkle server, we are going to use a tool named win-acme (Simple ACME Client for Windows, WACS - Windos ACME Simple). It was formerly called letsencrypt-win-simple (LEWS). The video presented at the end of this article was made when the tool still had its old name, so also some screenshots of this article will reflect that as well. But the process remains mostly the same with very small differences mentioned in this article.



In this example we are going to secure a server that responds to address To start with, you must have a domain name and your server must be working and responding HTTP requests to that domain name. Here is for example a screenshot of a browser request to that server. Note that its not secure yet







To download win-acme, go to the Releases link of its GitHub page -acme/releases and download the latest version available. By the time this blog post was written the file name should be win-acme.v1.9.10.1.zip, but you might find a similar name with a most recent version. In case you want to use the exact version used for this server (to folllow exactly what is being done in the video and in the screenshots) you can download it from this link: -acme/releases/download/v1.9.7.0-beta10/letsencrypt-win-simple.v1.9.7.0-beta2.zip.



Upload the downloaded file to the Windows server running your TMS Sparkle server, and extract it to any directory, for example C:\letsencrypt. You should have a folder with the files like the following:







Notice the selected file above, named letsencrypt.exe.config. Its the config file for the tool. In most recent versions, that file would be named settings_default.config. Whatever is the name you have there depending on your version, open that file in a text editor (Notepad, for example) and search for a setting named CertificateStore. Change the value of that setting to My. The section of the file should look like this:





 0aad45d008

Back to comp.lang.basic.visual.misc | Previous | Next | Find similar | Unroll thread

Thread

Let’s Encrypt On Windows With ACMESharp And Letsencrypt-win-simple Franziska Lohrenz <franziskalohrenz@gmail.com> - 2023-12-24 21:32 -0800

csiph-web