Article: Tiele Cat
January 12, 2017
Request let's encrypt issue SSL certificate
The service is provided by ISRG (Internet Security Research Group), a ISRG from a nonprofit organization in the state of California, USA. Let's Encrypt is supported by many companies and organizations such as Mozilla, Cisco, Akamai, Electronic Frontier Foundation and Chrome, and has grown rapidly.
For domain name ownership verification, two ways are supported: placing temporary files for validation, querying whois for domain owner email Verification
It is important to note that it will only issue certificates for a period of 3 months at a time, and will need to be renewed (still free) after expiration, but it can be more cumbersome to maintain, but it is possible to use tools to automatically renew them. In addition, it does not support wildcard Universal domain name (*.demo.com), so in the application for authentication, the domain name will be 301 to jump to the domain name contained in the certificate, or the browser will bounce the certificate error.
Windows gets the certificate in Let's encrypt, that is, the IIS site obtains the SSL certificate, generally uses the certify this automation tool to be convenient many.
Another common way is to use tools Letsencrypt-win-simple
Download the latest version of Letsencrypt-win-simple:
Links not found: https://github.com/Lone-Coder/letsencrypt-win-simple/releases
The latest version is: Letsencrypt-win-simple. V1.9.1.zip. Unzip the letsencrypt-win-simple on the server. V1.9.1, run Lessencrypt.exe after decompression.
A cmd window will pop up, and the first run will let you fill in an email address first. The message notifies you when the update fails.
After entering the email, I will ask you to agree or not, a URL listed later, look at the PDF (estimate is the agreement), it must be filled with Y.
W-Generate a certificate and install it via WEBDAV
F-Generate a certificate to install via FTP, FTPS.
M-Manually generate certificates by configuration
A-The corresponding certificate is deployed to all Web sites that are currently published by IIS
will automatically scan for you on the IIS site, let you choose, generally choose m manually obtain a site certificate.
The next step is to populate the root directory of the host name site hostname, Web root Web site.
Letsencrypt-win-simple. V1.9.1 will automatically generate temporary files and place them in the Web site root directory, and let's Encrypt server will access this file to verify that the site belongs to you.
If the validation does not pass, it is because IIS needs to modify some of the configuration, verify that the certificate is issued in real time, and automatically adds the certificate to the server and then makes HTTPS deployment directly in IIS.
In addition to running the Letsencrypt program directly to interoperate, you can also knock commands on CMD to complete a single command, for example:
Deploying a single domain name
Enter the following command
Letsencrypt.exe--accepttos--manualhost your domain--webroot the physical path of your website (wwwroot path)
In addition to the official own command-line tools, there is a third-party tool for better use of the graphical interface:
A GUI software that automatically renews the Let ' s encrypt certificate, called certify
The role is to automatically configure, create, and automatically renew the certificate, and will automatically send you an email when it is about to be renewed.
First go to the official website to download certify, and then install on the server.
Official website Download Link: http://certify.webprofusion.com/
Note that certify requires administrator privileges and requires the server to have PowerShell 4.0 installed.
PowerShell 4.0 is integrated by default in Windows Management Framework 4.0, while Windows Management Framework 4.0 relies on the Microsoft. NET Framework 4. 5.
You can see if your server has these environments and then update as needed. Install certify run after update.
Click the New button to create a contact that will receive a reminder to renew the certificate when the certificate is about to expire and enter an email message.
(Note: The first time you start the program will also pop up a dialog box to let you fill out this new contact.)
Clicking New certificate,certify will automatically scan the site in IIS and select the domain name you want to request a certificate from.
[] (Http://images2015.cnblogs.com/blog/965728/201701/965728-20170120142406406-684809033.jpg)
Click Request Certificate to obtain the certificate, certify generates the. Well-known folder under the Web site root and automatically configures the Web. config to automatically validate the certificate.
When the verification is complete, the pop-up window shows that the certificate is installed. You can go to see the certificate details that you have applied for.
And the certificate has been automatically configured for you in IIS, which saves a lot of things.
If you find that the certificate has not been renewed or is not valid, click Auto Apply.
Finally, remember to delete the. Well-known directory in the root directory of the Web site to keep the site directory clean.
Using certify this tool is simply not great, the graphical interface is more intuitive than the official scripting tools of Letsencrypt itself, and automatically binds you to 443 on IIS, with automatic renewal and email notifications.
"HTTP to https" two: request let's encrypt issue SSL certificate