-
cd /usr/local/bin -
yum install letsencryptORwget https://dl.eff.org/certbot-autoORsudo snap install --classic certbot -
chmod 777 ./certbot-auto -
cd certbot-auto -
./certbot-auto certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.domain.com,domain.com -
The above command would ask to add one TXT record to your DNS Records add it and then check using DNS Lookup Checker. If the record is updated and it shows then you can proceed further and press Enter on the terminal.
-
Remember the path where certificate files are generated. There would be 5 files as following:
cert.pemchain.pemfullchain.pemprivkey.pemREADME
- Now to get those certificate installed in IIS, you need to download OpenSSL GnuWin32 on Windows system and copy all those certificate files to Windows New Folder on Desktop.
- OpenSSL for Windows - Complete package, except sources
- Install the program and copy those generated
.pemfiles to Installed Path/bin - Open CMD with Administrator Rights then cd to that openssl bin path.
- Execute the following command which would generate a
.pfxfile from.pem openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in fullchain.pem -certfile cert.pem- This would ask a password remember it and write down in the
.txtfile somewhere. - It would generate a
certificate.pfxon that same location. - Now Open Start > Run >
certlm.mscor Control Panel > Searchcertificate> Open Manage Computer certificates - Go to Web Hosting > Right Click empty space > All Tasks > Import > Select the
certificate.pfxand add password and Import it. - Right Click imported certificate and View > Add Friendly Name.
- Check Certificate in IIS.
For some Windows users, if the PFX importing shows "The password you entered is incorrect" then it might be some other issue.
Try generating the pfx using the following arguments of the command.
For example
Reference answer