Skip to content

Instantly share code, notes, and snippets.

@pishangujeniya
Last active December 6, 2022 13:21
Show Gist options
  • Save pishangujeniya/a8b45206d7edc15274d74b6defbfc96e to your computer and use it in GitHub Desktop.
Save pishangujeniya/a8b45206d7edc15274d74b6defbfc96e to your computer and use it in GitHub Desktop.
Let's Encrypt WildCard Certificate Generation in IIS

Let's Encrypt Wild Card Certificate Generation in IIS

Linux CentOS 7

Commands to execute

  • cd /usr/local/bin

  • yum install letsencrypt OR wget https://dl.eff.org/certbot-auto OR sudo snap install --classic certbot

  • chmod 777 ./certbot-auto

  • cd certbot-auto

  • ./certbot-auto certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.domain.com,domain.com

  • The above command would ask to add one TXT record to your DNS Records add it and then check using DNS Lookup Checker. If the record is updated and it shows then you can proceed further and press Enter on the terminal.

  • Remember the path where certificate files are generated. There would be 5 files as following:

  1. cert.pem
  2. chain.pem
  3. fullchain.pem
  4. privkey.pem
  5. README
  • Now to get those certificate installed in IIS, you need to download OpenSSL GnuWin32 on Windows system and copy all those certificate files to Windows New Folder on Desktop.
  • OpenSSL for Windows - Complete package, except sources
  • Install the program and copy those generated .pem files to Installed Path/bin
  • Open CMD with Administrator Rights then cd to that openssl bin path.
  • Execute the following command which would generate a .pfx file from .pem
  • openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in fullchain.pem -certfile cert.pem
  • This would ask a password remember it and write down in the .txt file somewhere.
  • It would generate a certificate.pfx on that same location.
  • Now Open Start > Run > certlm.msc or Control Panel > Search certificate > Open Manage Computer certificates
  • Go to Web Hosting > Right Click empty space > All Tasks > Import > Select the certificate.pfx and add password and Import it.
  • Right Click imported certificate and View > Add Friendly Name.
  • Check Certificate in IIS.
@pishangujeniya
Copy link
Author

For some Windows users, if the PFX importing shows "The password you entered is incorrect" then it might be some other issue.
Try generating the pfx using the following arguments of the command.

For example

openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey contoso.com.key -in contoso.com.crt -out contoso.com-legacy.pfx

Reference answer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment