forked from win-acme/win-acme
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of https://github.com/Lone-Coder/letsencrypt-wi…
…n-simple Conflicts: letsencrypt-win-simple/Program.cs
- Loading branch information
Showing
6 changed files
with
188 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,32 +1,117 @@ | ||
| # letsencrypt-win-simple | ||
| A Simple ACME Client for the Windows Platform | ||
| A Simple ACME Client for Windows | ||
|
|
||
| # Overview | ||
|
|
||
| This is a windows CLI client that's built in native .net and aims to be as simple as possible to use. | ||
| This is a ACME windows CLI client built in native .net and aims to be as simple as possible to use. | ||
|
|
||
| It's built on top of the [.net ACME protocol library](https://github.com/ebekker/letsencrypt-win/). | ||
|
|
||
| # Usage | ||
|
|
||
| The current build can be downloaded and run from https://github.com/Lone-Coder/letsencrypt-win-simple/releases | ||
| 1. Download latest build from https://github.com/Lone-Coder/letsencrypt-win-simple/releases | ||
| 2. Unzip files to a permanent location (so that it can run for renewals) | ||
| 3. Run letsencrypt.exe with administrator privileges. | ||
|
|
||
| It requires administrator privileges so be sure to run it from an elevated command prompt. | ||
| **Currently only IIS is supported.** It will scan IIS for bindings with host names so you may need to add one for this client to work. | ||
|
|
||
| Running the client will take you thru a menu system to get your certs and install them. | ||
| The client will write out an answer file to the web server directory that needs to be visible to the ACME server to verify domain ownership. | ||
|
|
||
| It will scan IIS for bindings with host names so you may need to add one for this client to work. | ||
| Certificate .pfx files are written to disk as well as imported into the windows certificate store. The client can also create or update an https binding in IIS for you. | ||
|
|
||
| The client will write out an answer file that needs to be visible to the ACME server to verify domain ownership. | ||
| **Automatic renewals should be fully working.** It will create a task in Windows Task Schedule that will run each morning and update the certs automatically every 60 days. For renewals your web site must still be able to pass authorization via the answer file. | ||
|
|
||
| Certs .pfx files are written to disk currently as well as optionally imported into the windows cert store. | ||
| There's no support for AWS or Azure sites yet. Pull requests for them are welcome. For more complicated scenarios try the [PowerShell Client](https://github.com/ebekker/letsencrypt-win/wiki/Example-Usage). | ||
|
|
||
| The client can also create a https binding in IIS for you. | ||
| # Command Line Arguments | ||
|
|
||
| There's no support for AWS or Azure sites yet. Pull requests for them are welcome. | ||
| LetsEncrypt.ACME 1.0.5795.26498 | ||
| Let's Encrypt | ||
|
|
||
| Automatic renewals are not working yet, so you'll need to renew your certs before their 90 day expiration. | ||
| --baseuri (Default: https://acme-v01.api.letsencrypt.org/) The address | ||
| of the ACME server to use. | ||
|
|
||
| --accepttos Accept the terms of service. | ||
|
|
||
| --renew Check for renewals. | ||
|
|
||
| --test Overrides BaseURI setting to | ||
| https://acme-staging.api.letsencrypt.org/ | ||
|
|
||
| --help Display this help screen. | ||
|
|
||
| --version Display version information. | ||
|
|
||
| # Example Output | ||
|
|
||
| Let's Encrypt (Simple Windows ACME Client) | ||
|
|
||
| ACME Server: https://acme-staging.api.letsencrypt.org/ | ||
| Config Folder: C:\Users\Bryan\AppData\Roaming\letsencrypt-win-simple\httpsacme-s | ||
| taging.api.letsencrypt.org | ||
| Loading Signer from C:\Users\Bryan\AppData\Roaming\letsencrypt-win-simple\httpsa | ||
| cme-staging.api.letsencrypt.org\Signer | ||
|
|
||
| Getting AcmeServerDirectory | ||
| Loading Registration from C:\Users\Bryan\AppData\Roaming\letsencrypt-win-simple\ | ||
| httpsacme-staging.api.letsencrypt.org\Registration | ||
|
|
||
| Scanning IIS 7 Site Bindings for Hosts (Elevated Permissions Required) | ||
| IIS Bindings | ||
| 1: cooltext.com (%SystemDrive%\inetpub\wwwroot) | ||
| 2: office.cooltext.com (%SystemDrive%\inetpub\wwwroot) | ||
|
|
||
| A: Get Certificates for All Bindings | ||
| Q: Quit | ||
| Which binding do you want to get a cert for: 2 | ||
|
|
||
| Authorizing Identifier office.cooltext.com Using Challenge Type http-01 | ||
| Writing challenge answer to C:\inetpub\wwwroot\.well-known/acme-challenge/ky_uL | ||
| AH0x2O2452Vos5dMpQ1hiRj6cV7SJAnUoT8qHg | ||
| Writing web.config to add extensionless mime type to C:\inetpub\wwwroot\.well-k | ||
| nown\acme-challenge\web.config | ||
| Answer should now be browsable at http://office.cooltext.com/.well-known/acme-c | ||
| hallenge/ky_uLAH0x2O2452Vos5dMpQ1hiRj6cV7SJAnUoT8qHg | ||
| Submitting answer | ||
| Refreshing authorization | ||
| Authorization RESULT: valid | ||
| Deleting answer | ||
|
|
||
| Requesting Certificate | ||
| Request Status: Created | ||
| Saving Certificate to C:\Users\Bryan\AppData\Roaming\letsencrypt-win-simple\htt | ||
| psacme-staging.api.letsencrypt.org\office.cooltext.com-crt.der | ||
| Saving Issuer Certificate to C:\Users\Bryan\AppData\Roaming\letsencrypt-win-sim | ||
| ple\httpsacme-staging.api.letsencrypt.org\ca-009CF1912EA8D50908-crt.pem | ||
| Saving Certificate to C:\Users\Bryan\AppData\Roaming\letsencrypt-win-simple\htt | ||
| psacme-staging.api.letsencrypt.org\office.cooltext.com-all.pfx (with no password | ||
| set) | ||
|
|
||
| Do you want to install the .pfx into the Certificate Store? (Y/N) | ||
| Opening Certificate Store | ||
| Loading .pfx | ||
| Adding Certificate to Store | ||
| Closing Certificate Store | ||
|
|
||
| Do you want to add/update an https IIS binding? (Y/N) | ||
| Updating Existing https Binding | ||
| Commiting binding changes to IIS | ||
|
|
||
| Do you want to automatically renew this certificate in 60 days? This will add a | ||
| task scheduler task. (Y/N) | ||
| Deleting existing Task letsencrypt-win-simple httpsacme-staging.api.letsencrypt | ||
| .org from Windows Task Scheduler. | ||
| Creating Task letsencrypt-win-simple httpsacme-staging.api.letsencrypt.org with | ||
| Windows Task Scheduler at 9am every day. | ||
| Removing existing scheduled renewal office.cooltext.com (%SystemDrive%\inetpub\ | ||
| wwwroot) Renew After 1/12/2016 | ||
| Renewal Scheduled office.cooltext.com (%SystemDrive%\inetpub\wwwroot) Renew Aft | ||
| er 1/12/2016 | ||
|
|
||
| # Build Notes | ||
|
|
||
| To get the project to build correctly you may need to copy the "packages" folder that nuget creates into the letsencrypt-win folder. | ||
|
|
||
| # Support | ||
|
|
||
| If you run into trouble please open an issue at https://github.com/Lone-Coder/letsencrypt-win-simple/issues |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"> | ||
| <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> | ||
| <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> | ||
| <security> | ||
| <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> | ||
| <!-- UAC Manifest Options | ||
| If you want to change the Windows User Account Control level replace the | ||
| requestedExecutionLevel node with one of the following. | ||
| <requestedExecutionLevel level="asInvoker" uiAccess="false" /> | ||
| <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> | ||
| <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> | ||
| Specifying requestedExecutionLevel element will disable file and registry virtualization. | ||
| Remove this element if your application requires this virtualization for backwards | ||
| compatibility. | ||
| --> | ||
| <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> | ||
| <!--<requestedExecutionLevel level="asInvoker" uiAccess="false" />--> | ||
| </requestedPrivileges> | ||
| </security> | ||
| </trustInfo> | ||
|
|
||
| <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> | ||
| <application> | ||
| <!-- A list of the Windows versions that this application has been tested on and is | ||
| is designed to work with. Uncomment the appropriate elements and Windows will | ||
| automatically selected the most compatible environment. --> | ||
|
|
||
| <!-- Windows Vista --> | ||
| <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />--> | ||
|
|
||
| <!-- Windows 7 --> | ||
| <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />--> | ||
|
|
||
| <!-- Windows 8 --> | ||
| <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />--> | ||
|
|
||
| <!-- Windows 8.1 --> | ||
| <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />--> | ||
|
|
||
| <!-- Windows 10 --> | ||
| <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />--> | ||
|
|
||
| </application> | ||
| </compatibility> | ||
|
|
||
| <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher | ||
| DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need | ||
| to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should | ||
| also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. --> | ||
| <!-- | ||
| <application xmlns="urn:schemas-microsoft-com:asm.v3"> | ||
| <windowsSettings> | ||
| <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware> | ||
| </windowsSettings> | ||
| </application> | ||
| --> | ||
|
|
||
| <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> | ||
| <!-- | ||
| <dependency> | ||
| <dependentAssembly> | ||
| <assemblyIdentity | ||
| type="win32" | ||
| name="Microsoft.Windows.Common-Controls" | ||
| version="6.0.0.0" | ||
| processorArchitecture="*" | ||
| publicKeyToken="6595b64144ccf1df" | ||
| language="*" | ||
| /> | ||
| </dependentAssembly> | ||
| </dependency> | ||
| --> | ||
|
|
||
| </assembly> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters