haha. IT is a skill I have. Just like many people - we all have our focus. This one is interesting for me. ...in case you wonder what I do what I'm not being a beach bum! ;-) thanks for watching Rick. honored!
Just want CertBot for Windows (this is by far the *best* I've found on YT) 6:10 SSL cert auto-renew 7:15 dl certbot and starting 16:15 - covers Task Scheduler for certificate renewal (automatic)
@@LiveMyAssOff Cheers, it really did help. Is the auto-renew solution straight forward? I had a .bat file I was running for this, but hoped your solution was better ...
@@JustinShaedo well, it depends on your DNS provider. in this video it is AWS Route53 and there is a renewal script for them as we are using dns-01 auth *but* I have other domains in NameCheap and there are no renewal scripts for that for Windows machines provided... so, since I only have a few Windows servers I have just been running it manually every 75 days or so... hardly automated but works for the time being.
@@LiveMyAssOff Cheers, good information; I appreciate you taking the time to reply. My domains are all with PorkBun (not affiliated, highly recommended) Much respect.
Glad it helped. Note: make sure to verify the Scheduled Tasks correctly auto-renew. I've had a few issues so verification won't leave you upset in 89 days ;-)
Absolutely brilliant, mate! Thank you! Been using stunnel with Blue Iris and ZeroSSL, but needed something I didn't have to manually renew every 3 months or pay eight bucks a month for. This is PERFECT. Will share this with Blue Iris groups.
Honored. Thanks Will. It's a bit geared toward my buddies who run the PlayItLive software on their radio station but I think it's pretty easy to ignore this part and just use the stunnel + certbot. Enjoy!!!
@@LiveMyAssOff The guide is so well done, it's pretty much drag and drop for us. The stunnel conf (for any fellow BI people reading) is just: [blueiris] accept = 8080 connect = 81 cert = C:\Certbot\live\*domain*\fullchain.pem key = C:\Certbot\live\*domain*\privkey.pem But everything else is drop-in replacement with your guide. Port forward at the router and we're up and running. You've saved me personally hours of trial and error, and across the community you've likely saved us all a few hours every year. Again, much appreciated.
I see, thanks! I think the issue you faced with auto renewal with certbot is because certificates created with --manual do not support automated renewal. I initially followed your guide (which helped a ton to understand the basics!) but noticed when I tried either "certbot renew --dry-run" or "certbot certonly" I faced errors due to using the manual plugin. This told me that the auto renew wasn't going to work in this scenario. So I switched over to using the --standalone plugin, since my web server doesn't actually use port 80 in this specific use case. Then I was able to successfully run certbot renew --dry-run and certbot certonly commands to both test a simulated renewal and to do an actual cert renewal. I will definitely keep your suggestion in mind if I face any issues though! Below article you can see that the manual plugin does not support autorenewal. eff-certbot.readthedocs.io/en/stable/using.html
@@philipgonzales3 indeed. Thanks, I realized this as well, shortly after doing the video but haven't updated. I was thinking about taking this down but, like you, a few people and colleagues mentioned they liked the basics of it. I hope to make a WinAcme video. I use their Route53 plugin as part of it and it works perfectly
@@LiveMyAssOff yes for sure. I would leave it up. Definitely makes the whole thing a lot more approachable. I have a lot of web/sys admin experience and even have used let's encrypt for Linux before but never used it in a Windows environment (which of course is what I primarily run!). Tried to search the internet for a quick guide for my use case and thought there has to be something, but in the few minutes I looked I came up empty and your video was exactly what I needed to get going! I was about to give up and just purchase a cheap SSL cert as I've always done for my personal domain. Of course I'm always pressed for time 😀 so your video was the difference between me getting my feet wet with let's encrypt for windows (and stunnel) or not.
glad it helped. re: Web Server.. well, that depends. each type has a different install process: Apache, IIS, nginx, WebLogic.... best thing to do is check out :: certbot.eff.org/ and choose the type of server you're going to install on. best of luck
@@LiveMyAssOff With TLS Tunnel on Android, you connect to the wifi that requires you to put your name and also to pay to use the internet via a web browser. Basically, you have to connect to that particular wifi, and then just run TLS Tunnel, choose a country, and you will have free internet.
Ur so smart Mike. I can't even comprehend what you did. That's why you get paid the big bucks!!!
haha. IT is a skill I have. Just like many people - we all have our focus. This one is interesting for me. ...in case you wonder what I do what I'm not being a beach bum! ;-)
thanks for watching Rick. honored!
Just want CertBot for Windows (this is by far the *best* I've found on YT)
6:10 SSL cert auto-renew
7:15 dl certbot and starting
16:15 - covers Task Scheduler for certificate renewal (automatic)
hope it helped. NOTE - auto-renew won't work after doing all the steps I mention here :-( I need to update that part. sorry.
@@LiveMyAssOff Cheers, it really did help. Is the auto-renew solution straight forward? I had a .bat file I was running for this, but hoped your solution was better ...
@@JustinShaedo well, it depends on your DNS provider. in this video it is AWS Route53 and there is a renewal script for them as we are using dns-01 auth *but* I have other domains in NameCheap and there are no renewal scripts for that for Windows machines provided... so, since I only have a few Windows servers I have just been running it manually every 75 days or so... hardly automated but works for the time being.
@@LiveMyAssOff Cheers, good information; I appreciate you taking the time to reply. My domains are all with PorkBun (not affiliated, highly recommended) Much respect.
Perfect, I did and it turned out great. Thank you very much.
Glad it helped. Note: make sure to verify the Scheduled Tasks correctly auto-renew. I've had a few issues so verification won't leave you upset in 89 days ;-)
@@LiveMyAssOff OK thanks
Absolutely brilliant, mate! Thank you! Been using stunnel with Blue Iris and ZeroSSL, but needed something I didn't have to manually renew every 3 months or pay eight bucks a month for. This is PERFECT. Will share this with Blue Iris groups.
Honored. Thanks Will. It's a bit geared toward my buddies who run the PlayItLive software on their radio station but I think it's pretty easy to ignore this part and just use the stunnel + certbot. Enjoy!!!
@@LiveMyAssOff The guide is so well done, it's pretty much drag and drop for us.
The stunnel conf (for any fellow BI people reading) is just:
[blueiris]
accept = 8080
connect = 81
cert = C:\Certbot\live\*domain*\fullchain.pem
key = C:\Certbot\live\*domain*\privkey.pem
But everything else is drop-in replacement with your guide. Port forward at the router and we're up and running. You've saved me personally hours of trial and error, and across the community you've likely saved us all a few hours every year. Again, much appreciated.
@@Nexxxeh thanks Will. Let me know if there is anything else I can do to help your community
Awesome, thank you for the video!
You're most welcome. I do however now recommend WinAcme. It does a better job of auto renewal via windowd scheduled task. Best of luck!! :-)
I see, thanks! I think the issue you faced with auto renewal with certbot is because certificates created with --manual do not support automated renewal. I initially followed your guide (which helped a ton to understand the basics!) but noticed when I tried either "certbot renew --dry-run" or "certbot certonly" I faced errors due to using the manual plugin. This told me that the auto renew wasn't going to work in this scenario. So I switched over to using the --standalone plugin, since my web server doesn't actually use port 80 in this specific use case. Then I was able to successfully run certbot renew --dry-run and certbot certonly commands to both test a simulated renewal and to do an actual cert renewal. I will definitely keep your suggestion in mind if I face any issues though!
Below article you can see that the manual plugin does not support autorenewal.
eff-certbot.readthedocs.io/en/stable/using.html
@@philipgonzales3 indeed. Thanks, I realized this as well, shortly after doing the video but haven't updated. I was thinking about taking this down but, like you, a few people and colleagues mentioned they liked the basics of it. I hope to make a WinAcme video. I use their Route53 plugin as part of it and it works perfectly
@@LiveMyAssOff yes for sure. I would leave it up. Definitely makes the whole thing a lot more approachable. I have a lot of web/sys admin experience and even have used let's encrypt for Linux before but never used it in a Windows environment (which of course is what I primarily run!). Tried to search the internet for a quick guide for my use case and thought there has to be something, but in the few minutes I looked I came up empty and your video was exactly what I needed to get going! I was about to give up and just purchase a cheap SSL cert as I've always done for my personal domain. Of course I'm always pressed for time 😀 so your video was the difference between me getting my feet wet with let's encrypt for windows (and stunnel) or not.
Thank you very much.
AMAZING! but, how to install the certificate in my web without using Stunnel?
glad it helped. re: Web Server.. well, that depends. each type has a different install process: Apache, IIS, nginx, WebLogic.... best thing to do is check out :: certbot.eff.org/ and choose the type of server you're going to install on. best of luck
@@LiveMyAssOff yes! but if I'm watching this vid is because the tutorials on the web are not help me :(
Is it possible to use it like TLS Tunnel on Android to have free internet via a Wi-Fi connection?
I would initially say No, however, define "free Internet"
@@LiveMyAssOff With TLS Tunnel on Android, you connect to the wifi that requires you to put your name and also to pay to use the internet via a web browser. Basically, you have to connect to that particular wifi, and then just run TLS Tunnel, choose a country, and you will have free internet.
why so difficult. domain & ca root cert may generate by mkcert. host address add into hosts file. thats all
Ok. Where's your video showing the process?
Okay 🧐
exactly!
good
Thanks. Hope the example was helpful. It is a bit outdated I'm affraid. Let me know how it works out for you.