For those of you who don't have a default certificate (I know I didn't) - you'll need to generate a self-signed certificate. To do that: 1. select the name of your computer from the IIS Management Console 2. Server Certificates 3. Create Self-Signed Certificate
DUDE, Big thanks all the way from South Africa, this helped so much after pulling my hair out using certbot on windows server 2019 this was so easy. You proper saved my sanity thank you very much!!!!
WOW! Perfect! This is the ONLY valid method on UA-cam to install it on Windows 10. You will have to start and stop every few seconds because every step is critical and you need time to assimilate and check along the way. As you go through this ensure the self-signed cert working on IIS. If it doesn't work, add 443 TCP and UDP to the firewall and make sure the self-signed cert is working before progressing. If you follow the steps carefully, it just works when you are done.
Thank you SO much. This worked first time after I used other tools to no avail. It will save me buying SSL every year. Also, I can ask my clients to use their own domains, point a domain at my server and the admin work for me is minimal for each client.
Could you help me please. I used this console app for creating ssl certificate one year ago, and it's installed successfuly. But now i can generate certificate but these certificates are not Trusted by browser. I cant figure out what's the problem. Maybe that because hosting and domain in Russia. But i cant find any information about banning Russia.
My https options in IIS doesn't have a default certificate. So I got it to install but when it does, I get an error that says the it was rejected. I get the following. any Idea on how to fix this? I've tried to enable https in IIS by switching ports, I tried creating specific inbound rules for these ports, my router allows the ports I have set, I use godaddy and I configure it to run http in godaddy but it will not run if I set it to https in godaddy (not sure if that's the issue). The website runs perfectly fine when I have it set to http in IIS, but doesn't run properly when configuring it to run https. When I have it set to run https some of the pages won't open and it doesn't give me a "warning about not trusted" or anything like that, even though https is set in IIS. Every thing I try to do it still fails. Hoping someone will have an idea on how to fix this. I took out the full website name from the comment so that people would not visit it as it currently is. [p.com] Authorizing... [p.com] Authorizing using http-01 validation (FileSystem) Answer should now be browsable at p.com/.well-known/acme-challenge/qFMzhGl5LxujEh4UAS3n9UIGq0najqtfvRm1OzimbiA Preliminary validation failed, the server answered '(null)' instead of 'qFMzhGl5LxujEh4UAS3n9UIGq0najqtfvRm1OzimbiA.TJa5vB1HAlRmIJ0q7JUPZN6f73CVh-rYZXcY435zlYw'. The ACME server might have a different perspective [pe.com] Authorization result: invalid [p.com] { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Invalid response from p.com/.well-known/acme-challenge/qFMzhGl5LxujEh4UAS3n9UIGq0najqtfvRm1OzimbiA [184.168.131.241]: \"\ \ \ \ p\"", "status": 403 }
Mine failed checking for the .well-known/acme-challenge. Nothing in your tutorial about setting this up? Is it supposed to auto-create? Because it doesn't look like it did. My server is behind a router, what ports do I need to open for this to work? EDIT: Nevermind, had to open port-forward port 80 on the router. Didn't have that, as I wasn't using HTTP.
I have error " No default SSL site has been created. To support Browsers without SNI capabilities, it is recommended to create a default SSL site" Any help please.
I get an error: Error creating new order:: cannot issue for"...": The ACME server refuses to issue a certificate for this domain name because it is forbidden by the policy What can I do?
Great video! Thanks! I need to do this but have one question. I will be moving the site from IIS to a new server/hosting company (Apache). Will I be able to just create a new SSL certificate when I do this or will Let's Encrypt say there is already a certificate for my domain?
If you are managing your own Apache server you will need to configure your own certificates. If you are using a hosted service it may come with it, you would need to ask the provider
@HERESJAKEN, hey jaken i met some problems... 1) "First chance error calling into ACME server, retyring with new nonce..." 2) "Failed to create order: Error creating new order :: cannot issue for "win-su1c16k1b3": Domain name needs at least one dot" - i have followed all ur steps exactly
@@Heresjaken I believe he means the TenantEncryptionCert that you chose at 6:50 to show that the site is still not secure. ACME requires a binding to be in place and to create a binding you have to choose a certificate.
Don't you need to confirm that you are the owner of that particular domain? Otherwise, you can easily get certs for Google.com and Microsoft.com:-) I think you omitted that important part.
I'm hopeful you can provide some insight as to why WACS client gets stuck at the "Connecting to acme-v02.api.letsencrypt.ort/..." when loading. It stops at the same point whether I run the trimmed or pluggable versions.
For those of you who don't have a default certificate (I know I didn't) - you'll need to generate a self-signed certificate. To do that:
1. select the name of your computer from the IIS Management Console
2. Server Certificates
3. Create Self-Signed Certificate
Thanks good info
The best tutorial on how to install SSL on IIS very good and well explain... Cheers man and thank you!
No worries thanks for the feedback
DUDE, Big thanks all the way from South Africa, this helped so much after pulling my hair out using certbot on windows server 2019 this was so easy. You proper saved my sanity thank you very much!!!!
Excellent glad it helped
In my case there is no default certificate there as shown in video at 01:43 , what to do?
Straight to the point, everything you need in one short video. Thank you!!!
WOW! Perfect! This is the ONLY valid method on UA-cam to install it on Windows 10. You will have to start and stop every few seconds because every step is critical and you need time to assimilate and check along the way. As you go through this ensure the self-signed cert working on IIS. If it doesn't work, add 443 TCP and UDP to the firewall and make sure the self-signed cert is working before progressing. If you follow the steps carefully, it just works when you are done.
Thanks, if you found it useful please share with someone who will find it interesting
Did you have to edit lmhosts by any chance?
Thank you SO much. This worked first time after I used other tools to no avail. It will save me buying SSL every year. Also, I can ask my clients to use their own domains, point a domain at my server and the admin work for me is minimal for each client.
The instructions indicated in the video still work. Thank you!
Great little tutorial, certs are such a pain and Lets Encrypt solves that problem
Yeah they are, I have found using let’s encrypt to be pretty good for SSL certificates
Amazing friend. I installed ssl in my server in a minute using this. Many thanks!!!!!!!!!!!!!
No worries I just did this again in production today - love it
Ofcourse it's a fellow aussie being the one to help sort this out, cheers legend!
After two weeks of searching finally I fixed my problem. Thank you brother. Looking forward for more videos from you.
Thank you 🤩!!!! the most clear and amazing explanation I found about SSL certificates in Windows
Glad it helped! Please share with someoneif you can
Thank you dear man! Thanks to all the programmers who made such a clear program, before that I could not install SSL on Windows on the IIS server.
It is quite handy
Thank you from Brazil! You save my life!
You're welcome! Please share with some friends
Could you help me please. I used this console app for creating ssl certificate one year ago, and it's installed successfuly. But now i can generate certificate but these certificates are not Trusted by browser. I cant figure out what's the problem.
Maybe that because hosting and domain in Russia. But i cant find any information about banning Russia.
Very helpful details on how to use free SSL with IIS. Thank you so much.
Glad it was helpful! Please share with some one who will find it useful
Man you are great... Saved my day!! I was struggling on this for past 5 days..
At 1:49 when you select http/https my option is greyed out... What it the problem?
Hello, could you make a video how to create a Wildcard certificate using Let's Encrypt on IIS? Thank you
Thank you very much man! If I could gave you 1.000.000 likes I would give to you! It's the best tutorial!
My https options in IIS doesn't have a default certificate. So I got it to install but when it does, I get an error that says the it was rejected. I get the following.
any Idea on how to fix this? I've tried to enable https in IIS by switching ports, I tried creating specific inbound rules for these ports, my router allows the ports I have set, I use godaddy and I configure it to run http in godaddy but it will not run if I set it to https in godaddy (not sure if that's the issue). The website runs perfectly fine when I have it set to http in IIS, but doesn't run properly when configuring it to run https. When I have it set to run https some of the pages won't open and it doesn't give me a "warning about not trusted" or anything like that, even though https is set in IIS. Every thing I try to do it still fails. Hoping someone will have an idea on how to fix this. I took out the full website name from the comment so that people would not visit it as it currently is.
[p.com] Authorizing...
[p.com] Authorizing using http-01 validation (FileSystem)
Answer should now be browsable at p.com/.well-known/acme-challenge/qFMzhGl5LxujEh4UAS3n9UIGq0najqtfvRm1OzimbiA
Preliminary validation failed, the server answered '(null)' instead of 'qFMzhGl5LxujEh4UAS3n9UIGq0najqtfvRm1OzimbiA.TJa5vB1HAlRmIJ0q7JUPZN6f73CVh-rYZXcY435zlYw'. The ACME server might have a different perspective
[pe.com] Authorization result: invalid
[p.com] {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from p.com/.well-known/acme-challenge/qFMzhGl5LxujEh4UAS3n9UIGq0najqtfvRm1OzimbiA [184.168.131.241]: \"\
\
\
\
p\"",
"status": 403
}
How to do the same actions but only with command line ?
Awesome! Thanks for share with us your knowledge
Mine failed checking for the .well-known/acme-challenge. Nothing in your tutorial about setting this up? Is it supposed to auto-create? Because it doesn't look like it did. My server is behind a router, what ports do I need to open for this to work?
EDIT: Nevermind, had to open port-forward port 80 on the router. Didn't have that, as I wasn't using HTTP.
Mine is also giving me the same error how did you fix that?
I have error " No default SSL site has been created. To support Browsers without SNI capabilities, it is recommended to create a default SSL site" Any help please.
I fixed "raflrx.wordpress.com/2017/08/21/create-default-ssl-site-on-iis/ "
Facing same problem, Have u fixed the problem?
its just loading on https!
i tried , but I didn't find the default certificate ( at time 1:44)
You can create a self-sign certificate in iis.
Great explanation. Straight forward and calm :)
Thanks please share with someone who will find it useful
Thanks a lot for this! Is this safe for production?
Yes, it is!
Followed this, installed certificate, but cannot use https. Pls help
Hey!
Do I need a domain for it? Or can I use my ip4 of the windows server instead? For example the host name 1:49
You would need a domain
Just went back to IIS because of this
Nice, very good video. Can be done for Apache?. Regards!
Hi,
Is there a way to push this certificate from host server to any other server ?
Can we generate wildcard certificates using this win-acme client?
I can have a pfx file with this tutorial?
I get an error: Error creating new order:: cannot issue for"...": The ACME server refuses to issue a certificate for this domain name because it is forbidden by the policy
What can I do?
No idea google the error and see what comes up
Thank you for the Information. It helped me. :)
Excelente video, me ayudó mucho! Gracias!! 🙏🏼
Great video Jake
Thanks
Great video! Thanks! I need to do this but have one question. I will be moving the site from IIS to a new server/hosting company (Apache). Will I be able to just create a new SSL certificate when I do this or will Let's Encrypt say there is already a certificate for my domain?
If you are managing your own Apache server you will need to configure your own certificates.
If you are using a hosted service it may come with it, you would need to ask the provider
Thank you @Heresjaken - great video straight to the point.
No worries, please share around to anyone you think would find it interesting.
Great video Help me lot.after too much R&D get proper steps.
@HERESJAKEN, hey jaken i met some problems...
1) "First chance error calling into ACME server, retyring with new nonce..."
2) "Failed to create order: Error creating new order :: cannot issue for "win-su1c16k1b3": Domain name needs at least one dot"
- i have followed all ur steps exactly
thats exactly what i need. great job. Thanks💚💚💚
You're welcome 😊please share with your friends
Very good tutorial ... thank yon man
Your welcome - thanks for the feedback
a wonderful video, thank you a lot :)) you saved my day..
Is there a preferred method for websites that are internal-only?
You have to do it manually, or use self signed and deploy the cert
how to get csr file ?
It should just put the cert in IIS
Worked great! Thanks Much!
Thanks so much, you are my life saver.
Happy to help! Please share with someone who will find it useful
Very helpful, thanks so much!
thank you.. helpful video..
Thank you man 😍😍
No problem 👍
Thank you very much. 👍👍
Great video! But where do you get your default certificate from?
Let’s encrypt
@@Heresjaken I believe he means the TenantEncryptionCert that you chose at 6:50 to show that the site is still not secure. ACME requires a binding to be in place and to create a binding you have to choose a certificate.
help me bro
good tutorial. thank you.
Ai brought me here. i have no idea what i'm doing but sure i'll do it
Thanks a lot!
Dude you were not properly audible at 32 sec of the video when you mention non e--- certificates. What did you mean ?
He said 90 day certificate
Thank you..
WOW! Perfect! 🥰🥰🥰
Thank you! Cheers!
great job, to the point
Thanks, worked well
Thank you sir...
No worries
Nice.. Thank You!
la para work it
Thank you!
Windows defender not a fan of that EXE.
This needs to be updated, it no longer works because of changes to how LetsEncrypt does their renewals.
Yeah video is very old
@@Heresjaken any chance for an update video coming soon?
fuck me, you absolute legend haha
Don't you need to confirm that you are the owner of that particular domain? Otherwise, you can easily get certs for Google.com and Microsoft.com:-) I think you omitted that important part.
Whoops, but you actually do not need to own the domain, just either manage the dns or manage the web server the A record is pointing to.
I'm hopeful you can provide some insight as to why WACS client gets stuck at the "Connecting to acme-v02.api.letsencrypt.ort/..." when loading. It stops at the same point whether I run the trimmed or pluggable versions.
Hello, I have the same issue, did you manage to fix it?
Can we generate wildcard certificates using this win-acme client?