Managing LetsEncrypt Certificate expiration and auto-renewals

windows powershell ssl certificate letsencrypt
6,750

Solution 1

I'm posting an answer to my own question and link to a blog post to lay out the solution that worked for me, even though the original answer came from @dustinmoris's comment who pointed me at the letsencrypt-win-simple auto-renew feature (which I missed initially).

Using letsencrypt-win-simple you can use the --renew switch to automatically renew all previously registered domains or you can specify a specific domain.

# renew all domains that need it 
letsencrypt --renew

#renew specific domain if required
letsencrypt --renew --manualhost mysite.com

This will renew the domain if it's expired or close to it. This tool also installs a scheduled task that runs daily to run the renew cycle and attempts to renew all certificates that need it.

I ended up writing a detailed blog post that goes through the features of the current functionality of letsencrypt-win-simple, ACMESharp and Certify.

Solution 2

LetsEncrypt supports auto renewal out of the box. An example how this is done with a Windows Azure Web Role can be found here: https://github.com/sjkp/letsencrypt-siteextension

If you are hosting in Windows Azure you can install this site extension and don't need to do it yourself. This is a good guide on how to set it up.

Support for LetsEncrypt was one of the hottest feature requests for Azure websites and Microsoft has marked it as community resolved after reviewing the above extension, so definitely worth a look!

Share:
6,750

Related videos on Youtube

Rick Strahl
Author by

Rick Strahl

Updated on September 18, 2022

Comments

  • Rick Strahl
    Rick Strahl over 1 year

    I've been experimenting with LetsEncrypt SSL certificates and managed to get certificates set up and installed on Windows for use with IIS using the ACMESharp Powershell library. The process to do this is reasonably straight forward and the cert works fine.

    But... certificates have a relatively short lifetime of 3 months and since the process is now self-managed - as opposed to some vendor reminding you to renew - I'm worried about notifications of when renewals are required.

    Can somebody recommend a good way to check for expired certificates and then - at minimum - send out some sort of notification, or even better to automatically renew the certificate?

    • EricLaw
      EricLaw over 8 years
    • Rick Strahl
      Rick Strahl over 8 years
      Thanks Eric - that's useful to at least get notified, but every 3 months is a bit much to have to attend to this. Still looking for idea for an automated solution (hopefully without scheduled tasks).
  • Rick Strahl
    Rick Strahl over 8 years
    Yeah I saw Nik's post, but it talks about Azure. I'm looking for a solution to get the raw cert so I can install it into IIS. There's a ton of cruft that has to do with Azure that I have no need for as it just talks about the Azure extension.
  • dustinmoris
    dustinmoris over 8 years
    I assume you saw letsencrypt-win-simple as well. I have to admit that I haven't used this project myself yet, but it says that it has auto renewal working with a windows task schedule. From your above comment I can see you are looking for a solution without a scheduled task. What were you thinking of more specifically?
  • Ohad Schneider
    Ohad Schneider over 6 years
    The standard today is github.com/sjkp/letsencrypt-siteextension. I also wrote a WebJob on top of it with some features such as multi Web App support and less dependencies and potential points of failure: github.com/ohadschn/letsencrypt-webapp-renewer

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Generating an RSA key pair in powershell
How to debug ERR_PROXY_CERTIFICATE_INVALID?
How to make a self-signed certificate trusted?
Every website is showing untrusted certificate warning on all browsers
Is there a way to extract a "private certificate key" from Chrome and import it into Firefox?
Export installed certificate and private key from a command line remotely in Windows using something besides the certmgr.MSC tool
How can I pull the thumbprint out of a SSL certificate FILE (not the windows cert store)?
Using powershell, how do I extract the thumbprint from an SSL Certificate without installing it?
Let's encrypt + certbot: where is the private key
Create Code Signing Certificate on Windows for signing PowerShell scripts