最近Let’sEncrypt申请的证书过期了,Let’sEncrypt带自动续费但网上的都是Linux系统配置自动续费,然后不久前letsencrypt-win-simple更新为win-acme
最近Let’s Encrypt申请的证书过期了,Let’s Encrypt带自动续费但网上的都是Linux系统配置自动续费,然后不久前letsencrypt-win-simple更新为win-acme之后就可以开启自动续费。便开始鼓捣win-acme
首先在Github上下载win-acme简单快速
1.准备工作
1.1 设置DNS
在DNS服务器设置正确的域名(二级域名、三级域名都可以)
1.2 下载运行win-acme:
在服务器上解压win-acme,解压后文件结构如下:
<span>win</span><span>-</span><span>acme
</span><span>|——</span><span>scripts
</span><span>|————</span><span>ImportExchange</span><span>.</span><span>ps1
</span><span>|————</span><span>ImportRDGateway</span><span>.</span><span>ps1
</span><span>|————</span><span>ImportRDListener</span><span>.</span><span>ps1
</span><span>|————</span><span>PSRDSCerts</span><span>.</span><span>bat
</span><span>|————</span><span>PSScript</span><span>.</span><span>bat
</span><span>|——</span><span>letsencrypt</span><span>.</span><span>exe
</span><span>|——</span><span>letsencrypt</span><span>.</span><span>exe</span><span>.</span><span>config
</span><span>|——</span><span>settings_default</span><span>.</span><span>config
</span><span>|——</span><span>version</span><span>.</span><span>txt
</span><span>|——</span><span>Web_Config</span><span>.</span><span>xml</span>2.IIS部署HTTPS站点
2.1 自动化认证单个域名
首先在IIS上新增MIME Type:
- 文件扩展名: .
- MIME类型: text/plain
在服务器上,运行<span>letsencrypt</span><span>.</span><span>exe</span><span>并按照提示进行配置,如:</span>
<span>N</span><span>:</span> <span>Create</span> <span>new</span><span> certificate </span><span>// 创建新证书</span><span>
M</span><span>:</span> <span>Create</span> <span>new</span><span> certificate </span><span>with</span><span> advanced options </span><span>// 使用高级选项创建新证书</span><span>
L</span><span>:</span> <span>List</span><span> scheduled renewals </span><span>// 自动续费</span><span>
R</span><span>:</span> <span>Renew</span><span> scheduled </span><span>// 续费单个</span><span>
S</span><span>:</span> <span>Renew</span><span> specific </span><span>// 续费多个</span><span>
A</span><span>:</span> <span>Renew</span> <span>*</span><span>all</span><span>*</span> <span>// 全部续费</span><span>
V</span><span>:</span> <span>Revoke</span><span> certificate </span><span>// 取消证书</span><span>
C</span><span>:</span> <span>Cancel</span><span> scheduled renewal </span><span>// 取消某个自动续费</span><span>
X</span><span>:</span> <span>Cancel</span> <span>*</span><span>all</span><span>*</span><span> scheduled renewals </span><span>// 取消全部自动续费</span><span>
Q</span><span>:</span> <span>Quit</span>输入1或2会有以下选项
<span>1</span><span>:</span> <span>Single</span><span> binding of an IIS site </span><span>// 绑定单一IIS站点</span>
<span>2</span><span>:</span><span> SAN certificate </span><span>for</span><span> all bindings of an IIS site </span><span>// 绑定所有IIS站点</span>
<span>3</span><span>:</span><span> SAN certificate </span><span>for</span><span> all bindings of multiple IIS sites </span><span>// 绑定多个IIS站点</span>
<span>4</span><span>:</span> <span>Manually</span><span> input host names </span><span>// 手动输入域名</span><span>
C</span><span>:</span> <span>Cancel</span>最后生成的证书都在C:\\ProgramData\\letsencrypt-win-simple\\httpsacme-v01.api.letsencrypt.org中。
如果网站能够正常访问并正确配置会自动配置好,可以跳过下面步骤
3.IIS 多网站配置https
安装环境:
1、Windows server 2012/IIS 8
2、服务器本地计算机已经安装两张SSL证书
3、IIS已近架设两个网站,可http访问
4、http能够访问网站
安装目的:
在IIS 8上将两张证书,分别绑定在两个不同的网站的默认https端口443上。
1、在第一个网站绑定SSL证书,不要绑定IP地址填写主机名(作为默认的SSL证书,开启SNI需要配置有默认SSL证书),绑定对应域名的证书文件,如下图:
2、然后选择第二个网站,绑定对应的SSL证书,这时您就需要填写主机名,同时勾选上“需要服务器名称指示(N)”,选择对应的证书文件,如下图:
访问网站
本站部分文章来自网络或用户投稿,如无特殊说明或标注,均为本站原创发布。涉及资源下载的,本站旨在共享仅供大家学习与参考,如您想商用请获取官网版权,如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。