starred/AutoACME
1
0
Fork 0
mirror of https://github.com/ridercz/AutoACME.git synced 2026-04-25 07:05:55 +03:00
Code Issues 6 Projects Releases 10 Packages Wiki Activity
Page: Synchronization with IIS
Pages
AutoACME in a web farm environment Command line reference Configuration file reference Feature FAQ Getting started with AutoAcme Home Synchronization with IIS
2 Synchronization with IIS
Michal Altair Valasek edited this page 2017-02-02 01:51:14 +01:00
Table of Contents

AutoACME contains the aasync.exe utility, which can synchronize AutoACME settings with Microsoft IIS. This document covers three scenarios that you might want to use:

  1. The addccsbinding command as part of creation of new site. First you will create HTTP-only web site. Then yoou'll request certificate for it using autoacme addhost command and finally you'll use aasync addccsbinding to enable HTTPS+CCS using this certificate.
  2. The addhosts command as part of IIS First approach. First you'll create the sites with HTTPS+CCS binding, which would not be functional upon creations. Then you'll use addhosts command to request certificate for all such sites.
  3. The addhosts command with /ccs switch is usually used manually, when you want to bring all existing sites on given machine to HTTPS and Let's Encrypt. The command will scan all existing web sites and will enable HTTPS+CCS with LE certificate for them.

Certificate first: Add HTTPS CCS binding to single web site

By using the addccsbinding you can add the HTTPS+CCS (Centralized Certificate Store) binding to simple web site. You will enter the host name as argument and the utility will find first site with HTTP binding to this host name. It will then add HTTPS binding, enable CCS and (optionally) SNI requirement.

Syntax - add HTTPS CCS binding to site bound to www.example.com without SNI:

aasync addccsbinding www.example.com

Syntax - add HTTPS CCS binding to site bound to www.example.com with SNI:

aasync addccsbinding www.example.com /sni

IIS first: Add certificates for HTTPS+CCS enabled sites

In this scenario, we are using the addhosts command to request Let's Encrypt certificates for all web sites with HTTPS+CCS bindings who don't have any yet. Sites without such bindings (HTTP only or HTTPS without CCS) are ignored, as well as are sites without host name specified in binding, currently stopped or running on other than default port.

aasync addhosts

IIS first: Add certificates + CCS bindings for all sites

In this scenario, we are using the addhosts command to request Let's Encrypt certificates for all web sites with host name specified, currently running and using default port. For sites without HTTPS+CCS binding, new one is created.

Syntax:

aasync addhosts /ccs

By specifiying the /sni switch you can require SNI in newly created bindings.