starred/win-acme-win-acme
1
0
Fork 0
mirror of https://github.com/win-acme/win-acme.git synced 2026-04-27 03:55:56 +03:00
Code Issues Projects Packages Wiki Activity
Page: Advanced usage
Pages
A specified logon session does not exist Advanced logging Advanced usage Apache 2.4 basic usage Application Logging Application Settings Azure DNS validation Basic usage CSR Plugins Command Line Arguments Command line Create a SAN certificate Custom plugins DNS validation plugins Development Enhancement voting Example Scripts HTTP Validation Plugins HTTPS Binding With Specific IP Home How To Run How to Compile From Source Code IIS 7.5 and Lower Install script Installation plugins Issues and workarounds Load balancing Microsoft Exchange Microsoft Remote Desktop Server Migration to v1.9.5 Migration to v1.9.9 Migration to v2.0.0 Missing Certificate Chain Plugins Renewal Management Store plugins Target plugins Task Scheduler Uninstall instructions Upgrades Validation issues Validation plugins web_config.xml
13 Advanced usage
Wouter Tinus edited this page 2019-03-18 12:31:14 +01:00
Table of Contents

The "simple" mode works for most users, but there are many reasons to go for "advanced" mode. For example:

  • You don't have or use IIS
  • You are requesting a wildcard certificate (and thus need DNS validation)
  • Port 80 is blocked and doesn't get to your server
  • You are load balancing
  • You need to run a script to install the certificate to your application, e.g. Exchange
  • ...

Interactive

This describes the basic steps of an advanced mode request. It touches on concepts described here, because it exposes more of the internal logic of the program to you as user to use to your advantage.

  1. Choose M in the main menu to create a new certificate in advanced mode
  2. Choose a target plugin that will be used to determine for which domain(s) the certificate should be issued. This can for example be based on the bindings for an IIS site, or manual input.
  3. Choose a validation plugin that will be used to prove ownership of the domain(s) to the ACME server. Here you will find the full range of handlers that the program has to offer for HTTP validation and DNS validation.
  4. CSR plugin can be selected to choose between RSA and EC keys.
  5. Store plugin can be selected to choose how to store the certificate. For Apache, nginx and others web servers the PemFiles plugin is commonly chosen.
  6. Choose one or more installation plugins that will be run after the certificate has been requested. The standard IIS option from simple mode is of course available, but also the powerful script installer.
  7. A registration with the ACME server is created, if it doesn't already exist. You will be asked to agree to the terms of service and to provide an email address that the server administrators can use to contact you.
  8. The program talks the ACME server to validate your ownership of the domain(s) that you which to issue for.
  9. After validating the domains, a certificate request is prepared by the CSR plugin.
  10. The certificate request is submitted to the ACME server and the signed response saved to a (Central) Certificate Store using a store plugin.
  11. The program runs the requested installation steps.

Unattended

By providing the right command line arguments you can do everything that is possible in interactive mode, and more.

Please refer to https://pkisharp.github.io/win-acme/ for up-to-date documentation.