starred/win-acme-win-acme
1
0
Fork 0
mirror of https://github.com/win-acme/win-acme.git synced 2026-04-27 03:55:56 +03:00
Code Issues Projects Packages Wiki Activity
Page: How To Run
Pages
A specified logon session does not exist Advanced logging Advanced usage Apache 2.4 basic usage Application Logging Application Settings Azure DNS validation Basic usage CSR Plugins Command Line Arguments Command line Create a SAN certificate Custom plugins DNS validation plugins Development Enhancement voting Example Scripts HTTP Validation Plugins HTTPS Binding With Specific IP Home How To Run How to Compile From Source Code IIS 7.5 and Lower Install script Installation plugins Issues and workarounds Load balancing Microsoft Exchange Microsoft Remote Desktop Server Migration to v1.9.5 Migration to v1.9.9 Migration to v2.0.0 Missing Certificate Chain Plugins Renewal Management Store plugins Target plugins Task Scheduler Uninstall instructions Upgrades Validation issues Validation plugins web_config.xml
20 How To Run
Wouter Tinus edited this page 2019-03-22 17:19:27 +01:00
Table of Contents

Overview

There are three main use cases, interactive, unattended and scheduled.

Interactive

Interactive mode can be launched by just starting the .exe and following the instructions on the screen. There are some Command Line Arguments which might be helpful for your purposes, such as --hidehttps.

Unattended

The other main way is to use unattended mode, which is triggered by the --target switch. Target refers to the target generator plugin, of which the most common ones are as follows.

  • --target manual - input host names manually, optionally launch script to install it
  • --target iissite - create certificate for a specific IIS site and create/update bindings

Each plugin has their own inputs which it needs to generate the certificate, for example:

wacs.exe --target manual --host www.domain.com --webroot C:\sites\wwwroot

wacs.exe --target iissite --siteid 1 --excludebindings exclude.me

There are some other parameters needed for first-time unattended use (e.g. on a clean server) to create the Let's Encrypt registration automatically (--emailaddress myaddress@example.com --accepttos).

One more parameters is needed for a first run to either prevent the creation of a scheduled task (--notaskscheduler), or to accept that it will be created under the default SYSTEM credential (--usedefaulttaskuser). So a full command line to create a certificate for IIS site 1 on a clean server (except for the 'exclude.me' binding) would look like this:

wacs.exe --target iissite --siteid 1 --excludebindings exclude.me --emailaddress myaddress@example.com --accepttos --usedefaulttaskuser

Renew

While renewal is possible from interactive mode, most users would run it as a scheduled task, which the program offers to create for you in interactive mode. The --renew parameter renews all certificates which are due (55 days after the last successfully issued certificate by default), whereas --renew --force simply attempts to renew every certificate which has been created so far.

Please refer to https://pkisharp.github.io/win-acme/ for up-to-date documentation.