A simple Windows ACMEv2 client (WACS)
Software
version 2.1.11.917 (RELEASE, PLUGGABLE, 64-bit)
ACME server
https://acme-v02.api.letsencrypt.org/
IIS version
10.0
Running with
administrator credentials
Scheduled
task looks healthy
Please report
issues at https://github.com/win-acme/win-acme
N: Create
certificate (default settings)
M: Create
certificate (full options)
R: Run
renewals (0 currently due)
A: Manage
renewals (8 total)
O: More
options...
Q: Quit
Please choose
from the menu: a
Welcome to
the renewal manager. Actions selected in the menu below will be
applied to
the following list of renewals. You may filter the list to target
your action
at a more specific set of renewals, or sort it to make it easier
to find what
you're looking for.
1: [IIS]
CodeDocu_com, (any host) - renewed 1 time, due after 2021/5/4 16:05:47
2: [IIS]
CodeDocu_de, (any host) - renewed 1 time, due after 2021/5/11 12:51:59
3: [IIS]
CodeDocu_de, codedocu.de - renewed 1 time, due after 2021/5/11 12:51:25
4: [IIS] CoreFusions,
(any host) - renewed 3 times, due after 2021/5/4 16:06:41
5: [IIS]
FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:00:35
6: [IIS]
FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:01:39
7: [IIS]
Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40
8: [IIS]
Rue25, (any host) - renewed 1 time, due after 2021/5/4 16:07:15
Currently
selected 8 of 8 renewals
F: Apply
filter
S: Sort
renewals
D: Show
details for *all* renewals
R: Run *all*
renewals
U: Analyze
duplicates for *all* renewals
C: Cancel
*all* renewals
V: Revoke
certificate(s) for *all* renewals
Q: Back
Choose an
action or type numbers to select renewals: 7
Welcome to
the renewal manager. Actions selected in the menu below will be
applied to
the following list of renewals. You may filter the list to target
your action
at a more specific set of renewals, or sort it to make it easier
to find what
you're looking for.
1: [IIS]
Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40
X: Reset
sorting and filtering
D: Show
details for 1 of 8 renewals
R: Run 1 of 8
renewals
U: Analyze
duplicates for 1 of 8 renewals
C: Cancel 1
of 8 renewals
V: Revoke
certificate(s) for 1 of 8 renewals
Q: Back
Choose an
action or type numbers to select renewals: v
Are you sure
you want to revoke the most recently issued certificate for 1 currently
selected renewal? This should only be done in case of a (suspected) security
breach. Cancel the renewal if you simply don't need the certificates anymore.
(y/n*) - yes
Revoked
certificate [IIS] Readdy, (any host) @ 2021/4/12 17:11:41
Welcome to
the renewal manager. Actions selected in the menu below will be
applied to
the following list of renewals. You may filter the list to target
your action
at a more specific set of renewals, or sort it to make it easier
to find what
you're looking for.
1: [IIS]
Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40, 1 error
like "Certificate(s) revoked"
X: Reset
sorting and filtering
D: Show
details for 1 of 8 renewals
R: Run 1 of 8
renewals
U: Analyze
duplicates for 1 of 8 renewals
C: Cancel 1
of 8 renewals
V: Revoke
certificate(s) for 1 of 8 renewals
Q: Back
Choose an
action or type numbers to select renewals: d
Details for
renewal 1/1
Id: axt-vV50rkuNtdyN6Obqnw
File:
axt-vV50rkuNtdyN6Obqnw.renewal.json
FriendlyName: [Auto] [IIS] Readdy, (any host)
.pfx
password:
wcv2FMDgchy8Mfk/m+EVqHm3W8x4wHIQtqL4eDndROM=
Renewal
due: 6/6/2021 5:11:40 PM
Renewed: 1 times
Target
-----------------------------------------------------------------
-
Plugin: IIS - (Read site
bindings from IIS)
- Common
name: readdy.net
-
Sites: 1
-
Hosts: All
Validation
-----------------------------------------------------------------
-
Plugin: SelfHosting - (Serve
verification files from memory)
Order
-----------------------------------------------------------------
-
Plugin: Single - (Single
certificate)
CSR
-----------------------------------------------------------------
-
Plugin: RSA - (RSA key)
Store
-----------------------------------------------------------------
-
Plugin: CertificateStore -
(Windows Certificate Store)
Installation
-----------------------------------------------------------------
-
Plugin: IIS - (Create or
update https bindings in IIS)
History
-----------------------------------------------------------------
1: 4/12/2021
3:11:40 PM - Success - Thumbprint 99FC393BAE9FAECC7F2FAA86E6B823208966522C
2: 4/12/2021
3:48:11 PM - Error - Certificate(s) revoked
Press
<Enter> to continue
Welcome to
the renewal manager. Actions selected in the menu below will be
applied to
the following list of renewals. You may filter the list to target
your action
at a more specific set of renewals, or sort it to make it easier
to find what
you're looking for.
1: [IIS]
Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40, 1 error
like "Certificate(s) revoked"
X: Reset
sorting and filtering
D: Show
details for 1 of 8 renewals
R: Run 1 of 8
renewals
U: Analyze
duplicates for 1 of 8 renewals
C: Cancel 1
of 8 renewals
V: Revoke
certificate(s) for 1 of 8 renewals
Q: Back
Choose an
action or type numbers to select renewals: d
Details for
renewal 1/1
Id: axt-vV50rkuNtdyN6Obqnw
File:
axt-vV50rkuNtdyN6Obqnw.renewal.json
FriendlyName: [Auto] [IIS] Readdy, (any host)
.pfx
password:
wcv2FMDgchy8Mfk/m+EVqHm3W8x4wHIQtqL4eDndROM=
Renewal
due: 6/6/2021 5:11:40 PM
Renewed: 1 times
Target
-----------------------------------------------------------------
-
Plugin: IIS - (Read site
bindings from IIS)
- Common
name: readdy.net
-
Sites: 1
-
Hosts: All
Validation
-----------------------------------------------------------------
-
Plugin: SelfHosting - (Serve
verification files from memory)
Order
-----------------------------------------------------------------
-
Plugin: Single - (Single
certificate)
CSR
-----------------------------------------------------------------
-
Plugin: RSA - (RSA key)
Store
-----------------------------------------------------------------
-
Plugin: CertificateStore -
(Windows Certificate Store)
Installation
-----------------------------------------------------------------
-
Plugin: IIS - (Create or
update https bindings in IIS)
History
-----------------------------------------------------------------
1: 4/12/2021
3:11:40 PM - Success - Thumbprint 99FC393BAE9FAECC7F2FAA86E6B823208966522C
2: 4/12/2021
3:48:11 PM - Error - Certificate(s) revoked
Press
<Enter> to continue
Welcome to
the renewal manager. Actions selected in the menu below will be
applied to
the following list of renewals. You may filter the list to target
your action
at a more specific set of renewals, or sort it to make it easier
to find what
you're looking for.
1: [IIS]
Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40, 1 error
like "Certificate(s) revoked"
X: Reset
sorting and filtering
D: Show
details for 1 of 8 renewals
R: Run 1 of 8
renewals
U: Analyze
duplicates for 1 of 8 renewals
C: Cancel 1
of 8 renewals
V: Revoke
certificate(s) for 1 of 8 renewals
Q: Back
Choose an
action or type numbers to select renewals: c
Are you sure
you want to cancel 1 currently selected renewal? (y/n*) - yes
Renewal [IIS]
Readdy, (any host) - renewed 1 time, due after 6/6/2021 5:11:40 PM, 1 error
like "Certificate(s) revoked" cancelled
Welcome to
the renewal manager. Actions selected in the menu below will be
applied to
the following list of renewals. You may filter the list to target
your action
at a more specific set of renewals, or sort it to make it easier
to find what
you're looking for.
1: [IIS]
CodeDocu_com, (any host) - renewed 1 time, due after 2021/5/4 16:05:47
2: [IIS]
CodeDocu_de, (any host) - renewed 1 time, due after 2021/5/11 12:51:59
3: [IIS]
CodeDocu_de, codedocu.de - renewed 1 time, due after 2021/5/11 12:51:25
4: [IIS]
CoreFusions, (any host) - renewed 3 times, due after 2021/5/4 16:06:41
5: [IIS]
FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:00:35
6: [IIS]
FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:01:39
7: [IIS]
Rue25, (any host) - renewed 1 time, due after 2021/5/4 16:07:15
Currently
selected 7 of 7 renewals
F: Apply
filter
S: Sort
renewals
D: Show
details for *all* renewals
R: Run *all*
renewals
U: Analyze
duplicates for *all* renewals
C: Cancel
*all* renewals
V: Revoke
certificate(s) for *all* renewals
Q: Back
Choose an
action or type numbers to select renewals: <Enter>
Choose an action
or type numbers to select renewals: q
N: Create
certificate (default settings)
M: Create
certificate (full options)
R: Run
renewals (0 currently due)
A: Manage
renewals (7 total)
O: More
options...
Q: Quit
Please choose
from the menu: m
Running in
mode: Interactive, Advanced
Please
specify how the list of domain names that will be included in the
certificate
should be determined. If you choose for one of the "all bindings"
options, the
list will automatically be updated for future renewals to
reflect the
bindings at that time.
1: Read site
bindings from IIS
2: Manual
input
3: CSR
created by another program
C: Abort
How shall we
determine the domain(s) to include in the certificate?: <Enter>
Please
select which website(s) should be scanned for host names. You may
input one or
more site identifiers (comma separated) to filter by those
sites, or
alternatively leave the input empty to scan *all* websites.
5: CodeDocu_com (2 bindings)
4: CodeDocu_de (4 bindings)
9: CoreFusions (2 bindings)
10:
FreeHeatBox (2 bindings)
8: MailEnable
Protocols (2 bindings)
3: MailEnable
WebAdmin (1 binding)
2: MailEnable
WebMail (1 binding)
1: Readdy (2
bindings)
6: Rue25 (2
bindings)
Site
identifier(s) or <Enter> to choose all: 1
1: readdy.net
(Site 1)
2:
www.readdy.net (Site 1)
Listed above
are the bindings found on the selected site(s). By default all
of them will
be included, but you may either pick specific ones by typing the
host names
or identifiers (comma seperated) or filter them using one of the
options from
the menu.
P: Pick
bindings based on a search pattern
R: Pick
bindings based on a regular expression
A: Pick *all*
bindings
Binding
identifiers(s) or menu option: a
1: readdy.net
2:
www.readdy.net
Please pick
the main host, which will be presented as the subject of the certificate:
<Enter>
1: readdy.net
(Site 1)
2: www.readdy.net
(Site 1)
Continue with
this selection? (y*/n) - <Enter>
Target
generated using plugin IIS: readdy.net and 1 alternatives
Suggested
friendly name '[IIS] Readdy, (any host)', press <Enter> to accept or
type an alternative: <Enter>
The ACME server
will need to verify that you are the owner of the domain
names that
you are requesting the certificate for. This happens both during
initial
setup *and* for every future renewal. There are two main methods of
doing so:
answering specific http requests (http-01) or create specific dns
records
(dns-01). For wildcard domains the latter is the only option. Various
additional
plugins are available from https://github.com/win-acme/win-acme/.
1: [http-01]
Save verification files on (network) path
2: [http-01]
Serve verification files from memory
3: [http-01]
Upload verification files via FTP(S)
4: [http-01]
Upload verification files via SSH-FTP
5: [http-01]
Upload verification files via WebDav
6: [dns-01]
Create verification records manually (auto-renew not possible)
7: [dns-01]
Create verification records with acme-dns
(https://github.com/joohoi/acme-dns)
8: [dns-01]
Create verification records with your own script
9:
[tls-alpn-01] Answer TLS verification request from win-acme
C: Abort
How would you
like prove ownership for the domain(s)?: <Enter>
After
ownership of the domain(s) has been proven, we will create a
Certificate
Signing Request (CSR) to obtain the actual certificate. The CSR
determines
properties of the certificate like which (type of) key to use. If
you are not
sure what to pick here, RSA is the safe default.
1: Elliptic
Curve key
2: RSA key
C: Abort
What kind of
private key should be used for the certificate?: <Enter>
When we have
the certificate, you can store in one or more ways to make it
accessible
to your applications. The Windows Certificate Store is the default
location for
IIS (unless you are managing a cluster of them).
1: IIS
Central Certificate Store (.pfx per host)
2: PEM
encoded files (Apache, nginx, etc.)
3: PFX
archive
4: Windows
Certificate Store
5: No
(additional) store steps
How would you
like to store the certificate?: <Enter>
1: IIS
Central Certificate Store (.pfx per host)
2: PEM
encoded files (Apache, nginx, etc.)
3: PFX
archive
4: Windows
Certificate Store
5: No
(additional) store steps
Would you
like to store it in another way too?: <Enter>
With the
certificate saved to the store(s) of your choice, you may choose one
or more
steps to update your applications, e.g. to configure the new
thumbprint,
or to update bindings.
1: Create or
update https bindings in IIS
2: Create or
update ftps bindings in IIS
3: Start
external script or program
4: No
(additional) installation steps
Which
installation step should run first?: <Enter>
Use different
site for installation? (y/n*) -
<Enter>
1: Create or
update https bindings in IIS
2: Create or
update ftps bindings in IIS
3: Start
external script or program
4: No
(additional) installation steps
Add another
installation step?: <Enter>
First chance
error calling into ACME server, retrying with new nonce...
Requesting
certificate [IIS] Readdy, (any host)
Store with
CertificateStore...
Installing
certificate in the certificate store
Adding certificate
[IIS] Readdy, (any host) @ 2021/4/12 17:55:24 to store WebHosting
Installing
with IIS...
Adding new
https binding *:443:Readdy.net
Adding new
https binding *:443:www.readdy.net
Committing 2
https binding changes to IIS
Scheduled
task looks healthy
Adding
renewal for [IIS] Readdy, (any host)
Next renewal
scheduled at 2021/6/6 17:55:21
Certificate
[IIS] Readdy, (any host) created
N: Create
certificate (default settings)
M: Create
certificate (full options)
R: Run
renewals (0 currently due)
A: Manage
renewals (8 total)
O: More
options...
Q: Quit
Please choose from the menu:
|