Requirements: Use win-acme to apply for an SSL domain name certificate, and the export format is PEM, which means that the certificate can be configured on the nginx service.
review
WIN-ACME
This is an ACMEv2 client for Windows designed to be easy for users to get started with, yet powerful enough to handle almost any scenario.
- A very simple interface for creating and installing certificates on a local IIS server.
- More advanced interfaces for many other use cases including Apache and Exchange.
- Automatically create scheduled tasks to renew certificates when needed
- Obtain a certificate with a wildcard (*.example.com), international name (certificate.example.com), OCSP Must Staple extension (optional).
- DANE can reuse private keys, use EC encryption, or come with its own CSR.
- Advanced toolkit for DNS, HTTP, and TLS validation: Support for SFTP / FTPS, acme-dns, Azure, Route53, Cloudflare, and many more......
- You can store certificates anywhere you want: Windows, IIS Central Repository, .pem files, .pfx files, or KeyVault.
- Compatible with all major ACME services, including Let's Encrypt, ZeroSSL, DigiCert, Sectigo, Buypass, Keyon, etc......
- Completely unattended command-line operation
- .json other forms of automation through file manipulation
- Write your own PowerShell.ps1 script to handle installation and validation
- Build your own plugins using C#
Official Website:The hyperlink login is visible.
Source:The hyperlink login is visible.
Command Line Parameters:The hyperlink login is visible.
Download:The hyperlink login is visible.
pluggable and trimmed versions
The pluggable version includes all plugins and extensions for more comprehensive functionality.
The trimmed version removes unnecessary plugins and extensions, is smaller and suitable for users who only need basic functionality.
Generate a domain name certificate tutorial
Download the extracted win-acme.v2.2.9.1701.x64.pluggable.zip package, enter the extracted directory, and execute the following command:
The command displayed on a newline is as follows:
Meaning of the main parameters:
--target manual: Select manual mode to run.
--host example.com,*.example.com: Defines which domains to request certificates for.
--validationmode dns-01: Use the DNS-01 validation method.
--validation manual: Perform DNS validation manually.
--installation none: Does not automatically install certificates to IIS or other services.
--accepttos: Automatically accept the terms of service.
We chose to use DNS validation manually, as shown in the image below:
In the domain name resolution dashboard, add a txt record. As shown in the following figure:
Go back to the cmd console window and press Enter to continue, as shown in the figure below:
Delete the txt record and continue pressing enter to continue, as shown below:
The certificate is successfully generated in the D:\ssl directory, using the following two files:
chain.pem This file contains the complete chain of certificates, including your domain name certificate and all intermediate certificates, but not the root certificate.
key.pem This file contains the private key that corresponds to your domain name certificate.
Reference:
The hyperlink login is visible.
The hyperlink login is visible. |
Posted on34 seconds ago
|
|
|
|
