Let's Encrypt Windows Server

scottalanmiller

Guide was tested just last week, too.

JaredBusch

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

I was reading this https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt but it appears to be more about wildcard certs.

That's what you use for IIS regardless of how many you need to cover.

I don't believe that ME uses IIS directly.

scottalanmiller

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

I was reading this https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt but it appears to be more about wildcard certs.

That's what you use for IIS regardless of how many you need to cover.

I don't believe that ME uses IIS directly.

That's what matters most, not what apps it is or how many, but what app are we discussing for LE to be interfacing with.

scottalanmiller

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

JaredBusch

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

WLS-ITGuy

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

WLS-ITGuy

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

For those following along at home...Am I building a VM of NGNIX or installing NGNIX on the windows box?

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

For those following along at home...Am I building a VM of NGNIX or installing NGNIX on the windows box?

A VM. You don't want web serving on Windows, that's never good.

Dashrender

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

For those following along at home...Am I building a VM of NGNIX or installing NGNIX on the windows box?

A VM. You don't want web serving on Windows, that's never good.

A waste of a license at the min - but it's so much worse than that.

JaredBusch

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

WLS-ITGuy

@JaredBusch said in Let's Encrypt Windows Server:

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

That is what I am seeing

scottalanmiller

@JaredBusch said in Let's Encrypt Windows Server:

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

That's what I use, here is my doc on that:

https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt/

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

That is what I am seeing

Not a big deal, you likely want a solid reverse proxy anyway. Nginx is not a big deal to set up or maintain.

WLS-ITGuy

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

What would be the concern?

WLS-ITGuy

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

What would be the concern?

Curious more than anything.