Let’s Encrypt – Certify the Web ( v 4.012 )

Background

It is time to prepare a new web site for SSL Encryption.  It is a personal machine and will go with “Let’s Encrypt“, as it is free.

 

Prerequisite

Outline

  1. Operating System
    • Firewall
  2. Internet Information Server ( IIS )
    • Web Site
      • Bindings
      • Advanced Settings

Operating System ( OS )

Configuration

Outline

  1. Windows
    • Firewall
      • Allowed Apps
        • World Wide Web Services ( HTTP )
      • Rule Wizard
        • Inbound Rule Wizard
          • Protocol and Ports
            • TCP
              • 80
              • 443
          • Profile
            • Domain
            • Private
            • Public
          • Name
            • (given name)

Images

Windows Defender Firewall

Windows Defender Firewall – Allowed apps

windows.firewall.http.20190119.1207PM.PNG

Windows Defender Firewall – Inbound Rule Wizard

Protocol and Ports

rules.inbound.20190119.1211PM.PNG

Allow the connection

rules.inbound.Action.20190119.1212PM.PNG

Profile

rules.inbound.Profile.20190119.1213PM.PNG

Name

rules.inbound.Name.20190119.1214PM.PNG

 

Internet Information Server ( IIS )

Configuration

Outline

  1. Web Site
    • Bindings
    • Advanced Settings

Processing

Web Site

Bindings

Please access the web site and confirm that a web site exists and that it is listening on port 80.

If it is anchored to a specific Host Name, please make sure it matches the certificate’s Host name.

Advanced Settings

It is prudent to access the Advanced Settings offering and confirm your selections.

  1. Bindings
    • http:*:80:
  2. Physical Path
    • %SystemDrive%\inetpub\wwwroot

 

Images

Web Site

Bindings

iis.bindings.http.20190120.0438pm

Advanced Settings

iis.advancedSettings.20190119.1230PM.PNG

 

Certify The Web

Certify the Web is one of the easiest to manage on MS Windows.

Artifacts

The installation artifacts are available here.

Image

artifacts.v4.012

Explanation

  1. OS Requirements
    • Platform
      • MS Windows 2008 R2 SP1 ( x64 )

 

Installation

Outline

  1. License Agreement
  2. Select Destination Location
    • Folders
      • Initial Folder :- C:\Program Files\Certify The Web
      • Revised Folder :- E:\Program Files\Certify The Web
    • Size
      • Size is 36 MB
  3. Select Start Menu Folder
  4. Ready to Install
  5. Installing
  6. Completing the “Certify The Web” Setup Wizard

Images

License Agreement

LicenseAgreement.20190119.1140AM.PNG

 

Select Destination Location

Select Destination Location – Initial

SelectDestinationLocation.20190119.1141AM.PNG

Select Destination Location – Post Change

 

 

selectdestinationlocation.02.20190119.1142am

 

Select Start Menu Folder

SelectStartMenuFolder.20190119.1142AM.PNG

 

Ready to Install

ReadyToInstall.20190119.1143AM.PNG

Installing

Installing -01

installing.20190119.1144am

Installing -02

Installing.20190120.0307PM.PNG

Completing the “Certify The Web” Setup Wizard

Completing.20190119.1145AM.PNG

 

Configuration

Outline

  1. Contact
    • Contact Registration
      • Supply email address
      • Consent by checking the “Yes, I Agree” button
  2. Certificate
    • Managed Certificates
      • New Managed Certificate
        • Initiate
          • Click the New Certificate button
        • Configure
          • Certificate Domains
            • Managed Certificates
              • Please enter targeted web site
              • And, Fully Qualified Domain Name
          • Advanced Options
            • Authorized
            • Deployment
            • Scripting
            • Other Options
            • Preview

Processing

Contact

New Contact
  1. Enter email Address
  2. Consent by checking the “Yes, I Agree” button

Certificate

Certificate – Certificate Domains
Outline
  1. In the “Certificate Domains” Screen
    • New Managed Certificate
      • Select Website
        • Choices
          • (No IIS Website Selected )
          • Default Web Site
        • Choice
          • We chose Default Web Site
      • Domains to Certificate
        • Please specify the full domain name
        • In our case, rptsvc.mylab.org

Note

  1. If you have not entered a Fully Qualified domain name and added it by clicking the Add button, you will get the message listed below:
    • A primary domain must be included
  2. Please per-use the Domains group-box to review and confirm

Please click the save button to confirm your changes.

 

Screen Shot
Screen Shot – Add domains to certificate

certificateDomains.20190120.0330PM.PNG

Screen Shot – Certificate Domains – Domains and Certificates

Here is the screen upon entering a fully qualified domain and clicking the “Add Domains” button.

certificateDomains.DomainsAndSubdomainsToInclude.20190120.0422PM.PNG

 

Certificate – Advanced Options
Certificate – Advanced Options – Authorization
  1. Challenged Type
    • Options
      • http-01
        • for HTTP validation the app will automatically create the validation file required.  Your website must answer http requests on port 80 ( redirection permitted ) and be able to serve randomly named extensionless text files from the .well-known/acme-challenge/ path.
      • dns-01
        • for DNS validation the app will need to create a ‘TXT‘ record in the DNS zone of your domains as an answer to the authorization challenge.
    • Chose
      • http-01
        • http-01 as choosing dns-01 will mean
          • will mean we have to make entries to our dns
          • Another group manages our dns server
  2. Web Site Directory
    • Leave empty
  3. Options
    • Perform challenge response config checks ( Checked )
    • Perform web application auto config ( Checked )

 

Certificate – Advanced Options – Deployment
  1. Deployment Mode
    • Auto
    • Single Site ( selected in Domains tab )
    • All Sites
    • Certificate Store Only
      • Certificate will be imported into the Certificate Store on the Local machine.
      • No auto deployment
    • No Deployment
      • Certificate will be saved to disk but will not be imported automatically into the Certificate Store.
Certificate – Advanced Options – Scripting

Outline :-

  1. Powershell Scripts
    • Pre-request PS Script
    • Post-request PS Script
  2. Web Hooks
    • Web-Hook Trigger

We have no need for pre or post scripts.

 

Certificate – Advanced Options – General Options
  1. Enable Auto Renewal
    • Checked
  2. Notify Primary Contact On Renewal Failure
    • Checked
  3. CSR Signing Algorithm

Images

Contact

Contact Registration
Get Started by registering a new contact

register.contact.newContact.20190120.0310AM.PNG

Prompted to register a new Contact

register.contact.20190119.1146AM.PNG

 

New Contact

register.contact.newcontact.20190119.1147am

 

Certificate

Initial Screen

certificate.new.20190119.1148AM.PNG

Managed Certificate
New Managed Certificate

certificate.domains.20190119.1149AM.PNG

Advanced Options – Authorization
advancedOptions.authorization.20190119.1155AM.PNG
Advanced Options – Deployment

advancedOptions.Deployment.20190119.1156AM.PNG

Advanced Options – Scripting

advancedOptions.Scripting.20190119.1157AM.PNG

Advanced Options – Other Options

advancedOptions.OtherOptions.20190119.1158AM.PNG

Advanced Options – Preview

advancedOptions.Preview.20190119.1234AM.PNG

Test

Outline

  1. Save Settings
  2. Click the Test button

Images

Default Web Site – Success

testProgress.20190120.0435PM.PNG

 

Request Certificate

Outline

  1. Certificate
    • Click

Processing

If everything is good, you will get your certificate.

If error, we will address in follow-up posts.

One thought on “Let’s Encrypt – Certify the Web ( v 4.012 )

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s