Overview
This is a ACMEv2 client for Windows that aims to be very simple to start with, but powerful enough to grow into almost every scenario. A very simple text driven interface to create and install certificates on a local IIS server; A more advanced text driven interface for many other use cases, including Apache and Exchange. Download Acme Winner User Manual free. Download your manuals, it's FREE! Bpt Security Systems (UK) Ltd provide high quality video and audio door entry systems. Ranging from off the shelf boxed kits, to bespoke designed systems for multiple blocks incorporating hundreds of apartments. Widely recognised as a market leader in the UK for over 3.
You can run an install script directly from the client after the certificate is generated.
How to Use
You just need to append 2 or 3 arguments to the client when you run it in unattended mode.
--script
is needed to use a script. You just need to put in the location of the script you want to run.--scriptparameters
accepts a string to format the available parameters. If you don't specify it, no parameters are sent to your script.Let's put it all together now
wacs.exe --host domain.com --webroot C:sitesdomain.com --installation script --script C:scriptscertinstall.ps1 --scriptparameters '{CertCommonName}' '{CacheFile}'
The parameters passed to your script would look like this
'example.com' 'C:ProgramDatawin-acmeacme-v02.api.letsencrypt.orgCertificates1234596-cache.pfx'
If you need to put double quotes around your parameters you just have to escape them with a slash, for example:
--scriptparameters '{CertCommonName}' '{CertThumbprint}'
Note that for Powershell scripts, string parameters have to be delimited by single quotes, for example:
--scriptparameters '{CertCommonName}' '{CertThumbprint}'
If you want to add your own static parameters or use named parameters rather than positional ones, you are of course free to mix text between the variables, for example:
--scriptparameters 'constant --myparam2:{CertCommonName} --myparam3({CertThumbprint}) --silent --force'
Available script parameters
Note for users of Windows Server 2008
Windows Server 2008 ships with Powershell 2.0 which seems to have issues with starting from WACS. Installing the latest version of Powershell mitigates the issue.
Sponsor
Installation
- Download the latest version of
win-acme-v2.x.x.x.zip
from https://github.com/PKISharp/win-acme/releases - Unzip files to a permanent location (so that it can run for renewals)
- Run
wacs.exe
(requires administrator privileges). - Follow the instructions on the screen to configure your first renewal.
How it works
Note: basic/simple mode is for IIS users only. For other web servers and applications skip straight to Advanced use.
- Choose
N
in the main menu to create a new certificate. - Choose how you want to determine the domain name(s) for which the certificate should be issued. This can for example be based on the bindings of an IIS site, or manual input.
- A registration with the ACME server is created, if it doesn't already exist. You will be asked to agree to the terms of service and to provide an email address that the server administrators can use to contact you.
- The program talks the ACME server to validate your ownership of the domain(s) that you which to create a certificate for. By default that the ACME server does that by sending a couple of requests like
http://www.example.com/.well-known/acme-challenge/[random]
and we will be expected to respond with another random string. We run our own listener on port 80 - side by side with IIS - to answer those challenges. Getting validation right is often the most tricky part of getting an ACME certificate. If there are problems please check out some common issues. - After the proof has been provided, the program gets the new certificate and updates or creates binding in IIS as required.
- The program will ask you if you want to renew automatically. When you answer yes the program adds a task to the Task Scheduler to run itself daily. It will remember all the choices that you made and apply them during the each subsequent renewal job. You can also set this up at a later time.
Renewal
A single scheduled task is responsible for renewing all certificates created by the program. The task is created by the program itself after successfully issuing the first certificate. The task runs every day, but individual renewals are executed only every 55 days (based on the date of their last successful run) or when the program detects a change in the target (e.g. a new binding added to an IIS site). The process can be monitored from the Windows Event Viewer and you can set up email notifications.