Comments (15)
Auto renewal is now available in the v2 alpha release. Note that if you redirect to https you must redirect the whole path so that http://domain.com/.well-known redirects to https://domain.com/.well-known for the Lets Encrypt service to follow the redirect.
from certify.
Closing. Now implemented and confirmed working.
from certify.
I just wanted add some feedback here and considerations.
I had to initially disable all rewrite rules to redirect to SSL in order for LE check the acme-challenge files. I had out of date certificates from StartCom.. booooo.. I know. But LE verification did not seem to like the expired certification, or being redirected to HTTPS :(
Just for consideration.. It would be nice to be able to set how many hours before expiration the new cert should be requested to avoid broken certs and LE failing to validate.
I always rewrite to HTTPS and WWW - Other people may not have this problem and allow non SSL access which is not a problem.
from certify.
Also, If a website no longer exists in IIS we shouldn't try and renew it and should instead flag it in the UI.
from certify.
Maybe have a look at https://github.com/Lone-Coder/letsencrypt-win-simple/blob/master/letsencrypt-win-simple/Program.cs#L983, can be used under apache 2.0 licence https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)
from certify.
@Barokai thanks, both projects actually use ACMESharp libraries to talk to letsencypt - Certify uses the powershell modules and le-win-simple uses the library directly, le-win-simple is indeed a very good choice for anyone happy to work at the command line.
from certify.
Is the idea that this would be a separate Windows Service application that will periodically check for expiration?
from certify.
Yes, the branch gui-revisions is a start on splitting out the relevant code, it also starts to add a command line. I'm undecided as yet as to whether this should just be a command line that gets called as a scheduled task or use a full windows service.
from certify.
If you only need to check certs for renewal once a day (or less frequently), then I'd say a scheduled task is the way to go. If you need to handle events at any time, then you want the Windows service.
from certify.
Any updates on this?
from certify.
It's a work in progress, we currently have a pressing issue where requests/renewals cause the app to crash on some machines but not others (it's doesn't crash for me at all). once that's resolved I can go back to the refactoring required to get this going properly.
The current plan is that when you first (successfully) request a certificate you will get to add it to the auto-renewal list. Different sites may have different techniques required for the renewal so we have to consider that. The auto-renewal will then be kicked off periodically (probably every day) as a single scheduled tasks. The auto-renewal itself is easy enough, the problem comes when the renewal fails and you have to tell somebody (otherwise the site will then fail when the cert expires), so I would like to get that covered from the outset.
from certify.
Thanks for the work on this! I'm really looking forward to it. Is it possible for us to run a alpha/beta build to test on our own servers?
from certify.
@Concept211 as Certify is still an alpha release the download on the website is the latest available code for testing, for info there is a new branch in the works for auto-renew and multi-domain certs https://github.com/webprofusion/certify/tree/san-and-auto-renew
from certify.
Thanks! So there's still no actual build available for the auto-renew branch?
from certify.
Looks awesome!
from certify.
Related Issues (20)
- AutoUpdate.ps1 script is broken HOT 4
- DNS Validation Fails for IONOS DNS API HOT 2
- acme-dns DNS API failed HOT 2
- Propagation timer not being preserved when using Constellix API (posh-acme) script HOT 1
- Save button abnormalities HOT 3
- AcmeDNS Provider Error for API Update HOT 4
- Export does not exports whole chain HOT 7
- Feature Request: ARM64 Support HOT 5
- Export to .pfx with password HOT 5
- PowerShell script - with space in path / new process HOT 4
- azure.identity.1.7.0.nupkg: 1 vulnerabilities (highest severity is: 8.8)
- Error when using Export Certificate task HOT 1
- Wrong IIS binding updated HOT 2
- "Deploy to RDP Gateway service" error HOT 1
- TLS website monitoring HOT 1
- The private key generated by the ECDSA algorithm cannot be imported HOT 7
- Windows AD CS + ACME HOT 2
- system.identitymodel.tokens.jwt.6.24.0.nupkg: 1 vulnerabilities (highest severity is: 6.8)
- coverlet.msbuild.3.1.2.nupkg: 1 vulnerabilities (highest severity is: 7.5)
- coverlet.collector.3.1.2.nupkg: 1 vulnerabilities (highest severity is: 7.5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certify.