Let’s Encrypt
Let’s Encrypt is a free, automated, and open Certificate Authority (CA), run for the public’s benefit. We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can.
Let’s Encrypt Client
ACME Clients help create certificates for the sites and get them validated through Let’s Encrypt.
Win-ACME
win-acme is a good ACME client for Windows Server IIS.
Most often, we use the simple http-validation, where win-acme server can sends a challenge. Basically, they can verify the server could read what they write from our website. If you don’t have control over the domain and web server, those two would not match. In order to make the validation successful, make sure:
-
Binding the domain name to the IIS application
-
The domain/website must be publicly accessible through http.
-
Test the authorization to write in the web hosting drive. Some temporary files will be written into the folder.
-
in win-acme, use more advanced options so that we can choose the http-validation option with (network) path
Problems
Let’s debug provides general tools or interface for testing different options used with Let’s Encrypt.
http-01 validation should be very easy.
But Palo Alto Network firewall blocks HTTP request with Agent of "Mozilla/5.0 (compatible; Let's Encrypt validation server; +<https://www.letsencrypt.org>)"
So, “acme-protocol” must be allowed from PAN firewall.