-
Notifications
You must be signed in to change notification settings - Fork 0
Home
The main README file has the instructions on setting up for reliable renewals but here we'll also cover some highlights here for first time configuration & certificate generation in more detail.
So the project name was a random suggestion by GitHub but since I'm in Florida I decided to go with it. Also, with this project's help it may be easy enough on getting your free TLS/SSL certificates setup where you feel like you can just relax under a palm tree on the beach afterwards & not have to worry.
If your server is running on Windows then you don't need to install. Just download the binary file to fit your architecture and extract it to its own folder if you prefer or just throw it in C:/Windows like we did.
As said elsewhere then lots will need edited for where your file locations are, which domains need security certificates and which e-mail to send alerts from and which ones to send to. I know I didn't need to include the full path repeatedly but to start with I wanted to be safe (since only using on production sites so far) & make sure that everything could be ran from any location and eventually will get the defaults trimmed down. Also, if you're not using Wamp Server (e.g. WinNMP and the many more) then will need to change the command to restart whichever the web server is.
If you're running IIS or need to use DNS verification then see https://github.com/do-know/Crypt-LE and/or https://zerossl.com/usage.html for some customizations you'll need to do different from the example configurations.
Since this script is usually going to be ran unattended then e-mail notifications are the only reasonably easy way to make sure that all responsible parties are alerted that follow-up is needed. First time setup for this is up next but see https://github.com/do-know/Crypt-LE#contact-details-updates for updating Let's Encrypt on the upcoming renewal reminder (usually 9 days prior to expiry) and don't forget to update sendEmail.ps1 with the new ones.
After you've finished tweaking things as instructed by the README & other files then its rather simple usually. To generate the certificate the first time then you can just copy the whole line that starts with C:\Windows\le64.exe then paste it somewhere temporary and remove the --renew 10 --issue-code 100 parameters and add --email "my@email.address" then paste it into the command prompt. Now just as long as the other 4 files are setup right you should be fine when its time for renewal and if not then at least you'll get some e-mails.