Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
Do not use this version
It seems a critical bug has slipped into this release that causes IIS binding updates to fail in some cases. Please download the previous release until this bug is fixed, unless you are sure it doesn't affect you.
- SFTP plugin to transfer validation file, complimenting existing FTP(S)/WebDav plugins, thanks Jason Poff
- The executable is now (self)signed, which may help with false positives from AV products on each release
- Add example script
ImportFTPServer.ps1, thanks @mmattes
- NuGet package updates
- Minor UI fixes thanks to @georg-jung
- Add command line parameter and advanced mode option to choose the Common Name for a certificate, thanks @georg-jung
- Add new command line parameter and backing field for the FTP installer, so that a single renewal can be used to install certificates to both FTP and Web, thanks @ptsoccer
- Add example script for SSTP, thanks @filthyfreak
- Update NuGet packages
- Microsoft.Web.Administration from 11.0 to 11.1
- WebDAVClient from 1.1.2 to 1.1.3
- TaskScheduler from 2.6.5 to 2.8.1
- Serilog from 2.5.0 to 2.6.0
- Newtonsoft.Json from 10.0.3 to 11.0.2
- Nager.PublicSuffix from 1.1.0 to 1.2.0
- Autofac from 4.6.2 to 4.8.1
- BouncyCastle from 1.8.1 to 1.8.2
- CommandLineParser from 2.1.1-beta to 2.2.1
- Various Microsoft .NET libraries
- Removed superfluous packages to reduce package size, thanks @georg-jung
- Add specific error about wildcard support not being available yet (#464)
- Improved phrasing for certificates that are not due for renewal yet ("not scheduled" can make people worry that something is wrong/missing).
This is an automatic build of the master branch, provided as convenience for those willing to try bleeding edge changes. Not recommended for production.
This is a small maintenance release.
- Support for authenticated proxies, thanks @gregorygsmith
- Updated example scripts, thanks @LBegnaud
- Add verbose logging to FileSystem validation
- Fixed crash on listing validation errors
- More error handling around plugin loading
- Fix TLS-SNI-01 validation failing on sites with nameless bindings
- IIS FTP plugin, can be used to set the certificate for IIS FTP sites
- Show custom certificate store (if any) in the certificate details
- Sort menu options for target/validation/installation plugins alphabetically
- Consistent ordering of renewals across different menu options, thanks @Dragonsangel
- Don't show warnings about hidden sites
ClientNamea configurable option with a default value of
win-acmefor new installs. This affects the default
ConfigurationPathand name of the scheduled task
- Don't create a subfolder with the
ClientNamewhen a custom
ConfigurationPathis provided (but keep using it when it's already there)
- Change default date formatting to 24 hour format, thanks @georg-jung
- Set negative process exit code when something bad happens during (one of the) unattended renewals (#780)
- Restore the application manifest to let Windows know we want to run as administrator, preventing all kinds of security related errors if you forget to do so yourself (#769)
- Use configured proxy server when retrieving certificates for the full chain (#782)
- Better (non-fatal) handling of errors when a renewal target cannot be refreshed
- Don't try to find SiteId 0 when no
ValidationSiteIdhas been specified (#776)
This is the first release of this program under a new name. Going forward we will call it "Windows ACME Simple", which can be shortened to "win-acme" or "WACS". The reason is that we want to avoid any confusion people might have about this programs relationship with the ISRG sponsored Let's Encrypt project.
To be clear, we are not an ISRG supported client, just an independent group of people who want to help people managing Microsoft Windows machines to secure the web.
Let's Encrypt literally wrote the book on the ACME protocol and is obviously the most popular service implementing it, but in fact everyone is free to run their own ACME server and we might see a lot more of them in the future. Therefore it also makes sense to drop "letsencrypt" from the name of this program.
This program was originally created by @Lone-Coder (Bryan Livingston) who deserves a lot of credit for getting it out there. In the world of IT it's never a good idea to depend too much on a single person though, so the fact that a tool that people rely on in production was just available from someones personal GitHub account never felt comfortable.
We're now happy to have found a new home under the umbrella of the PKISharp organisation, which is group of people collaborating on .NET-based tools around ACME. This will ensure more continuity and make it easier to collaborate on new developments such as ACMEv2.
- Installation plugins can no be loaded from external assemblies (#733)
- Add parameter to allow self-hosting validation to listen to another port (#742)
- Hide unavailable target plugins in interactive mode (#758)
- Hide unavailable validation methods in interactive mode (#760)
- For new installs, renewals are stored in the
ConfigurationPathinstead of the registry (#756)
- Much-improved example script for Microsoft Exchange deployments (#702) - thanks @LBegnaud
- Store application settings in a separate file which is not in the .zip, making upgrades easier (#720)