IIS Server Farm #209
Comments
|
For requesting a multi-domain certificate (aka "SAN certificate"), see my comment here: #28 (comment) Request the certificate using Certify from the machine with IIS that is acting as your reverse proxy. The tls-sni-01 challenge type has fewer configuration requirements than http-01, so to avoid having to customize your web.config (which probably already has URL Rewrite rules set up), use the tls-sni-01 challenge. This will install the cert into the IIS site you set up. If your application servers behind the IIS reverse proxy are using HTTPS, and you would like to share the same certificates with the Central Certificate Store, you'll need to create a custom request script hook to copy the certificates into the CCS after Certify completes the certificate request to Let's Encrypt. If you do create a script hook for this purpose, please let us know so we can add it as an example to the request script hook documentation page. |
|
At the moment your best bet is to script the certificate renewal/deployment as per the article. In the near future though we will have the option of running as a background service. This presents some potential opportunities for coordinated renewals across multiple machine. In your environment can all the machines speak to each other (say, over http on a custom port)? I have an idea for general master/slave renewals process but it's going to take a bit of work to make it happen. |
|
Just seen this, let me have a look. Thanks guys! |
|
This is now supported in v5.x when you use DNS validation for your domains and the CCS Export deployment task to store the certs. |
|
Thanks for letting me know! Appreciate it :) |
Hi there,
How can I set this up for IIS server farms?
https://forums.servethehome.com/index.php?resources/letsencrypt-a-2012-r2-web-application-proxy.16/
The text was updated successfully, but these errors were encountered: