Let's Encrypt Windows Server

WLS-ITGuy

I have a windows 2016 server running all my ManageEngine stuff. (Yes I have posted there as well).

Can I use LE to secure ADManager, Servicedesk, Desktop Central, and Self Service? It is one URL ie: helpdesk dot website dot net

I was reading this https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt but it appears to be more about wildcard certs.

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

I was reading this https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt but it appears to be more about wildcard certs.

That's what you use for IIS regardless of how many you need to cover.

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

Can I use LE to secure ADManager, Servicedesk, Desktop Central, and Self Service? It is one URL ie: helpdesk dot website dot net

Then the question is... can you use LE for... and then we need to know what Web Server those are running on. That you perceive it as multiple apps isn't a factor, it is just one website. That it is just one website would only matter if we lacked a multiple website option.

But given the factors on Windows, all that matters is if it is IIS or a different web server. As long as it is IIS, you use the guide that I provided.

scottalanmiller

Guide was tested just last week, too.

JaredBusch

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

I was reading this https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt but it appears to be more about wildcard certs.

That's what you use for IIS regardless of how many you need to cover.

I don't believe that ME uses IIS directly.

scottalanmiller

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

I was reading this https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt but it appears to be more about wildcard certs.

That's what you use for IIS regardless of how many you need to cover.

I don't believe that ME uses IIS directly.

That's what matters most, not what apps it is or how many, but what app are we discussing for LE to be interfacing with.

scottalanmiller

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

JaredBusch

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

WLS-ITGuy

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

WLS-ITGuy

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

For those following along at home...Am I building a VM of NGNIX or installing NGNIX on the windows box?

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

For those following along at home...Am I building a VM of NGNIX or installing NGNIX on the windows box?

A VM. You don't want web serving on Windows, that's never good.

Dashrender

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@scottalanmiller said in Let's Encrypt Windows Server:

You can always put a reverse proxy in front, using something like Nginx, and put the cert there.

This is what I do with my MESD deployment.

Do you use Apache or NGNIX for that?

You "always" use Nginx for stand alone reverse proxies. That's what it is built for.

For those following along at home...Am I building a VM of NGNIX or installing NGNIX on the windows box?

A VM. You don't want web serving on Windows, that's never good.

A waste of a license at the min - but it's so much worse than that.

JaredBusch

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

WLS-ITGuy

@JaredBusch said in Let's Encrypt Windows Server:

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

That is what I am seeing :(

scottalanmiller

@JaredBusch said in Let's Encrypt Windows Server:

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

That's what I use, here is my doc on that:

https://mangolassi.it/topic/18137/get-wildcard-ssl-certs-for-iis-on-windows-with-letsencrypt/

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch said in Let's Encrypt Windows Server:

@WLS-ITGuy By the way, there is a great tool for LE on IIS. Just not useful for you since ME does not use IIS last I knew.

That is what I am seeing :(

Not a big deal, you likely want a solid reverse proxy anyway. Nginx is not a big deal to set up or maintain.

WLS-ITGuy

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

scottalanmiller

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

What would be the concern?

WLS-ITGuy

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

What would be the concern?

Curious more than anything.