Apply for Let’s Encrypt wildcard certificate on Windows

  Let’s try to apply for Wildcard certificate in SSL For Free (*.abc.com),I didn't expect the application to be successful,I originally thought that Let’s Encrypt can only apply for individual URLs。Recently the voucher is almost three months,Ready to apply again,But found that SSL For Free was bought by ZeroSSL,Application for Wildcard voucher,Can only be purchased for a fee,So I had to give up the service of this platform。

 

   After searching some information on the Internet,Most articles are recommended by Let’s Encrypt Certbot tool,You can apply for a certificate,It can also be extended automatically。But after my actual trial,Some problems occurred in the URL verification section and could not proceed smoothly,So I had to stop。

 

   Then try to search for sites that can apply for certificates online like SSL For Free,Finally found Get HTTPS for free! This not-so-obtrusive but great website! Get HTTPS for free! Is an open source website,The page of the webpage is very simple,But the instructions are very detailed。Try to follow the steps above,Pity in the steps 3. To verify through openssl,The instructions on the webpage do not seem to work in Windows,So check again。

 

   Fortunately later Cook Wu’s Murmurs's Articles Learn,Some netizens targeted Get HTTPS for free! I wrote a super convenient collaboration tool that can run on Windows – GetHttpsForFree-UI,Just set the location of openssl in GetHttpsForFree-UI,Follow the steps to match the web page step by step,Almost all just copy and paste,No need to use instructions。

 

   The following is "Get HTTPS for free!"+"openssl"+"GetHttpsForFree-UI" Instructions for "Let’s Encrypt wildcard certificate":

※ If you want to renew the certificate,Put the previous account.key、put domain.key and openssl.cnf in the specified location,And set up OpenSSL Path and Working Path,Do the steps first 10.,Then from 12. Just do it in order。

 

1. Download openssl for windows,And unzip。

2. Download GetHttpsForFree-UI.exe

3. Execute GetHttpsForFree-UI.exe,Set the location of openssl.exe in OpenSSL Path。

4. Set a directory in Working Path to store "certificate" and "key" later。

5. The file names of Account key and Domain key can use default values。

6. The openssl.cnf file can be found under the opensslshare directory,You can also click "Download an OpenSSL.cnf template file",Download template file,I choose the latter。After downloading the template file,Save to working path directory。

7. 點選「Copy required entry to clipboard」,At this point, the scrapbook will contain the parameters required by openssl.cnf,The receiver opens the openssl.cnf just now,"Paste" on the last line。

 

8. Modify the subjectAltName parameter just posted,Change the following URL to *.abc.com。

 

9. Back to the GetHttpsForFree-UI.exe tool,Switch to "Step 1 and 2" page,Click "Create Account Key",This will generate the public key content of the email account required by Let’s Encrypt,And automatically copied to the scrapbook。In addition, the Working Path folder will generate a private key file for account.key。

 

10. To "Get HTTPS for free!"website,In Step 1 Enter Email and paste the public key just now,And click "Validate Account Info"。

 

11. Back to the GetHttpsForFree-UI.exe tool,按下「Create Domain Key and Request」,The CSR content will be generated and automatically copied to the clipboard。In addition, the Working Path folder will generate a domain.key private key file。

 

12. 到「Get HTTPS for free!"website,In Step 2 Paste the CSR content just copied,And click "Validate CSR"。

 

13. Also in "Get HTTPS for free!"website,Copy the instructions under Step 3 "Accept the Let’s Encrypt terms and condition"。

 

14. Back to the GetHttpsForFree-UI.exe tool,Switch to "Step 3 and 4" page,Paste to the "Data" field,And click "Excute OpenSSL",At this time, the data in the "Result" field will be automatically copied to the clipboard。

 

15. Back to "Get HTTPS for free!"website,Paste the value just below the command,And press "Accept Terms"。

 

16. Repeat the above steps,完成「Get HTTPS for free!'' Step on the website 3 Of other fields。

 

17. 在「Get HTTPS for free!''Step of the website 4,Repeat the previous steps,After generating the verification value,Click "Load Challenges"。

 

18. Then the TXT information to be added to the DNS Server will be generated below,After completing the addition,點選「I can see the TXT record for abc.com」。

 

19. 將「Get HTTPS for free!''Step of the website 4 The remaining command fields,Follow the previous steps,Paste to GetHttpsForFree-UI.exe and then post it back to the website,And press the corresponding button。

 

20. 在「Get HTTPS for free!''Step of the website 5 (last step),Copy the content of "Signed Certificate Chain"。

 

21. Back to the GetHttpsForFree-UI.exe tool,Switch to the "Step 5" page,Paste the value you just copied in "Signed Certificate",And click "Create Certificate" below,A .crt server certificate file will be generated in the Working Path folder。

 

  Here we have completed the application of Let’s Encrypt’s wildcard certificate,I deeply feel that the tool GetHttpsForFree-UI.exe is really convenient,Thank the author,In addition, the author also recorded Teaching video,Actually after watching the video,You probably know how to proceed,The suggestion can be read first。

 

【Fan Wai Pian】

  If you want to convert crt server certificate file to PFX file,Can refer to Bao's this,There are very detailed instructions。

 

◎ Through the following command,Combine the "crt server certificate file" and "domain.key private key" into a PFX file。

openssl pkcs12 -in abc.com.crt -inkey domain.key -export -out abc.com.pfx -password pass:1234
# 1234 是匯入密碼,請自行修改。

 

【2020/08/04 Supplement】
The file generated by the above procedure is explained as follows:

【openssl.cnf】
# 讓 OpenSSL 產生憑證的範本檔。

【account.key】
# Let's Encrypt 郵件帳號的私鑰檔。

===============================

【domain.key】
# 產生 CSR 時的私鑰檔。

【abc.com_cert.crt】
# 主要憑證檔。

【abc.com_chain.crt】
# 根憑證 (root)。

【abc.com.pfx】
# 使用 openssl 將「abc.com_cert.crt (主憑證)」與
# 「domain.key (私鑰)」合併轉換而成。

 

【參考連結】

7 Responses

  1. Apply for and automatically renew Let’s Encrypt credentials on Windows Apache through WIN-ACME | Old Sen Chang Tan Says |

    […] I have previously written an article "Applying for a Let's Encrypt wildcard certificate in Windows",This article is mainly through “Get HTTPS for free!” The website applies for or extends the certificate manually。When a new website was launched recently,Try to apply with WIN-ACME tool,to make it easier to use its automatic extension later (renewal) Features。 […]

  2. MercyTree Says |

    great graphic teaching,great graphic teaching。

    great graphic teaching,great graphic teaching
    great graphic teaching

    great graphic teaching、great graphic teaching
    感謝您!

    很高興對你有幫助,不客氣~ :)

    Anson Reply |
  3. Eric Says |

    Thanks for sharing!

    You're welcome 🙂

    Anson Reply |
  4. tenrivers Says |

    Please apply this way,Is it also updated every 3 months??
    A little lazy…

    Yes,To manually extend。
    If you want to be automatic,You can consider the officially recommended Certbot program。

    Anson Reply |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.