After using letsencrypt-win-simple (now win-acme) for my iis sites, I had some troubles, and I provide you the solutions I applied to fix them.
First, I had a lot of sites / domain names to register, and it was long to do that from the interactive app. So I tried to do that from command prompt. The documentation is not clear on how to do that, so I did several try-mistake.
And, finally, that’s what I found:
the first time you will add the “plugin” mode, you will get that error:
“unable to find validation plugin”
Because the “recommended” validation method from the ui is not the same in the command prompt, and you need to provide it, using the argument:
These are 3 command line methods I tried.
The first allow you to get 1 single certificate for all your sites. But, warning, if you request certificates info for any domain name registered, you will always see the first one registered. So, I did not use that method. But, you can try it.
letsencrypt.exe --plugin iissites --validation selfhosting --siteid 1,2,3,4,...
Warning, do not include sites id that are invalid or inexisting.
The second method allow you to create 1 certificate per site ID (that is not a domain name, you can have multiples domain name binding on 1 single site).
letsencrypt.exe --plugin iissite --validation selfhosting --siteid 1
And now, my preferred one, that I put on a batch file with all my existing sites:
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost yoursite1.com
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost www.yoursite1.com
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost yoursite2.com
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost www.yoursite2.com
You execute that only once.
After, you can run the renewal process once per month, or every day as you wish, but the renewal process will only renew certificates that were generated more than 55 days ago.
If you experience some issues when updating, with locked certificates files, I suggest to run “iisreset” before renewing, as it always helps me to clear all these renewal errors.