Comments (5)
It updates the existing bindings to use the new certificate. Didn't know there was a renewal thing in IIS.
from win-acme.
It's IIS 8.5+ feature only (ie. W2012R2+).
http://www.iis.net/learn/get-started/whats-new-in-iis-85/certificate-rebind-in-iis85
The implementation is quite weird:
"When you enable Certificate Rebind, IIS registers a task in the system’s Task Scheduler, and the task is keyed to trigger upon a certificate-renewal event (event ID 1001). When such an event occurs (either when you manually renew the certificate, or when it renews through autoenrollment), the scheduled task executes the IIS command-line tool appcmd.exe. It gives appcmd the thumbprint of the expired certificate and the thumbprint of the new one. Using these two parameters, appcmd locates the Web sites that the old certificate is bound to, unbinds that certificate, and then binds the new certificate to them. If you set up your certificates to renew automatically through autoenrollment, and you enable Certificate Rebind, the whole process will be automated."
I would personally prefer the current rebinding system. Based on my experience it's not necessary to restart website or recycle application pool after replacing website certificate in HTTPS binding(s). It works immediately, for IIS, for Exchange too.
from win-acme.
Sounds that is doing more or less the same the the letsencrypt client application is doing.
Other option that I have found is CCS (Central Certificate Store) that probably is easy and good for loadbalanced environment.
https://technet.microsoft.com/en-us/magazine/jj937171.aspx
http://blogs.msdn.com/b/kaushal/archive/2012/10/11/central-certificate-store-ccs-with-iis-8-windows-server-2012.aspx
from win-acme.
Don't forget the name of this project - there is "simple" word in it :) In my opinion, for CCS it makes more sense to invest time into ACMESharp. This combination could create pretty robust platform with a centralized certificate repository.
from win-acme.
Central SSL was added in pull #33.
I have noticed that for central SSL when you update the certificate it takes time for IIS to realize that there is a new certificate. It is faster at switching the certificates when you switch them on the binding and don't used central SSL.
from win-acme.
Related Issues (20)
- No scheduled renewals found
- Ruined output in 2.2.7.1612 HOT 1
- "(IOException): The handle is invalid" when running wacs.exe in some consoles HOT 1
- Split Horizon (split brain) DNS issue encountered on build 2.2.7.1621 HOT 6
- support Google Trust certs HOT 1
- Unusual appearance on Windows Web Server 2008 R2 HOT 2
- Renewal failed, dnsmadeeasy plugin HOT 5
- Private key is not exportable HOT 15
- Optimize multiple manual dns-01 validation HOT 1
- Unable to get/renew a certificate for internationalized domain name (invalid character) HOT 1
- Acme renew problem HOT 3
- plugin.validation.dns.azure v2.2.8.1635 missing System.ClientModel.dll HOT 4
- [Aliyun] third-level domain name wildcard verification failed InvalidDomainName.NoExist HOT 4
- Set up renewal without requesting a new cert? HOT 2
- Validation Fails - IIS server 2019 - cant be firewall
- Mass Deployment of WinAcme Agent
- certificate for html 5 rdweb access
- Installation Plugin IIS aborted or Failed : No option available for required choice
- Blocked by Defender- Zip download contains Trojan:Script/Sabsik.FL.A!ml HOT 2
- password issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from win-acme.