Let's Encrypt - Upgrade Win-Acme Version 1 to Version 2

Win-Acme has reached end-of-life (EOL) for Version 1. Any renewals running on v1 will not work and it’ll have to be upgraded to win-acme v2. Followed by, the certificates being imported from v1 to v2. This blog will walk you through how you can upgrade win-acme version 1 to version 2.

Let’s Encrypt is a non-profit Certificate Authority that provides TLS certificates. These are free certificates to protect the traffic between your website (domain) and visitors. TLS stands for Transport Layer Security and SSL (Secure Socket Layer) is its predecessor.

TLS Certificates are digital or private key certificates and files that are used to certify the ownership of a public key.

The Certificate Authority (CA) signs and certifies indicating that they have indeed verified it and that it indeed belongs to the owners of the said domain.

What information is carried by a TLS or SSL certificate?

TLS or SSL Certificates contain:

Domain Name
Sub-domain Name
Organization Name
Name of the CA
Date of Issuance and expiry
Digital Signature

Port 80- Indicates HTTP- connects users to an unencrypted network

Port 443- a default port for a secure encrypted protocol- Indicates HTTPS- connects users to a secure network. The port enables encrypted communication to pass between the server and the browser.

What is Win-Acme?

Win-Acme (Automated Certificate Management Environment) is an ACME client for Windows, hence win-acme. It is used with Let’s Encrypt, which was formerly known as letsencrypt-win-simple (LEWS).

If you are considering using Let’s encrypt, win-acme will provide you with an automated and reliable way to renew the certificate.

Ultimately, the most important aspect of any ACME client is the automatic renewal of the certificate. Win-acme creates a single scheduled task to renew all certificates on a server. This task does all the work to renew the certificate as soon as the first certificate is created.

This article will walk you through how you can perform the update:

1. Download win-acme v2.1.18
2. Extract the contents of the zip file to a folder in the C drive
3. Open the destination folder and run the file named “wacs.exe” (shown below) with administrative privileges
4. Select Option “O” followed by Option “I”. O will help manage renewals and I will import scheduled renewals from the previous version of win-acme. This will give you a list of options. You can go with the default options unless there are any settings that you need to modify
5. Now that you have imported the renewal tasks to the new client version, you can view and manage the renewals using option “A”. Or you can directly select Option “R” which shows the number of renewals that are currently due.

Post-renewal and upgrade of Win-acme

Post the renewal initiation, it will ask for the email address that you would like to receive your notification on, for any reminders and notifications.

As with the previous version, make sure that port forwarding for port 80 and port 443 has been set up to the server. on the IP address being resolved on the hostname for certificate SAN (Subject Alternative Name). Otherwise, the verification by Let’s Encrypt will fail and the certificate renewal will have an error.