Let’s Encrypt- Upgrade Win-Acme Version 1 to Version 2 

Win-Acme has reached end-of-life (EOL) for Version 1. Any renewals running on v1 will not work and it’ll have to be upgraded to win-acme v2. Followed by, the certificates being imported from v1 to v2. This blog will walk you through how you can upgrade win-acme version 1 to version 2.

Let’s Encrypt is a non-profit Certificate Authority that provides TLS certificates. These are free certificates to protect the traffic between your website (domain) and visitors. TLS stands for Transport Layer Security and SSL (Secure Socket Layer) is its predecessor. 

TLS Certificates are digital or private key certificates and files that are used to certify the ownership of a public key. 

The Certificate Authority (CA) signs and certifies indicating that they have indeed verified it and that it indeed belongs to the owners of the said domain. 

 

https

What information is carried by a TLS or SSL certificate? 

TLS or SSL Certificates contain: 

  • Domain Name 
  • Sub-domain Name 
  • Organization Name 
  • Name of the CA
  • Date of Issuance and expiry 
  • Digital Signature 

 

Port 80- Indicates HTTP- connects users to an unencrypted network 

Port 443- a default port for a secure encrypted protocol- Indicates HTTPS- connects users to a secure network. The port enables encrypted communication to pass between the server and the browser. 

 

What is Win-Acme? 

Win-Acme (Automated Certificate Management Environment) is an ACME client for Windows, hence win-acme. It is used with Let’s Encrypt, which was formerly known as letsencrypt-win-simple (LEWS). 

If you are considering using Let’s encrypt, win-acme will provide you with an automated and reliable way to renew the certificate. 

Ultimately, the most important aspect of any ACME client is the automatic renewal of the certificate. Win-acme creates a single scheduled task to renew all certificates on a server. This task does all the work to renew the certificate as soon as the first certificate is created.

 

This article will walk you through how you can perform the update: 

    1. Download win-acme v2.1.18
    2. Extract the contents of the zip file to a folder in the C drive
    3. Open the destination folder and run the file named “wacs.exe” (shown below) with administrative privilegesupgrade win-acme setup file
      win acme 2
    4. Select Option “O” followed by Option “I”. O will help manage renewals and I will import scheduled renewals from the previous version of win-acme. This will give you a list of options. You can go with the default options unless there are any settings that you need to modifyupgrade win-acme option Owacs3
    5. Now that you have imported the renewal tasks to the new client version, you can view and manage the renewals using option “A”.  Or you can directly select Option “R” which shows the number of renewals that are currently due.

Final step- upgrade to winacme version 2

Post-renewal and upgrade of Win-acme 

Post the renewal initiation, it will ask for the email address that you would like to receive your notification on, for any reminders and notifications.  

As with the previous version, make sure that port forwarding for port 80 and port 443 has been set up to the server.  on the IP address being resolved on the hostname for certificate SAN (Subject Alternative Name). Otherwise, the verification by Let’s Encrypt will fail and the certificate renewal will have an error. 

 

 

Sreehari Kartha
Sreehari Kartha

Sreehari Joined Infrassist in 2013 as a NOC engineer. He currently works with us as a senior engineer and Tech lead specializing in Sophos XG and Sophos Central with extensive experience in Microsoft Office365, Servers, Exchange, and Anti-Spam Gateway solutions like Mimecast and SolarWinds N-able Mail Assure.

Thanks For Reading