I'm looking for advice on automating the certificate renewal process for IIS, particularly in environments that use RDP Gateway and RRAS for SSTP VPN access. With new regulations shortening certificate validity to around 100 days, this task is becoming more frequent—potentially quarterly or even monthly! In the past, renewing and reinstalling certificates has sometimes led to issues, like RRAS not transmitting traffic until a server reboot, which isn't ideal. I'm hoping to find a solid system that can handle renewals without causing service interruptions. I'm all for automating this to reduce repetitive work for my clients, so if anyone has effective solutions or tools that have worked for them, I would love to hear about it!
3 Answers
I used win-acme in a similar setup just for RDG, and it worked well for cert application. If you're dealing with concerns, it might be smart to schedule the cert renewals outside of business hours and reboot the server afterward, just to be safe.
A lot of people here recommend using CertifyTheWeb. It's a pretty all-in-one solution with ready-to-go scripts for Windows environments. For personal use, it's free, and even for commercial use, it's still a good investment.
I agree, CertifyTheWeb is excellent. It's user-friendly and covers most scenarios you'd encounter. Just make sure to configure it properly to avoid any mishaps.
Absolutely! Once it's set up, it saves so much hassle. Definitely worth checking out!
Check out this post by Richard Hicks, a Microsoft MVP for RRAS. He discusses using the CertKit agent that automatically detects RRAS and manages certificate renewals without needing to change firewall settings or DNS entries. It's quite handy!
I've followed that approach as well; I found it effective to just restart the service instead of the whole server to minimize downtime.