IIS Let’s Encrypt配置https及url重写

安装Let’s Encrypt
https://miketabor.com/how-to-install-a-lets-encrypt-ssl-cert-on-microsoft-iis/
https://www.gsanweb.cn/other/302

下载地址https://github.com/PKISharp/win-acme/releases
安装包:win-acme.v2.1.1.593.x64.trimmed.zip
https://github-production-release-asset-2e65be.s3.amazonaws.com/46080325/6a873580-1160-11ea-9eb8-16d058179fb1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191204T112555Z&X-Amz-Expires=300&X-Amz-Signature=577fddbc5084dac143b1cec34b521f66773dded5ec433e301c90295024d0454a&X-Amz-SignedHeaders=host&actor_id=56209562&response-content-disposition=attachment%3B%20filename%3Dwin-acme.v2.1.1.593.x64.trimmed.zip&response-content-type=application%2Foctet-stream

2.IIS部署HTTPS站点

提取letsencrypt以管理员身份运行wacs
N: Create new certificate // 创建新证书
M: Create new certificate with advanced options // 使用高级选项创建新证书
L: List scheduled renewals // 自动续费
R: Renew scheduled // 续费单个
S: Renew specific // 续费多个
A: Renew *all* // 全部续费
V: Revoke certificate // 取消证书
C: Cancel scheduled renewal // 取消某个自动续费
X: Cancel *all* scheduled renewals // 取消全部自动续费
Q: Quit

输入1或2会有以下选项

1: Single binding of an IIS site // 绑定单一IIS站点
2: SAN certificate for all bindings of an IIS site // 绑定所有IIS站点
3: SAN certificate for all bindings of multiple IIS sites // 绑定多个IIS站点
4: Manually input host names // 手动输入域名
C: Cancel

最后生成的证书都在C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org中。
网站能够正常访问并正确配置会自动配置好

url重写
1
根据IIS版本备份以下文件:
IIS6.0 路径:C:\WINDOWS\Help\iisHelp\common\403-4.htm
IIS7.0以上 路径:C:\inetpub\custerr\zh-CN\403.htm

<HTML><HEAD><TITLE>该页必须通过安全通道查看</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=GB2312">
</HEAD><BODY>
<script type="text/javascript">
var url = window.location.href;
if (url.indexOf("https") < 0) {
 url = url.replace("http:", "https:");
 window.location.replace(url);
}
</script>
</BODY></HTML>

2
https://www.cnblogs.com/xuxuzhaozhao/p/8184282.html

1、下载并安装好IIS10的重写模块

2、双击URL重写

3、添加空白规则并编辑规则

最后修改网站SSL

确定以后点开网站看到有个SSL,

双击进去,再选中

要求SSL

选中此步就是为了防止浏览器认为你的网站不安全阻止网站的访问,到此,证书配置完成

版权声明:本文为whaxkl原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。