IIS 6: Enable HTTPS for Multiple Web Sites

posted in: IIS 6 | 0

Once you have added the SSL certificate to your website(s), if not then head over to read IIS 6: Add a Certificate to a Website to see how.

If you have a wildcard certificate, enabling HTTPS on port 443 for the multiple websites can be a bit tricky.

Modify IIS Metabase Directly (IIS 6)

To enable the edit-while running feature of the metabase by using IIS Manager

  1. In IIS Manager, right-click the local computer,


IIS 6: Add a Certificate to a Website

posted in: IIS 6 | 0

If you have not already done so, add your website certificate by importing it into Windows Server 2003 by read the following post: Windows Server 2003: Import a Certificate into MMC.

To add your certificate to a website through Internet Information Services (IIS), follow the procedures below.

  1. Open IIS Manager, expand Web Sites, and select your website e.g. www.example.com
  2. Right-click on the website


Windows Server 2003: Import a Certificate into MMC

posted in: Windows Server 2003 | 0

If you have not added the Certificate Snap-in to Microsoft Management Console (MMC) then visit the post Windows Server 2003: Adding the Certificate Snap-in.

To import a certificate provided by your domain register or certificate provider, follow the following procedures with the Certificate Snap-in open in MMC:

  1. Expand Personal and select Certificates

  2. Right-click and select All Tasks -> Import…


Install Let’s Encrypt on Debian/Ubuntu with Nginx

posted in: Uncategorized | 0

This post combines several different sources of information on installing Let’s Encrypt on Debian/Ubuntu and configuring SSL on nginx and will show how to install Let’s Encrypt on Ubuntu with nginx already installed. As of writing there is no automated install process provided by Let’s Encrypt for nginx.

For more detailed information see the sources at the end of this post.

Before You Begin

  • Make sure the server has at least 2GB of RAM. If not, add or increase your swap size to meet this requirement, otherwise problems may occur during install as reported here and here.
  • Update the server software packages:

Clone and Install Let’s Encrypt

  • If   git is not installed then execute the following command:

Generate an SSL Certificate

  • Navigate to /opt/letsencrypt:

  • Run Let’s Encrypt with the --standalone parameter. For multiple domains add -d example.com:


From: Sudo Manual

  • Next enter an administrative email address and follow the prompts:
  • Agree to the Terms of Service:
  • If no problems occur then a similar message will show below:

  • The files that will be used in nginx for the certificate are located at  /etc/letsencrypt/live/example.com. The two files that are need are fullchain.pem and privkey.pem.

Generate Strong Diffie-Hellman Group

  • To increase security, generate a strong Diffie-Hellman group. To generate a 2048-bit group, use this command:

  • This will take a while to generate.

Configure SSL in Nginx

  • Edit the nginx configuration that contains your server block. The default one is located at  /etc/nginx/sites-available/default, for the purpose this post we will edit this one:

  • Now locate the following lines and comment out or remove them in your server block:

  • The following is an example configuration:

OCSP Stapling for Let’s Encrypt Certificate with Nginx

  • Determine which of the Let’s Encrypt certificates was used to sign your certificate:

  • The output will be similar to the following:

  • That last part, Let's Encrypt Authority X3, is the name of the Let’s Encrypt certificate that was used to sign the certificate.
  • Download the PEM version of this certificate. All of the Let’s Encrypt intermediate certificates are on the Let’s Encrypt site; click on the “PEM” link for the appropriate certificate to get the file you need. Or, from the command line,

  • Replace “x3” with a different certificate name if necessary.
  • Edit the nginx configuration from before and add:

Apply the Changes

  • Test the nginx configuration:

  • Reload nginx to put the changes into effect:

Test the SSL Certificate

  • If OCSP stapling is enabled, in the OCSP Response Data section, it should say the following:

Renewing SSL Certificates

Go to:

Then enter:

It will show a similar message below, certificates have a 90-day lifespan before they expire: