The default settings works well for the most common use case, but there are many reasons to go for full options mode. For example:
This describes the basic steps of an full options rewenal from the interactive menu. It touches
on concepts described here, because this mode of operation
exposes more of the internal logic of the program to use to your advantage. Don’t worry if
this seems overwhelming: most options have sensible defaults that you can select by just
<Enter> in response to a question.
Min the main menu to create a new certificate in full options mode
PemFilesplugin is commonly chosen.
By providing the right command line arguments at start up you can do everything that is possible in interactive mode (and more) without having to jump through the menu’s. This is great way to make win-acme part of a larger automation workflow.
An easy way to get started with unattended operation is to set up some certificates manually first and then
L option in the renewal manager to see the equivalent command line arguments. Note that some
advanced scenarios are not possible through the command line (e.g. multiple installation scripts), so if you
need to automate those there’s no alternative but to manipulate the
.json files themselves.
--source switch, used to select a source plugin,
triggers the unattended creation of new certificate.
--source manual- selects the manual plugin.
--source iis- selects the iis plugin.
Each plugin has their own inputs which it needs to generate the certificate, for example:
wacs.exe --source manual --host www.domain.com --webroot C:\sites\wwwroot
wacs.exe --source iis --siteid 1 --excludebindings exclude.me
There are some other parameters needed for first-time unattended use (e.g. on a clean server)
to create the Let’s Encrypt registration automatically (
--emailaddress email@example.com --accepttos).
So a full command line to create a certificate for IIS site 1 on a clean server (except for
the ‘exclude.me’ binding) would look like this:
wacs.exe --source iis --siteid 1 --excludebindings exclude.me --emailaddress firstname.lastname@example.org --accepttos
Some application-specific examples are available here.