A simple ACMEv2 client for Windows (for use with Let's Encrypt et al.)


Conceptually win-acme works by chaining together five components also known as plugins, which can be mixed and matched to support many use cases. Using the “default settings” mode of the UI, the default for each plugin will be chosen for you. These defaults can be changed in settings.json.

In “full options” mode, you will be asked to pick each of these plugins.

From the command line you can also rely on the configured defaults or explicitly provide which one(s) you want. Check the command line reference to see how.

  • A source plugin determines which domains to include in the renewal.
  • An order plugin divides these domains over one or more certificates to be ordered.
  • A CSR plugin determines the (type of) private key and extensions to use for the certificate(s).
  • A validation plugin provides the ACME server with proof that you own the domain(s).
  • One or more store plugins place the certificate(s) in a specific location and format.
  • One or more installation plugins make changes to your application(s) configuration.

Pluggable vs. Trimmed releases

A lot of plugins are built-in, but some plugins are distributed as optional extra downloads. When using one of the extra downloads, it’s required to use the “pluggable” releases of the main program. Otherwise you may use the “trimmed” releases to save space.