1

I have been using Let's Encrypt certificates for some of my domains/servers for a while, using the win-acme client for Windows for the generation and renewal.

My problem is: every renewal I have to run the wacs.exe manually again, using the force renewal option, having passed the --acl-fullcontrol command line option and the account I need to have full control to read the certificates.

I haven't found how to change the command line used by WACS for the renewal so that option (--acl-fullcontrol) is added there, and I can forget about that. I have looked everywhere but without any luck. The .json file for each domain doesn't include any option that appears to be related to that, the only thing I have found is the "PrivateKeyExportable":true in the settings.json file, but nothing to configure a specific account to grant permissions.

Any idea on how to do this?

Improve this question

1 Answer 1

Reset to default
2

This was simpler that I thought.

Using that command line option, you just need to enter and Modify the task/certificate where you want to change the option. For instance, modify the options related to the Store of the certificate. It is not needed to change anything, as far as I can see, you just need to enter, set the same values as they have, and the task will include the new command line option.

I have yet to see if it effectively changes the ACL for the private key, as expected, but at least the solution to this question is this.

Improve this answer
1
  • Thank you, that worked perfectly. Looks like anything that updates the renewal will add the command line parameters you started wacs.exe with during that session. It will also remove them, so you have to remember to specify that parameter every single time if you're going to touch renewal settings. Commented Aug 7, 2024 at 17:31

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.