Microsoft Windows [Version 10.0.17763.1935]
(c) 2018 Microsoft Corporation. All rights reserved.
c:\Program Files\letsencrypt>wacs.exe
 A simple Windows ACMEv2 client (WACS)
 Software version 2.1.17.1065 (release, pluggable, standalone, 64-bit)
 Connecting to https://acme-v02.api.letsencrypt.org/...
 Scheduled task looks healthy
 Please report issues at https://github.com/win-acme/win-acme
 N: Create certificate (default settings)
 M: Create certificate (full options)
 R: Run renewals (0 currently due)
 A: Manage renewals (0 total)
 O: More options...
 Q: Quit
 Please choose from the menu: M
 Running in mode: Interactive, Advanced
  Please specify how the list of domain names that will be included in the
  certificate should be determined. If you choose for one of the "all bindings"
  options, the list will automatically be updated for future renewals to
  reflect the bindings at that time.
 1: Read site bindings from IIS
 2: Manual input
 3: CSR created by another program
 C: Abort
 How shall we determine the domain(s) to include in the certificate?: 2
 Enter comma-separated list of host names, starting with the common name: xxx.xxxx.xxx.xxxx,xxx.xxxx.xxx.xxxx
 Target generated using plugin Manual: xxx.xxxx.xxx.xxxx
 Suggested friendly name '[Manual] xxx.xxxx.xxx.xxxx', press  to accept or type an alternative:
  The ACME server will need to verify that you are the owner of the domain
  names that you are requesting the certificate for. This happens both during
  initial setup *and* for every future renewal. There are two main methods of
  doing so: answering specific http requests (http-01) or create specific dns
  records (dns-01). For wildcard domains the latter is the only option. Various
  additional plugins are available from https://github.com/win-acme/win-acme/.
 1: [http-01] Save verification files on (network) path
 2: [http-01] Serve verification files from memory
 3: [http-01] Upload verification files via FTP(S)
 4: [http-01] Upload verification files via SSH-FTP
 5: [http-01] Upload verification files via WebDav
 6: [dns-01] Create verification records in AWS Route 53
 7: [dns-01] Create verification records manually (auto-renew not possible)
 8: [dns-01] Create verification records with acme-dns (https://github.com/joohoi/acme-dns)
 9: [dns-01] Create verification records with your own script
 10: [tls-alpn-01] Answer TLS verification request from win-acme
 C: Abort
 How would you like prove ownership for the domain(s)?: 6
 AWS IAM role for current EC2 instance (blank for default):
 AWS access key ID: *******************
 AWS secret access key: ****************************************
  After ownership of the domain(s) has been proven, we will create a
  Certificate Signing Request (CSR) to obtain the actual certificate. The CSR
  determines properties of the certificate like which (type of) key to use. If
  you are not sure what to pick here, RSA is the safe default.
 1: Elliptic Curve key
 2: RSA key
 C: Abort
 What kind of private key should be used for the certificate?: 2
  When we have the certificate, you can store in one or more ways to make it
  accessible to your applications. The Windows Certificate Store is the default
  location for IIS (unless you are managing a cluster of them).
 1: IIS Central Certificate Store (.pfx per host)
 2: PEM encoded files (Apache, nginx, etc.)
 3: PFX archive
 4: Windows Certificate Store
 5: No (additional) store steps
 How would you like to store the certificate?: 4
 1: [WebHosting] - Dedicated store for IIS
 2: [My] - General computer store (for Exchange/RDS)
 3: [Default] - Use global default, currently WebHosting
 Choose store to use, or type the name of another unlisted store: 2
 1: IIS Central Certificate Store (.pfx per host)
 2: PEM encoded files (Apache, nginx, etc.)
 3: PFX archive
 4: Windows Certificate Store
 5: No (additional) store steps
 Would you like to store it in another way too?: 5
  With the certificate saved to the store(s) of your choice, you may choose one
  or more steps to update your applications, e.g. to configure the new
  thumbprint, or to update bindings.
 1: Create or update https bindings in IIS
 2: Create or update ftps bindings in IIS
 3: Start external script or program
 4: No (additional) installation steps
 Which installation step should run first?: 1
 1: Default Web Site
 2: Exchange Back End
 Choose site to create new bindings: 1
 1: Create or update https bindings in IIS
 2: Create or update ftps bindings in IIS
 3: Start external script or program
 4: No (additional) installation steps
 Add another installation step?: 3
 Full instructions:  https://www.win-acme.com/reference/plugins/installation/script
 Enter the path to the script that you want to run after renewal: ./Scripts/ImportExchange.ps1
 {CertCommonName}:    Common name (primary domain name)
 {CachePassword}:     .pfx password
 {CacheFile}:         .pfx full path
 {CertFriendlyName}:  Certificate friendly name
 {CertThumbprint}:    Certificate thumbprint
 {StoreType}:         Type of store (CentralSsl/CertificateStore/PemFiles)
 {StorePath}:         Path to the store
 {RenewalId}:         Renewal identifier
 {OldCertCommonName}  Common name (primary domain name) of the previously
                      issued certificate
 {OldCertFriendlyNam  Friendly name of the previously issued certificate
 {OldCertThumbprint}  Thumbprint of the previously issued certificate
 Enter the parameter format string for the script, e.g. "--hostname {CertCommonName}": '{CertThumbprint}' 'IIS,SMTP,POP,IMAP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'
 1: Create or update https bindings in IIS
 2: Create or update ftps bindings in IIS
 3: Start external script or program
 4: No (additional) installation steps
 Add another installation step?: 4
 Terms of service:   C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\LE-SA-v1.2-November-15-2017.pdf
 Open in default application? (y/n*) - yes
 Do you agree with the terms? (y*/n) - yes
 Enter email(s) for notifications about problems and abuse (comma-separated): xxxx@xxxxx.xxx
 [xxx.xxxx.xxx.xxxx] Authorizing...
 [xxx.xxxx.xxx.xxxx] Authorizing using dns-01 validation (Route53)
 Creating TXT record _acme-challenge.xxx.xxxx.xxx.xxxx with value nxxxx_xxxx-xxxx
 Waiting for DNS changes propagation
 [xxx.xxxx.xxx.xxxx] Preliminary validation succeeded
 [xxx.xxxx.xxx.xxxx] Authorization result: valid
 Deleting TXT record _acme-challenge.xxx.xxxx.xxx.xxxx with value nxxxx_xxxx-xxxx
 Requesting certificate [Manual] xxx.xxxx.xxx.xxxx
 Store with CertificateStore...
 Installing certificate in the certificate store
 Adding certificate [Manual] xxx.xxxx.xxx.xxxx @ 20xx/xx/xx 11:34:40 to store My
 Installation step 1/2: IIS...
 Updating existing https binding :443 (flags: 0)
 Adding new https binding 127.0.0.1:443:
 Committing 2 https binding changes to IIS
 Installation step 2/2: Script...
 Script ./Scripts/ImportExchange.ps1 starting with parameters 'xxxxxxxxxxx' 'IIS,SMTP,POP,IMAP' 1 'C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\pkr_xxx-xxxx-xxxxxxxxx-temp.pfx' 'xxxxxxxxxxxxxxxxxx=' '[Manual] xxx.xxxx.xxx.xxxx @ 2021/5/26 11:34:40'
 Script finished
 Scheduled task looks healthy
 Adding renewal for [Manual] xxx.xxxx.xxx.xxxx
 Next renewal scheduled at 20xx/xx/xx 11:33:09
 Certificate [Manual] xxx.xxxx.xxx.xxxx created
 N: Create certificate (default settings)
 M: Create certificate (full options)
 R: Run renewals (0 currently due)
 A: Manage renewals (1 total)
 O: More options...
 Q: Quit
 Please choose from the menu: Q