IIS bindings

Read bindings from IIS

Plugin type	Source
Download	Built-in
Compatibility	Windows (admin only)

Description

Create source based on bindings configured in IIS. Automatically updates webroot path (useful for filesystem validation)

Filtering bindings

While it’s possible to create a certificate for all bindings in all sites, typically you will want to select some specific bindings to create a certificate for. There are several filters available, that in some cases can also be combined with eachother.

Site filters

You can choose to limit the certificate to specific websites by specifying a site identifier, or a comma separated list of them. The magic value s will dynamically include all current and future websites created on the server. To also include FTP sites, set ‑‑host-type to http,ftp

Binding filters

You can filter bindings by host name by specifically typing them out. It’s also be possible to filter hosts by a pattern or by a regular expression.

Pattern

You may use a * for a range of any characters and a ? for any single character. For example: the pattern example.* will match example.net and example.com (but not my.example.com). The pattern ?.example.com will match a.example.com and b.example.com (but not www.example.com). Note that multiple patterns can be combined by comma seperating them.

Regex

If a pattern is not powerful enough for you, there is the ultimate solution of applying a regular expression to the problem. regex101.com is a nice tool to help test your regular expression.

Command line

`--source iis`	Activates the plugin
`‑‑siteid`	Identifiers of one or more sites to include. This may be a comma-separated list.
`‑‑host`	Host name to filter. This parameter may be used to target specific bindings. This may be a comma-separated list.
`‑‑host-pattern`	Pattern filter for host names. Can be used to dynamically include bindings based on their match with the pattern.You may use a `` for a range of any characters and a `?` for any single character. For example: the pattern `example.` will match `example.net` and `example.com` (but not `my.example.com`) and the pattern `?.example.com` will match `a.example.com` and `b.example.com` (but not `www.example.com`). Note that multiple patterns can be combined by comma seperating them.
`‑‑host-regex`	Regex pattern filter for host names. Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.
`‑‑commonname`	Specify the common name of the certificate that should be requested for the source. By default this will be the first binding that is enumerated.
`‑‑excludebindings`	Exclude host names from the certificate. This may be a comma-separated list.
`‑‑host-type`	Specify which types of bindings to consider. May be set to http, ftp or both (comma separated)
`‑‑hidehttps`	Hide sites that have existing https bindings from interactive mode.

Examples

Single binding	`--source iis ‑‑host example.com [‑‑siteid 1]`
More bindings	`--source iis ‑‑host example.com,www.example.com [‑‑siteid 1,2,3] [‑‑commonname common.example.com]`
All site bindings	`--source iis ‑‑siteid 1 [‑‑commonname common.example.com] [‑‑excludebindings exclude.example.com]`
Multiple sites	`--source iis ‑‑siteid 1,2,3 [‑‑commonname common.example.com] [‑‑excludebindings exclude.example.com]`
All sites	`--source iis ‑‑siteid s [‑‑commonname common.example.com] [‑‑excludebindings exclude.example.com]`
Pattern	`--source iis ‑‑host-pattern *.example.??? [‑‑siteid 1,2,3] [‑‑commonname common.example.com] [‑‑excludebindings exclude.example.com]`
Regex	`--source iis ‑‑host-regex [a-z]{3}\.example(\.com\|\.net) [‑‑siteid 1,2,3] [‑‑commonname common.example.com] [‑‑excludebindings exclude.example.com]`

JSON

ID	`54deb3ee-b5df-4381-8485-fe386054055b`

Arguments

`‑‑hidehttps`	Hide sites that have existing https bindings from interactive mode.

Looking for win-acme?

simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.