We’re using AutoACME for a few of our sites to generate and renew Let’s Encrypt certificates for our test sites. AutoACME is pretty good at getting certificates in to the Central Certificate Store. Unfortunately, Octopus Deploy’s options for using the store are non existant - either Octopus manages your certificates for you, or you provide a unique thumbprint for each certificate, which must be matched on the machine (not the CCS).

Our workaround has been to create the site first as a site with HTTP binding and then add the HTTPS binding via powershell adding the requisite flags in to indicate usage of the CCS.

# Enable https manually for certificate store, because we can't do this in the UI.
Import-Module WebAdministration
$siteName = "siteName"
$siteHeader = "example.com"

New-WebBinding -Name $siteName -IPAddress "*" -Port 443 -HostHeader $siteheader -Protocol "https" -SslFlags 3