Install and Configure Let’s Encrypt on Windows Server and IIS

 In this article, I will show you how to Install and configure Let’s Encrypt on Windows Server 2016 or Windows Server 2019 with IIS 10 installed.

Let’s Encrypt, Is a free automated SSL Certificate Authority that allows us to create, renew and cancel SSL server, Web and Application certificates.

The requirements are very basic and if you own your domains and Web Server you can get it up and running in one hour.

In my case, I own my domains and I also manage my own Web Server which is running on Windows Server 2016 and hosted as a virtual machine on Microsoft Azure.

This blog is running on WordPress and IIS.

Requirements

The two main requirements to use Let’s Encrypt are:

  • The domain name needs to point to the Server IP where the Let’s Encrypt ACME client is installed
  • ACME client

Point #1 is very important because ACME agent checks that the server hosting the Site is the one listed in public DNS.

In my case, I will run the ACME from the Windows Server hosting this blog.

Let’s Encrypt will create, renew and bind the cert to the IIS website without you needing to change anything.

Download ACME Win-ACME Client

To start the process, download and unzip the latest WIN-ACME client from the link below.

https://github.com/PKISharp/win-acme/releases/tag/v2.0.10

The WIN-ACME clients need .NET Framework 4.7.2 installed.

The run the client and renew an existing certificate, open the unzipped library and run the file below as Administrator.

wacs.exe

Create a Certificate

I will go ahead and create my first certificate to DeployContianers.com

From the menu, I will select N which will create a new certificate.

From the new certificate menu, I will select option 1:

The ACME client will scan IIS and provide a list of all the domain on the Server:

In my case, I will select option 1.

Important: If you have the same domain listed twitch, you will need to run the process for each entry.

At this stage, the client will create, renew and install the new certificate into my DeployContainers.com IIS website.

Once the process is done, I will check the certificate.

As you can see below, the new certificate was installed successfully on the site.

Final Notes

In my case, I deployed Let’s Encrypt on Windows Server 2016 and IIS 10 however this will work the same on Windows Server 2019.

I’m also very happy that a few years ago, I moved away from shared hosting to running this blog on a dedicated Virtual Machine running in Azure which gives me the flexibility to deploy solutions like this.

Before this change, I had 10 certificates that I renewed and paid for every year and now I don’t need to do it anymore.

To visit the Win-Acme client Github website, please use the link below.

https://github.com/PKISharp/win-acme


Posted

in

by

Comments

2 responses to “Install and Configure Let’s Encrypt on Windows Server and IIS”

  1. Rickkee Avatar
    Rickkee

    how to automate the renewal every two to three months?`

  2. Rickkee Avatar
    Rickkee

    Nevermind, I RTFM and its auto-magic