https:// on a website is a must these days as it secures the data exchanged between the server and client. It also affects the SEO score as search providers give preferences to the sites having SSL installed.
Let’s Encrypt is a non-profit certificate authority that provides free SSL certificates. In this tutorial, you will learn how to generate and use Let’s Encrypt certificates on a Windows Server using the IIS web server.
Add Website Bindings in IIS
The first thing that you should do, before even generating the certificate, is to add https bindings to your website in IIS. You do this by going to your Web Site and then Bindings as shown in the image below.
Under the Bindings screen make sure to set the following:
- Type: https
- IP address: All Unassigned
- Port: 443
- Host name: [YOUR DOMAIN NAME]
- SSL certificate: [Select the self-signed certificate that’s already on the machine, don’t worry, it will be replaced later by Let’s Encrypt automatically.]
After setting these bindings, you should reset your website in IIS.
Download Let’s Encrypt Client
There are many applications that serve the same purpose of generating Let’s Encrypt certificates, but my personal favorite is win-acme as it is command-line based application.
There is no installation needed, just extract the zip archive and store it somewhere safe, so that you don’t accidentally delete it in the future.
Another great thing about the win-acme client is that it will also automatically renew all your Let’s Encrypt certificates.
Generate Let’s Encrypt Certificate
To generate a free Let’s Encrypt certificate with the win-acme client simply run the wacs.exe file and follow the on-screen instructions.
- Press N on the initial menu to choose the “Create a new certificate” option.
- Next, It will ask you “What kind of certificate would you like to create?” Enter 1 to choose “Single binding of an IIS site” option.
If everything runs smoothly, you will see a certificate successfully generated message, the certificate will be automatically added to the IIS website bindings, renewals scheduled and your website should now be accessible to the public via https.
NOTE: You can NOT generate a Let’s Encrypt certificate for an IP address, so you need to have a domain name already set and pointing to the server. Another thing to keep in mind is that your server has to be available over the internet for the domain verification methods to work.