Install 🔒 Let’s Encrypt Free Certificate with win-acme on Windows IIS

Install 🔒 Let’s Encrypt Free Certificate with win-acme on Windows IIS

Summary:

Install Let’s Encrypt Free Certificate with IIS on Windows

https:// on a website is a must these days as it secures the data exchanged between the server and client. It also affects the SEO score as search providers give preferences to the sites having SSL installed.

Let’s Encrypt is a non-profit certificate authority that provides free SSL certificates. In this tutorial, you will learn how to generate and use Let’s Encrypt certificates on a Windows Server using the IIS web server.

Add Website Bindings in IIS

The first thing that you should do, before even generating the certificate, is to add https bindings to your website in IIS. You do this by going to your Web Site and then Bindings as shown in the image below.

Add Website Bindings in IIS

Under the Bindings screen make sure to set the following:

Add Website Bindings in IIS
  • Type: https
  • IP address: All Unassigned
  • Port: 443
  • Host name: [YOUR DOMAIN NAME]
  • SSL certificate: [Select the self-signed certificate that’s already on the machine, don’t worry, it will be replaced later by Let’s Encrypt automatically.]

After setting these bindings, you should reset your website in IIS.

Download Let’s Encrypt Client

There are many applications that serve the same purpose of generating Let’s Encrypt certificates, but my personal favorite is win-acme as it is command-line based application.

There is no installation needed, just extract the zip archive and store it somewhere safe, so that you don’t accidentally delete it in the future.

See also  stream_socket_enable_crypto(): Peer certificate did not match expected Laravel Error on cPanel
win-acme Download Let’s Encrypt Client

Another great thing about the win-acme client is that it will also automatically renew all your Let’s Encrypt certificates.

Generate Let’s Encrypt Certificate

To generate a free Let’s Encrypt certificate with the win-acme client simply run the wacs.exe file and follow the on-screen instructions.

win-acme Generate Let’s Encrypt Certificate
  • Press N on the initial menu to choose the “Create a new certificate” option.
  • Next, It will ask you “What kind of certificate would you like to create?” Enter 1 to choose “Single binding of an IIS site” option.
win-acme Generate Let’s Encrypt Certificate

If everything runs smoothly, you will see a certificate successfully generated message, the certificate will be automatically added to the IIS website bindings, renewals scheduled and your website should now be accessible to the public via https.

NOTE: You can NOT generate a Let’s Encrypt certificate for an IP address, so you need to have a domain name already set and pointing to the server. Another thing to keep in mind is that your server has to be available over the internet for the domain verification methods to work.

Test the connection

Install Let’s Encrypt Free Certificate with IIS on Windows
whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.