Let’s Encrypt is a certificate authority (CA) that provides free SSL certificates for websites. You can issue certificates for any domain name. It provided the trusted SSL certificate, So you can also deploy it on production environments.
In order to use an SSL certificate, You must have a valid domain or a subdomain name. Also, the domain must the pointed to the Windows server through the DNS server. For this tutorial, I have created a subdomain “secure.tecadmin.net” and pointed to our Windows system.
This tutorial will help you issue the Let’s Encrypt SSL certificate on the Windows system and configure it on IIS.
Useful tutorials:
- How to Install IIS on Windows
- How to Create Site in IIS via command line
- Steps to Redirect HTTP to HTTPS in IIS
Download Win-ACME Tool
Win-ACME is a simple ACME windows client for use with Let’s Encrypt SSL certificate authority.
First of all, download the latest Windows ACME Simple (WACS) application. This can be downloaded from the official github releases page. Use the below link to visit download page:
https://github.com/win-acme/win-acme/releases,
At the time of writing this post, the downloaded archive is win-acme.v2.0.3.206.zip.
Create A New SSL Certificate
1. Once the Win-ACME archive file is downloaded, extract it on your Windows system. Go to the extracted directory and run wacs.exe as an administrator. The administrator privileges are required to access and modify IIS settings.
2. It will open a terminal window and show you the multiple options on the screen. Select Create new certificate (simple for IIS) by pressing “N’.
3. This will show you the sites configured in IIS. Choose one or multiple sites with comma-separated numbers to issue an SSL certificate.
4. Select 1 for how do you want to pick the bindings and press enter.
Then Just press enter for Include bindings:
5. Accept the terms by entering “yes” and press enter to continue. Let’s encrypt will initiate the domain authorization process over HTTP. Once the autorization completed successfully, the SSL certificate is issued.
This will also associate SSL certificates with site bindings in IIS.
Test Certificate and Binding
Open the website over HTTPS protocol in a web browser. You will see a valid SSL certificate in the browser. You can also verify SSL with ssllabs free tool. This will also scan for security settings on your server.
You can also edit the site bindings to view if SSL is properly configured.
Conclusion
This tutorial helped you for creating a new SSL certificate from Let’s encrypt and configure it on the IIS website.