Using LetsEncrypt For Windows SSL Certificates

I looked at a free SSL Certificate Authority called Let’s Encrypt years ago, but the certificates only lasted 90 days and then you had to manually recreate the requests. This works fine for test and development systems, but not so much for production. Recently, I decided to take another look at using free Certificate Authorities. In addition to Let’s Encrypt, there is ZeroSSL and BuyPass Go

Since Let’s Encrypt is the most popular I’ll walk through setting up an SSL certificate on a Windows 2019 server running IIS with the Certify The Web client.

Before we get started we need to have some things in place for this to work. 

Prerequisites:

  • Windows server running IIS 
  • Registered domain and DNS record
  • Ports 443 and 80 open to public

After you’ve registered your DNS record and opened the proper ports on your firewall we’ll need to setup IIS with the proper bindings on your site.

We need to insure that IIS webserver has https/443 bindings setup. Navigate to IIS Management on the server then open Bindings under the website you are managing. You may need to add HTTPS as a protocol by opening Bindings on top right. IISBinding Settings

After setting up the bindings ensure that the host name is correct and that you have an SSL certificate choosen. (the default cert is find for now)

After configuring the SSL bindings we need to download and install the client to mange our Let’s Encrypt certificate. There is a long list of clients you can use with Let’s Encrypt. I’ve decided to use Certify The Web, which seems like the easiest to setup. 

From your Windows server download the client at https://certifytheweb.com Certify download

Run the executable you downloaded and go with the defaults. Finish client install for Certify the Web

We now have the bindings setup on IIS and the client installed. Let’s open Certify the Web client and choose New CertificateCertify the Web setup

Select the site you’re configuring from the pulldown. I choose the Default website.Certify Setup with website

After we choose the website it auto fills the domain site information at the bottom. Now we need to Request CertificateCertify settings

Success! Our certificate request seems to be good.Certify Cert request

Choose the Settings tab if you want to make any changes. Notice it’s set to auto renew after 30 days. I went with defaults.Certify Settings

If we go back to the Bindings setttings in IIS Manager you’ll see that the Certify client added the new SSL certificate.Final Bindings check

Let’s test to see if our new SSL cert is working. Test SSL Certificate for Let's Encrypt

We did it! We got a free SSL certificate working on Windows 2019 Server running IIS and the certificate will auto renew after 30 days. 

In this post we setup the bindings for IIS and added HTTPS protocol, we installed the Ceritfy the Web client, we requested the certificate and verified our new bindings in IIS Management. I hope this helps you with your Windows/IIS SSL certificate setup.