Utilizing TLS Certificates with Let’s Encrypt on IIS

Utilizing TLS Certificates with Let’s Encrypt on IIS

Let’s Encrypt is a nonprofit Certificate Authority that provides TLS certificates. It started as a Linux project that allowed site administrators to auto-setup and use SSL certificates. It is also now possible to use Let’s Encrypt on Windows with Internet Information Services (IIS) as well.

In order to do this, we will use win-ACME which is a tool for windows. This tool implements ACME v2 which is a protocol for automating connections between a certificate authority and web services.  In this case we are utilizing the non-profit Let’s Encrypt certificate authority.

Here are the following steps to setup the Let’s Encrypt implementation:

  1. Download exe from https://www.win-acme.com/
  2. Unzip the files into desired folder
  3. Run the Windows Command Prompt app and right click to run as administratorUtilizing TLS Certificates
  4. Go to the folder where you unzipped the files and type in “wacs”wacs
  5. Choose N in the main menu to create a new certificate
    create a new certificate
  6. Next you will choose the site identifier from the list provided for the site you want the SSL certificate on.  In this example the ID is 20.  If you have multiple, you an hit ENTER for multiple entries.site identifierThe process will then will ask to confirm the bindings, you can pick all or set a specific binding.
  7. After that, it will ask you to pick the most important hostname (e.g. www or no www).confirm the bindings
  8. After the program validates, it will install the certificate and create IIS binding. It will create the https binding automatically and assign the Certificate. You can review on server certificates.
    hostname
  9. You can review on server certificates by going to IIS -> Server Certificates.website home