Install Free SSL certificate on Microsoft® Windows® servers to secure your website on window server Let’s Encrypt is a certificate authority that provides free SSL certificates for our website names. More details about Let’s Encrypt can be obtained from its official website.
To Install an SSL certificate on a Windows server you must need to install IIS on the server which is used for Web Service, so make sure is pre-installed on your server if not then don’t worry let’s Install IIS
Step 1. Install IIS in Windows Server 2019/2022/2016
1. Login RDP/ Windows server and Open server Manager from Windows Start
2. Click Add Roles and features from Server Manager.
3. The Add Roles And Features Wizard will open. Click Next on it.
4. Choose Role-based or feature-based installation. Click Next.
5. Choose the “select a server from the server pool” option. Select Our own server from the below list and click Next.
6. Choose Webserver ( IIS ) server role. A popup window will appear to additional features. Confirm it by clicking the “Add Features” option.
7. Leave the features section as it is and click Next.
8. Click Next on the Web Server Role section.
9. Leave the Web Server Role services selection section as it is. Click Next.
10. Finalise the install by clicking the install button.
11. Wait for few minutes. We will get a message as “Installation Succeeded”. Click Close.
Done you have installed IIS Server.
Step 2. Crete Website In IIS
1. Open IIS Manager from Server Manager itself. Choose IIS >> Right click at our Server Name and choose “Internet Information Services ( IIS) Manager”
2. From IIS Manager, Right-click on Server Name and click the “Add website” option
3. You need to replace your website name with certbot.serverconfig.net
Choose the physical path as ” C:\inetpub\wwwroot”. You can also choose your desired directory for placing the website files. Normally it will be ” C:\inetpub\wwwroot”.
In the hostname, enter your website URL. In our case, that can be anything example server.serverconfig.net ” or “certbot.serverconfig.net” and you can ignore other settings and continue to click the “Ok” button.
This concludes the creation of the website through the IIS Manager. Now we can test the working of the website by creating a test page at folder ” C:\inetpub\wwwroot” and Visit the URL in the browser and make sure the test page is loading.
Here I created an index.html page under document root with text content. After that visit the URL certbot.serverconfig.net to the web browser. It worked and showed the exact content I added to the index.html page.
Now you are ready to issue Lets Encrypt SSL/TLS certificate for your website, follow step 3.
Issuing SSL/TLS Certificate for Website
Let’s Encrypt and ACME Clients for Window
- Windows ACME Simple (WACS) is the command prompt tool for the interactive issue an SSL certificate and bind it to a specific site on your IIS web server;
- Powershell ACMESharp module – is the PowerShell library with a number of cmdlets to interact with Let’s Encrypt servers over ACME API.
Step 3. Install Let’s Encrypt TLS Certificate in IIS on Windows Server
1. Download the latest release of the WACS client from GitHub https://github.com/PKISharp/win-acme/releases (in my case, this is version v2.0.10 – the file name is win-acme.v220.127.116.114.zip).
2. Extract the zip archive to the following directory on the server where IIS is installed:
Note: Make sure you have .NET Framework 4.7.2 or higher installed.
3. Open the command prompt, go to c:\inetpub\letsencrypt directory and run wacs.exe
it will open Let’s Encrypt certificate generation and bind to IIS site wizard, to create new SSL select N: – Create new certificates (simple for IIS).
4. Select the certificate type. 1. Single binding of an IIS site. If you need a Wildcard certificate, select option 3.
5. Set your email address to which notifications about certificate renewals.
The process of generating and installing the SSL Let’s Encrypt certificate for IIS is fully automated.
Note. During the TLS/HTTP validation, your site must be accessible from the Internet by its full DNS name over HTTP (80/TCP) and HTTPS (443/TCP) protocols. The WACS tool saves the private key of the certificate (*.pem), the certificate itself, and a number of other files in the C:\Users\%username%\AppData\Roaming\letsencrypt-win-simple. Then it will install the Let’s Encrypt SSL certificate generated in the background and bind it to your IIS site
In this article, You learned how to install Lets Encrypt SSL/TLS certificate in a Windows Server.