Rate this post

Install Free SSL certificate on Microsoft® Windows® servers to secure your website on window server Let’s Encrypt is a certificate authority that provides free SSL certificates for our website names. More details about Let’s Encrypt can be obtained from its official website.

To Install an SSL certificate on a Windows server you must need to install IIS on the server which is used for Web Service, so make sure is pre-installed on your server if not then don’t worry let’s Install IIS

1. Login RDP/ Windows server and Open server Manager from Windows Start

window server ssl

2. Click Add Roles and features from Server Manager.

3. The Add Roles And Features Wizard will open. Click Next on it.

4. Choose Role-based or feature-based installation. Click Next.

5. Choose the “select a server from the server pool” option. Select Our own server from the below list and click Next.

6. Choose Webserver ( IIS ) server role. A popup window will appear to additional features. Confirm it by clicking the “Add Features” option.

7. Leave the features section as it is and click Next.

8. Click Next on the Web Server Role section.

9. Leave the Web Server Role services selection section as it is. Click Next.

10. Finalise the install by clicking the install button.

11. Wait for few minutes. We will get a message as “Installation Succeeded”. Click Close.

Done you have installed IIS Server.

1. Open IIS Manager from Server Manager itself. Choose IIS >> Right click at our Server Name and choose “Internet Information Services ( IIS) Manager”

2. From IIS Manager, Right-click on Server Name and click the “Add website” option

3. You need to replace your website name with certbot.serverconfig.net

Choose the physical path as ” C:\inetpub\wwwroot”. You can also choose your desired directory for placing the website files. Normally it will be ” C:\inetpub\wwwroot”.

In the hostname, enter your website URL. In our case, that can be anything example server.serverconfig.net ” or “certbot.serverconfig.net” and you can ignore other settings and continue to click the “Ok” button.

This concludes the creation of the website through the IIS Manager. Now we can test the working of the website by creating a test page at folder ” C:\inetpub\wwwroot” and Visit the URL in the browser and make sure the test page is loading.

Here I created an index.html page under document root with text content. After that visit the URL certbot.serverconfig.net to the web browser. It worked and showed the exact content I added to the index.html page.

Now you are ready to issue Lets Encrypt SSL/TLS certificate for your website, follow step 3.

  1. Windows ACME Simple (WACS) is the command prompt tool for the interactive issue an SSL certificate and bind it to a specific site on your IIS web server;
  2. Powershell ACMESharp module – is the PowerShell library with a number of cmdlets to interact with Let’s Encrypt servers over ACME API.

1. Download the latest release of the WACS client from GitHub https://github.com/PKISharp/win-acme/releases (in my case, this is version v2.0.10 – the file name is win-acme.v2.0.10.444.zip).

2. Extract the zip archive to the following directory on the server where IIS is installed: c:\inetpub\letsencrypt

Note: Make sure you have .NET Framework 4.7.2 or higher installed.

3. Open the command prompt, go to c:\inetpub\letsencrypt directory and run wacs.exe
it will open Let’s Encrypt certificate generation and bind to IIS site wizard, to create new SSL  select N: – Create new certificates (simple for IIS).

4. Select the certificate type. 1. Single binding of an IIS site. If you need a Wildcard certificate, select option 3.

5. Set your email address to which notifications about certificate renewals.

The process of generating and installing SSL Let’s Encrypt certificate for IIS is fully automated

The process of generating and installing the SSL Let’s Encrypt certificate for IIS is fully automated.

Note. During the TLS/HTTP validation, your site must be accessible from the Internet by its full DNS name over HTTP (80/TCP) and HTTPS (443/TCP) protocols.

The WACS tool saves the private key of the certificate (*.pem), the certificate itself, and a number of other files in the C:\Users\%username%\AppData\Roaming\letsencrypt-win-simple. Then it will install the Let’s Encrypt SSL certificate generated in the background and bind it to your IIS site


In this article, You learned how to install Lets Encrypt SSL/TLS certificate in a Windows Server.

About the Author

Shahid Malla

Shahid Malla is an accomplished system admin and web developer, renowned for his expertise in various fields. With a strong background in WHMCS development, WordPress development, and PHP development, Shahid has honed his skills over the years to deliver exceptional results. As a top-rated freelancer, he has consistently garnered praise and recognition, earning a stellar 5-star rating from a pool of 500 reviews. Shahid's proficiency extends beyond coding and development, encompassing server configuration, server management, and web security. With his extensive knowledge and dedication to delivering high-quality solutions, Shahid Malla is your go-to professional for all your technical needs.

View All Articles