Protect your IIS HTTPS Web Site with a Let’s Encrypt Certificate
In these days no web site should run on http but instead on httpS. a certificate can be easily requested and issued by the Let’s Encrypt Certificate Authority. What you need is a ACME (Automatic Certificate Management Environment) Client.
A list of ACME clients is published and regularly updated on the let’s encrypt web page:
In this article we’ll use the https://www.win-acme.com/ Win-ACME Client.
At the time of writing this article, the current version of the Win-ACME Client was v18.104.22.1688
Download and extract
Download and extract the Win-ACME Client. When unpacking the archive, consider to chose a location, where the Win-ACME Client will reside for the next ‘years’ since once you get a certificate issued, the Win-ACME Client will create a Scheduled Task which will run every now and then to make sure your certificate will get updates once it expires ..
Start WACS.exe (elevated, as admin!) -> Windows will warn you ‘Windows protected your PC’ – you can safely ignore that message and click on Run anyway
Select N for Create certificate (default settings)
Choose the site you want to protect with a certificate:
you can choose A or P -> i prefer to choose P because i want to select the binding, then for the search pattern i type: my.infrastructure-manager.com since this is the web site i want to protect.
provide en e-mail address, select yes/no twice. now make sure your web-server can be reached using port 80 otherwise the CSR will fail!
now you can optionally check your scheduled tasks. you’ll most probably find a scheduled task named win-acme renew (acme-v02.api.letsencrypt.org)
you can also use this script to get query your system for the scheduled task (although the name of the task may vary)
Get-ScheduledTask -TaskName "win-acme renew (acme-v02.api.letsencrypt.org)" | fl