To use Let’s Encrypt on a Windows Server 2016 with IIS (Internet Information Services), you can follow these steps:
Step 1: Install Win-ACME (Let’s Encrypt Client for Windows)
- Download Win-ACME:
- Go to the Win-ACME releases page.
- Download the latest release, preferably the
.zip
file version. - Extract the files to a folder on your server (e.g.,
C:\win-acme
).
- Open Command Prompt:
- Run Command Prompt as an administrator.
- Navigate to the folder where you extracted Win-ACME (e.g.,
cd C:\win-acme
).
Step 2: Request the SSL Certificate
- Run Win-ACME:
- In the Command Prompt, type
wacs.exe
and hit Enter.
- In the Command Prompt, type
- Choose Certificate Type:
- You’ll be presented with several options. Choose the one relevant to your setup. For a simple setup, choose
M
for a single binding of your domain.
- You’ll be presented with several options. Choose the one relevant to your setup. For a simple setup, choose
- Select the IIS Site:
- Win-ACME will detect your IIS sites. Choose the site for which you want to issue the SSL certificate by entering the corresponding number.
- Domain Validation:
- Let’s Encrypt will validate your domain by either HTTP or DNS challenge. Typically, HTTP validation is easier for an IIS server:
- The software will automatically configure a temporary file on your IIS server to respond to the challenge.
- Make sure your site is accessible publicly over the internet.
- Let’s Encrypt will validate your domain by either HTTP or DNS challenge. Typically, HTTP validation is easier for an IIS server:
- Accept the Terms of Service:
- Review and accept Let’s Encrypt’s terms of service when prompted.
- Install the Certificate:
- Win-ACME will automatically install the certificate into IIS once the domain is validated.
Step 3: Configure HTTPS in IIS
- Open IIS Manager:
- Open IIS Manager on your Windows Server.
- Assign SSL Certificate:
- In the left panel, select your website.
- In the right panel under “Actions,” click on Bindings.
- In the Site Bindings window, click Add.
- Choose https as the type.
- Select the SSL certificate that was issued by Let’s Encrypt from the SSL certificate dropdown.
- Click OK.
- Redirect HTTP to HTTPS (Optional):
- To force HTTPS, you can configure an HTTP to HTTPS redirect:
- Select your website in IIS.
- Go to the HTTP Redirect feature in the IIS section.
- Check Redirect requests to this destination and enter your website URL with
https://
. - Check Only redirect requests to content in this directory (not subdirectories).
- Ensure Redirect all requests to exact destination (rather than relative to destination) is unchecked.
- Set the Status code to
301 - Permanent
.
- To force HTTPS, you can configure an HTTP to HTTPS redirect:
Step 4: Enable Auto-Renewal
- Enable Task Scheduler:
- Win-ACME should create a scheduled task that automatically renews your Let’s Encrypt certificate before it expires.
- To check the task:
- Open Task Scheduler.
- Navigate to Task Scheduler Library > win-acme.
- Ensure the task is enabled and set to run regularly (e.g., daily).
Conclusion
Now your website is secured with a free Let’s Encrypt SSL certificate, and it will automatically renew in the future. You’ve successfully set up SSL on your IIS server in Windows Server 2016 using Let’s Encrypt!