1211872020 How to instal Let's Enerypt SSL on Microsoft IIS web server MikesTalsor _— OW to install a Let’s Encrypt SSL cert on Microsoft IIS September 8, 2020 / Other / 23 Comments stalLalots-onenypl soon‘27972020 How instal Lets Enenypt SSL on Merosof IS web server If you've ever wondered how to install a Let’s Encrypt certificate on a Microsoft IIS server than this post is just for you. v S 's Encrypt has always been pretty easy to setup on a Linux box and not so much on "Windows side. Thankfully, there are now nearly a dozen different tools that make adding a Let’s Encrypt SSL certificate to a Microsoft IIS server just as easy. In this post we'll be focusing in on, and using the Windows ACME Simple (WACS) solution. Mostly because it’s so easy to use, how easy? Well lets take a look! Install Let’s Encrypt on Microsoft IIS webserver 1. Download the latest Windows ACME Simple (WACS) ZIP file from the Github releases page, https://github.com/PKISharp/win-acme/releases. At the time of writing this post, it is win-acme.v2.0.3.206.zip 2. Next extract the zip file to a folder of your choice. In this example I’m placing it in my C:|inetpub\letsencrypt folder. hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! 2211211872020 How to instal Let's Enerypt SSL on Microsoft IIS web server 11 (9 | letzenerypt © P|) > ThisPC > Local Disk(C:) > inetpub > letsencrypt Ni wt Quick access -| Scripts mansttop 1) settings defauit.config Ke EB Documents | version.bt 1KB Downes @wocsce ees © Pictures Bee Ke et contig iL Document KB a tisec 3. Right click on wacs.exe and select Run as Administrator to start the Windows ACME Simple wizard. 11 a8- hianage ——_‘ieteenenpt ¢ ® [1 > ThisPC > Local Disk (C) > inetpub > letsencrypt Name = WH Desctop ") settings.config Documents settings default.config & Downloads 2 version ae i Pent: a ieiuare weesoero OD Be : Scars [S) Web_Config @ Run a: administrator <—e 4, Select N to create a new certificate. pew CR TU eee a7 Rac aC) pe meae es ea ata ara) hitpssimiketabor.comvhow-to-nstal-aets-enerypt-es-cert-on-microsotis! sansert20z0 How tonsa Lets Encrypt SSL. on Merona IS web server 5, Next you’ll be prompted for what kind of cert to create. Select 1 for a single binding of an IIS site. @ CAinetoub\letcencryptiwecroxe TLRs 6. Now select which site binding to configure. Since we only have one site on this IIS server there is only one option. Select 1. @ CAinetoub\letseneryphwecsexe am ae) eee 7. Enter an email address to be used for notifications about any potential issues. eee eect 8. Finally, agree to the Terms of service and the Windows ACME Simple program takes care of the rest. hitpssimiketabor.comvhow-to-nstal-aets-enerypt-es-cert-on-microsotis! aan1211872020 How to instal Let's Enerypt SSL on Microsoft IIS web server ‘Chneub\lecencyptnacsoe Drees retreat Smee foe bt cra ‘That’s it for installing a Let’s Encrypt SSL cert on IIS. In the background Windows ACME Simple will configure your IIS site to use the newly received Let’s Encrypt certificate. You can verify this by looking at the site binding details. hitpssimiketabor.comvhow-to-nstal-aets-enerypt-es-cert-on-microsotis! 5211211872020 How to install Let's Encrypt SSL on Microsoft IS web server Type: IP edcress: Pott hts [All Unassigned vy] [as Host name: Ircchatcom a Certificate x General Detals Certification Path [) certcate nformation “This certificate is intended for the following purpose(s): ‘Ensures the identity ofa remote computer + Proves your identity toa remote computer 273140121 e136 Laee7at Ven “Refer to the certitcaton authority's statement for detats, Cancel Assued to: rechat.con Issued by: Lets Encrypt Authority 93 In addition Windows ACME Simple also adds a task to the Windows Task Scheduler which will automatically renew the Let’s Encrypt for you! @ Tesk Scheduler File Action View Hep eo|fn/ Be Task Scheduler (Locel) si Nee Sratus Tigers Mc af wil Vizosott -me renew (acme-vO2.api.letsencrypt.org) Ready ‘At9:00 AM every day How to redirect HTTP to HTTPS in IIS Now that you have a Let’s Encrypt SSL certificate added to your Microsoft IIS sit» =" x hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! 6211211872020 How to install Let's Encrypt SSL on Microsoft IS web server To do so, you will need to download and install the IIS Rewrite Module from here, Once that is completed, just follow the below steps. 1. Open IIS Manager and select the website on the left and open URL Rewrite. ‘By Internet Information Services (IS) Manage (DG > erzannaz trea + sites scent + File View Help @ chat Home f @~ fel (2 1B, "Stat Poge a v8 FCAMAZ-yereeC Ecoama FRE Soci i ey are v 2 Appieaton Poot: 6 vice 5 —— PG eeu ste e aw € om faba Clngacita Tote, Shor: Boitige: Heras # Document Bowing Meopings: Hispon in = s&s Request SSLSetings URL Rewrite Fiteing Configurat.. Wee Editor Pltfor & Monegement 2. Click on Add Rule then select Blank rule. hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis!1211872020 How to instal Let's Encrypt SSL on Microsoft IS web server Add Rule(s) Selects rule template Inbound rulez Siena <_q—___ eRe with rewsite map 1 Request locking Inbound and Outbound Rules 2h Use ftendly URL @iRevere Proxy Outbound rules %Blenk wule Search Engine Optimization (SEO) | Enforce lowercase URLs Append or removethe tang slash symbol Canonical domain name [Select his template t create a new inbound rule without any preset values, This template opensthe "Ed Rule’ pagethat lyou can use to define a new rewrite rule for changing the requested URL adress, Cancel 3. Next give the new rule a name and under Match URL change the Requested URL to “Matches the Pattern” and Using to “Regular Expressions” and for the Pattern type in (.*) hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis!1211872020 How to install Let's Encrypt SSL on Microsoft IS web server 4, Expand the Conditions block and under Logical Grouping change the drop down to Match All and click on Add. 5. For the Condition input type in {HTTPS} in Add Condition prompt. For Check if input string select Matches the Pattern. For Pattern enter AOFFS hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! 9211211872020 How to install Let's Encrypt SSL on Microsoft IS web server 6. Now expand the Action block and select Redirect for the Action Type. In the Redirect URL enter: https://{HTTP_HOST}/{R:1} and set the Redirect type select Permanent (301) hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! sor1211872020 How to install Let's Encrypt SSL on Microsoft IS web server 7. Finally, click Apply D’ve been a big fan and donor of Let’s Encrypt for a long while now. Let’s Encrypt certs are automated, offer short lifetimes (90 days) and are completely FREE! What's not to like about them? If you’ve found this post helpful please consider donating to Let’s Encrypt! f Facebook VY Twitter 2 G reddit in Linkedin 4 hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! nat1211872020 How to install Let's Encrypt SSL on Microsoft IS web server <— Previous Post Next Post > 23 thoughts on “How to install a Let’s Encrypt SSL cert on Microsoft IIS” PAVAN AYYAGARI F _MARCH13, 2019 AT 5:03 AM lo Mike, we use the same procedure for installing SSL cert for exchange 2016/2019? In Reply MIKE TABOR MARCH 15, 2019 AT 10:40 AM Pavan, you should be able to use the same tool for Exchange as well. Reply DEV APRIL 23, 2019 AT 2:50 PM. In the https: //letsencrypt.org/docs/client-options/ list I don’t see Windows ACME Simple. Reply MIKR-TAROR A hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! vee1211872020 How to install Let's Encrypt SSL on Microsoft IS web server It’s the second one listed under Windows / IIS titled “win-acme (.NET)” or you can use the direct link I provided in the instructions above. -Michael Reply PAVAN AYYAGART JUNE 9, 2019 AT 11:37 PM. lo Mike, we use the same procedure for wildcard certificates as well? "nk you Reply ‘MIKE TABOR JUNE 10, 2019 AT 8:54 AM You most certainly can. In step 5 instead of selection 1 for a single site you will want to select number 3 “SAN cert for all bindings of multiple IIS sites” and then select “S” to generate a wildcard for all available sites. -Michael Reply PAVAN AYYAGARI JUNE 10, 2019 AT 4:56 PM x hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! sae1211872020 How to install Let's Encrypt SSL on Microsoft IS web server MIKE TABOR JUNE 11, 2019 AT 8:22 AM That is correct. Win-acme will automatically create a scheduled task to auto- renew the cert. :) -Michael — GUILHERME MIGUEL DA SILVA JUNE 18, 2019 AT 10:06 AM & e, does this procedure apply to iss 10? in Reply MIKE TABOR JUNE 18, 2019 AT 10:23 AM Yes this will work with IIS 10. -Michael Reply ALEXANDRE FERREIRA JUNE 28, 2019 AT 1:39 PM Hi Mike. How i do to renew my certificates ? htpsimiketaborconvhow-to-instal-aets-enerypl-ssl-cert-or-microsoti! sae1211872020 How to install Let's Encrypt SSL on Microsoft IS web server Alexandre, Windows ACME Simple creates a Windows Task to automatically update the certificate for you. However, if you want to manually renew a certificate you can do that as well. Just re-run the EXE program and select one of the options as shown in Step 4 (R,S,A). -Michael f Reply v & ‘MICHAEL JULY 8, 2019 AT 12:56 PM In Thanks!! Reply MARTINLARSEN SEPTEMBER 5, 2019 AT 2:47 AM Works perfectly, thank you. Lused the option ” 2: All bindings of an IIS website” as you can then install the cert for both example.com and http://www.example.com ete. Reply ‘MIKE TABOR ‘SEPTEMBER 5, 2019 AT 6:40 AM Martin, glad to help! hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! 15211211872020 How to install Let's Encrypt SSL on Microsoft IS web server MARTIN LARSEN SEPTEMBER 10, 2019 AT 10:04 AM What is the proper procedure to remove a certificate? Using the Revoke option of wacs? I want to change the primary name of the website. Or could I just install a new certificate and then choose the preferred primary name? TONYTO FEBRUARY 23, 2020 AT 1:36 AM y arprecise information! Thumbs up! Reply In AS APRIL 4, 2020 AT 8:26 PM. Quick question if you have a redicet for http to https. will that not also cover the acme verification as well. Reply MIKE TABOR APRIL 8, 2020 AT 8:58 AM AS, I don’t think I’m understanding you fully. Can you elaborate? -Michael x hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! 16211211872020 How to install Let's Encrypt SSL on Microsoft IS web server UMAIR KHAN MAY 21, 2020 AT 10:54PM Cool! thanks heaps Reply ‘MIKE TABOR MAY 22, 2020 AT 4:38 PM f iost welcome. Glad to help! Y Michael & Reply in DANIEL JUNE 29, 2020 ATT 5:12 PM Mike Great job — clear instructions and they worked the first time around. ‘Thanks, Daniel Reply ‘MIKE TABOR JUNE 29, 2020 AT 7:12 PM Daniel, I’m glad to have helped and thanks for the feedback! hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis!1211872020 How to install Let's Encrypt SSL on Microsoft IS web server Leave a Comment Your email address will not be published. Required fields are marked * ‘Type here.. in Name* Email* Website Post Comment » pees So Advertise Here are y Sr Rd htpsimiketaborconvhow-to-instal-aets-enerypl-ssl-cert-or-microsoti! Reply1211872020 How to instal Let's Enerypt SSL on Microsoft IIS web server Popular Posts How to start a blog! My homelab upgrade (2019) Upgrade VMware ESXi 6.5 to ESXi 6.7 Be social, follow me! 2/0 vmware 41-14) KKeKKKk Recent Posts How to upgrade vCenter Server Appliance 6.7 to 7.0 How to Replace a Failed Hard Drive in a Synology NAS VMware vSphere 7 announced How to convert VMDK to OVF file format hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! s9211211872020 How to install Let's Encrypt SSL on Microsoft IS web server in hitpssimiketabor.convhow-to-nstal-aets-encrypt-ss-cert-on-microsotiis! 201211211872020 How to install Let's Encrypt SSL on Microsoft IS web server Copyright © 2020 Mike Tabor Privacy Policy AN ELITE CAFEMEDIA TECH PUBLISHER & © htpsimiketaborconvhow-to-instal-aets-enerypl-ssl-cert-or-microsoti!