23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

How to Install Let’s

Encrypt on Windows
Server 2019

Introduction
Today most of the websites are secured using SSL and its good
for SEO. Normally we get SSL certificated from Certificate
Authority (CA).  So if we need to enable https for our website
hosted on a Windows server we need to get a certificate from a
Certificate Authority (CA). Let’s Encrypt is a certificate authority
that provides free SSL certificates for our website names . More
details about Let’s Encrypt can be get from their official website.

Let’s Encrypt uses the ACME protocol to verify that we control a

given domain name and to issue you a certificate. To get a Let’s
Encrypt certificate, you’ll need to choose a piece of ACME client
software to use. Another point about Lets Encrypt certificates is
they set to  expire after 90 days.

One of the Most popular ACME client used to issue SSL

certificate from Lets Encrypt is Certbot client. This is only
ACME clients recommended by Lets Encrypt. We can also
try out other ACME clients available. No issues with that.

Now Let’s focus on how we can install SSL certificate for a

website hosted on a Windows Server 2019 having IIS used
for Web Service.  

Make sure IIS is preinstalled in the server and  already have a

Live website created in through IIS and loading fine from the
server. If not, lets Install IIS and create a website in it. In this
article we use Windows server 2019.  You can also refer this
article if you had a Windows Server 2012 or 2016.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 1/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Section 1. Install IIS in Windows Server 2019

Refer this section if your Windows server 2019 doesn’t have IIS
preinstalled. Otherwise move to next section.

For installing IIS first log into your Windows server 2019 and
Open server Manager from Windows Start

Click Add Roles and features from Server Manager.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 2/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

The Add Roles And Features Wizard will open. Click Next on it.

Choose Role based or feature based installation. Click Next.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 3/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Choose “select a server from the server pool” option. Select Our
own server from the below list and Click Next

Choose Webserver ( IIS ) server role. A popup windows will

appear for add features. Confirm it by clicking “Add Features”
option.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 4/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Leave features section as it is and click Next.

Click Next on Web Server Role section.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 5/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Leave Web Server Role services selection section as it is. Click

Next.

Finalise the install by clicking the install button.

Wait for few minutes. We will get a message as “Installation

Succeeded” . Click Close.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 6/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

This completes the IIS install. Now lets move to the next section
which is creating a  website through IIS.

Section 2. Crete Website In IIS

If your website is already created through IIS Manager, skip this
section and move to next section.

Now for creating a website first Open IIS manager from Server
Manager itself. Choose IIS >> Right click at our Server Name
and choose “Internet Information Services ( IIS) Manager”

From IIS Manager, Right click on Server Name and click “Add
website” option

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 7/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

In the site name filed, give your website name. In this article, we
gave  the name as certbot.supporthost.in

Choose the physical path as ” C:\inetpub\wwwroot”. You can

also choose your desired directory for placing the website files.
Normally it will be ” C:\inetpub\wwwroot”.

In the hostname filed give your website name again. In our case
its  “certbot.supporthost.in”

Leave other settings as it is and Click “Ok” button.

This concludes the creation of website through IIS Manager.

Now we can  test the working of the website by creating a test

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 8/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

page at folder ” C:\inetpub\wwwroot” and Visit the url in the

browser and make sure the test page is loading.

Here I created a index.html page under document root with a

text content. After that visited the url certbot.supporthost.in in
the web browser. It worked and showed the exact content I
added in the index.html page.

At this point our Windows Server 2019 is installed with IIS and
website is created through IIS manager.  Also we are ready to
issue Lets Encrypt SSL/TLS certificate for our website. So lets
see how this can be done on next section.

Section 3. Issuing SSL/TLS Certificate for Website

Now its the time for purchasing and Installing  free SSL/TLS for
our website. So as we said earlier, there are many different
ACME clients available for issue Lets Encrypt SSL for our
website.

Out of from that here we discuss two methods  for issuing

SSL/TLS certificate for our website, which are given Below.  We
only have to follow either of them.

a. Using certbot ACME client for issuing SSL

b. Using win-acme Client

Section 3 a . Installation of certbot ACME client On Windows

In this section we are installing the certbot ACME client. For that
first Download the certbot ACME exe file by visiting the below
url on the web browser.

1 https://dl.eff.org/certbot-beta-installer-win32.e
After downloading got completed, run the installer by double
clicking on the install file. The installer wizard will open and click
Next.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 9/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

The installer will propose a default installation directory,

C:\Program Files(x86)\Certbot . Leave it as it is and Click On
Install.

After completing the install, Click Finish.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 10/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

This completes the certbot ACME package install. Now lets test
it. For that , open Windows cmd, and type below command.

1 certbot --help
The result will look like below.

This confirmed that, certbot ACME client is installed

successfully. Now lets move to the next section.

Section 3 a. Issue SSL Certificate Using Certbot

In this section we are issuing SSL certificate for our website. For
that first Stop IIS service from the IIS manager  itself or through
the Windows services section.

Then Issue Below command in Windows cmd

1 certbot certonly --standalone --register-unsafely

Agree the terms and conditions by typing Y

Enter our domain name that we wish to issue SSL certificate.

Here I entered as certbot.supporthost.in

The certbot successfully issued the SSL/TLS certificate and

Private key along with intermediate certificate.  Also the issued
certificates will get automatically saved to
location C:\Certbot\live\certbot.supporthost.in\ folder.

This completed issuing of SSL/TLS certificate for our website.

Start the IIS service again and now lets move to the next
section.
https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 11/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Section 3 a. Import & Install SSL Using IIS Manager.

Currently, Certbot for Windows cannot automate the installation
of adding SSL certificate  in IIS. Future versions will be able to
automate it for specific web-server applications. So we need to
import this certificate manually through IIS manager.

For that we need to convert the PEM formatted SSL

certificate file we got from certbot ACME client  into pfx
one. PFX is the SSL file type supported by IIS.

We can either use online PEM to PFX converter tools or

openssl commands like below.

1 openssl pkcs12 -export -out cert.p12 -in cert.pem

We are not discussing the convert steps  further and we assume
that you have the PFX version SSL certificate on your hand and
its ready to import through IIS manager. In our case the
SSL/TLS certificate file name is cert.pfx

Now Open IIS manager and under server, click on “server

certificates” click import.

From the import window, provide our cert.pfx file location on

certificate file field.

Leave as blank on password filed.

Select the Certificate store as Personal

Leave other settings as it is and Click OK.

Now we can see our certificate is successfully imported and its

available under  IIS “server certificates” section.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 12/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

After that from IIS Manager itself, go to our sites section. Click
on bindings.

Click “Add” in the “site binding ” window

A new “Add site binding” window will open. From there.

Choose type as https

In the hostname filed enter our domain name as

“certbot.supporthost.in”

Choose our certificate from SSL certificate

Enable  require server name indication

Leave all other settings as it is and click OK.

This concludes the SSL install. Verify the SSL working by

browsing your website over https  in the browser.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 13/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Also if we go the Windows Certificate Manager by issue

command  “certlm.msc ” on Windows run. After that expand
“personal” >> Certificates. We will able to see our imported Lets
Encrypt SSL is available.

Another thing is if we open windows task scheduler, we will able

to see a windows task named “Certbot Renew” got created.
This task will automatically run when the Already issued Lets
Encrypt is going to expire.  So  in short we don’t have to worry
about manually renew the certificate on expire.

In our case we used the standalone authentication on a

machine where port 80 is normally in use for issuing SSL
certificate, In such cases we want to edit the built-in command
to add the –pre-hook and –post-hook flags to stop and start our
IIS  web-service automatically for successfully renewing
SSL/TLS certificates.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 14/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

For that , choose “Certbot Renew” tab >> Choose Properties >>
Click Actions tab >> Click Edit.

In  ” Add Arguments” section add command like below.

1 certbot renew --pre-hook "IISRESET.EXE /STOP" --p

Now, we can also test out the working of this command by

issuing it on windows cmd. Once issues normally we will get the
message as the certificate is not due for renewal.

Now we can also try implementing SSL using another ACME

Client for Windows. Follow below steps only if you don’t like first
method we discussed . Other wise, it conclude the install and
settings up of Lets Encrypt SSL in a Windows Server 2019.

Section 3 b. SSL Install Using win-acme Lets Encrypt Client

win-acme  is a ACMEv2 client for Windows that aims to be very
simple to use. It has a very simple interface to create and
automatically install certificates on a IIS server.

Only Follow this section if you don’t want to use certbot ACME
client SSL issue which we discussed in above section.

Now first thing is Download the win-acme package from their

official website which is www.win-acme.com

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 15/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Extract the zip folder that downloaded and save it where you
needed. In my case I saved it in Downloads folder itself.  After
that go the direction and double click “wacs.exe"

win-acme interface will open and it will look like below.

For creating certificate we need to type “N”

win-acme client will scan our live websites from IIS and will
show the results. Now we need to select our website by
imputing the site identifier number that shows by win-acme
client itself. In our case the number is “2”. So I entered “2”
https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 16/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Now choose our website binding again by entering the

corresponding number. In my case it was “1”

Confirm the selection by typing “yes”

Agree the terms and conditions by typing “yes”

Enter our email address for communication.

The SSL/TLS certificate will issue for our website. It will be

stored under “Web Hosting” section from windows certificate
Manager.  After that the https binding will automated get created
for the website with the new  lets encrypt certificate. Also the
win-acme client will automatically schedule the renewal too.

Okay, this completes the Lets Encrypt SSL install using win-
acme client. Now we can quit the console by typing “Q”

Also if we go the Windows Certificate Manager >> Expand “Web

Hosting” and Certificates, we will see our certificate is already
imported.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 17/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

Also, if we go the folder “C:\\ProgramData\\win-acme\\acme-

v02.api.letsencrypt.org”\certificates” , we will see the issued
certificate files are stored in it.

Now we can also test our the SSL certificate renewal by running
the “wacs.exe” file again.

Type “A” for manage renewals

We will get a list of all lets encrypt SSL certificates in the server. 
Enter the corresponding number for the SSL certificate that we
wish to renew. In our case its “2”

Now run the renewal by typing “R”

We will see renewal is running. once completed quit the console

by typing “Q”

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 18/19
23/11/22, 07:54 How to Install Let’s Encrypt on Windows Server 2019

This completes the issue of free Lets Encrypt  SSL/TLS

certificate using win-acme Lets Encrypt Client. After this if we
visit our website on web browser it will be secured with new
Lets Encrypt SSl/TLS certificate we issued.

Conclusion
In this tutorial, we discussed about how to install Lets Encrypt
SSL/TLS certificate  in a Windows Server 2019. We also
discussed few errors we faced.  I hope this article is informative.
Leave your thoughts at the comment box.

https://supporthost.in/how-to-install-lets-encrypt-on-windows-server-2019/ 19/19