Installing SSL on a website is must these days as it secures the data exchanged between the server and client. It also affects the SEO score as search providers give preferences to the sites having SSL installed. Let’s Encrypt is a non-profit certificate authority which provides free SSL certificates. Almost all browser recognizes Let’s Encrypt certificates as trusted certificates. In this tutorial, we will learn how we can generate and use Let’s Encrypt certificates on a Windows Server 2019 using the IIS web server.
- Cloud VPS or Dedicated Server with Windows Server 2019 installed.
- You must be logged in via Remote Desktop Protocol as an administrative user.
- A domain name pointed towards your VPS or Dedicated server. In this tutorial, we will use snelexample.site. Replace all occurrences of snelexample.site with your actual domain name.
Step 1: Install IIS (Internet Information Services)
Open Server Manager by searching Server Manager in Start Menu. Click on Add roles and features link.
Below are the detailed instructions to follow on each tab of Add roles and features wizard.
- Before You Begin: This tab explains the details of Add roles and feature wizard. You can read it or just click Next to get to the next tab.
- Installation Type: Choose “Role-based or feature-based installation” and click Next.
- Server Selection: Select the option “Select a server from the server pool” and click on your server from the list of “Server pool”.
- Server Roles: Scroll down on the list of roles to find the “Web Server (IIS)”. When prompted for the required features, leave the default options checked and click on Add Features button. Click the Next button.
- Features: Leave the default options checked here also and click the Next button without making any changes.
- Web Server Role: Leave the default options checked as we are creating a basic web server only and click Next button for proceeding to the confirmation screen.
- Confirmation: Review the changes once and click on the Install button to start the installation.
Once the installation finishes, you can use a web browser to access
http://snelexample.site. You should see the default IIS welcome page.
Step 2: Create Simple HTML Test Site
To install Let’s Encrypt certificate, first, we need to create a site. In this tutorial, we will be creating a very simple demo HTML site. Navigate to the directory
C:\inetpub\ and create a new folder with name
snelexample.site. Into the folder, create a new file with name
index.html and populate it with the following content.
<!DOCTYPE html> <html> <head> <title>Demo Site</title> </head> <body> <h1>Hello World</h1> </body> </html>
We are done creating the site. Let’s add it to the IIS server in the next step.
Step 3: Adding Website to IIS
Open the IIS Manager by searching IIS in the search menu. Expand HOST → Sites on the left pane, you will find the default web site. To add a new site in IIS web server, click on the Add website link from the right panel.
On Add Website prompt, Provide a Site name to identify your site. Let the value of Application pool remain the same as the Site name. Put the path of the directory where our
index.html page resides which we have created in Step 2 of the tutorial. Leave the default value in Binding Type, IP address and Port. Put the actual domain name in Host name field. Click the button OK to add the site and start it.
Now, you can use a web browser to access
http://snelexample.site again. You should see the example website.
Step 4: Download Let’s Encrypt Client
There are many different client application available for generating Let’s Encrypt certificates. In this tutorial, we will use win-acme client as it is very simple, open-source and actively developed command line application. It not only generates the certificates but also installs and renews them automatically.
Download the latest version of the application on the server from its Github release page. On the release page, scroll down to find the assets and download the zip archive with name
win-acme.v2.x.x.x.zip . If you are having trouble using internet explorer, you can follow this tutorial to install Chrome on the server. Once downloaded, extract the application and move it to some safer location for future use.
Step 5: Generate Let’s Encrypt Certificates
Note: The domain which you are using must be pointed towards your Snel server. Let’s Encrypt will verify it before issuing the certificates.
To generate the Let’s Encrypt certificates, simple run
wacs.exe. You may get a message from Windows Defender saying “Windows protected your PC” because we downloaded the application from the internet. Click on “More Info” link and then click on “Run Anyway” button. The application is totally safe to run as it is open source and actively used by many people. You may also need to allow the application if any UAC(User Access Control) prompt comes.
Once the application starts, follow these simple steps.
- Press N on the initial menu to choose the option to “Create a new certificate”.
- Next, It will ask you “What kind of certificate would you like to create?”. Enter 1 to choose “Single binding of an IIS site” option.
- Now the application will retrieve the list of websites from the IIS server and display it in command prompt. You will see the site we created on step 3 listed there. Press the number shown in front of the site.
- It will now ask for your email to send you renewal notices. Provide your email address and agree to the terms and conditions.
That’s it. If your domain is pointing to your server, it will successfully generate an SSL certificate for you. It will also add a scheduled task which will automatically renew the certificate when it will be due for renewal. The application will also install the SSL certificate for you.
Now, you can access your website using HTTPS, eg.
https://snelexample.site and you should see the connection is secured with a valid certificate.
In this detailed tutorial, we have installed the IIS server on Windows server 2019. We also created a demo website and added into the IIS server. Finally, we generated and installed Let’s encrypt SSL certificate on the demo website we created.