Install Let’s Encrypt with IIS on Windows Server 2019

Estimated reading time: 4 min


Installing SSL on a website is must these days as it secures the data exchanged between the server and client. It also affects the SEO score as search providers give preferences to the sites having SSL installed. Let’s Encrypt is a non-profit certificate authority which provides free SSL certificates. Almost all browser recognizes Let’s Encrypt certificates as trusted certificates. In this tutorial, we will learn how we can generate and use Let’s Encrypt certificates on a Windows Server 2019 using the IIS web server.


    • Cloud VPS or Dedicated Server with Windows Server 2019 installed.
    • You must be logged in via Remote Desktop Protocol as an administrative user.
    • A domain name pointed towards your VPS or Dedicated server. In this tutorial, we will use Replace all occurrences of with your actual domain name.

Step 1: Install IIS (Internet Information Services)

Open Server Manager by searching Server Manager in Start Menu. Click on Add roles and features link.

Below are the detailed instructions to follow on each tab of Add roles and features wizard.

  • Before You Begin: This tab explains the details of Add roles and feature wizard. You can read it or just click Next to get to the next tab.
  • Installation Type: Choose “Role-based or feature-based installation” and click Next.
  • Server Selection: Select the option “Select a server from the server pool” and click on your server from the list of “Server pool”.
  • Server Roles: Scroll down on the list of roles to find the “Web Server (IIS)”. When prompted for the required features, leave the default options checked and click on Add Features button. Click the Next button.
  • Features: Leave the default options checked here also and click the Next button without making any changes.
  • Web Server Role: Leave the default options checked as we are creating a basic web server only and click Next button for proceeding to the confirmation screen.
  • Confirmation: Review the changes once and click on the Install button to start the installation.

Server Manager Dashboard

Once the installation finishes, you can use a web browser to access You should see the default IIS welcome page.

ISS Windows Server

Step 2: Create Simple HTML Test Site

To install Let’s Encrypt certificate, first, we need to create a site. In this tutorial, we will be creating a very simple demo HTML site. Navigate to the directory C:\inetpub\ and create a new folder with name Into the folder, create a new file with name index.html and populate it with the following content.

<!DOCTYPE html>
    <title>Demo Site</title>
    <h1>Hello World</h1>

Snel example site

We are done creating the site. Let’s add it to the IIS server in the next step.

Step 3: Adding Website to IIS

Open the IIS Manager by searching IIS in the search menu. Expand HOST → Sites on the left pane, you will find the default web site. To add a new site in IIS web server, click on the Add website link from the right panel.

Internet Information Services

On Add Website prompt, Provide a Site name to identify your site. Let the value of Application pool remain the same as the Site name. Put the path of the directory where our index.html page resides which we have created in Step 2 of the tutorial. Leave the default value in Binding Type, IP address and Port. Put the actual domain name in Host name field. Click the button OK to add the site and start it.

Add website
Now, you can use a web browser to access again. You should see the example website.

Demo site

Step 4: Download Let’s Encrypt Client

There are many different client application available for generating Let’s Encrypt certificates. In this tutorial, we will use win-acme client as it is very simple, open-source and actively developed command line application. It not only generates the certificates but also installs and renews them automatically.

Download the latest version of the application on the server from its Github release page. On the release page, scroll down to find the assets and download the zip archive with name . If you are having trouble using internet explorer, you can follow this tutorial to install Chrome on the server. Once downloaded, extract the application and move it to some safer location for future use.

win acme

Step 5: Generate Let’s Encrypt Certificates

Note: The domain which you are using must be pointed towards your Snel server. Let’s Encrypt will verify it before issuing the certificates.

To generate the Let’s Encrypt certificates, simple run wacs.exe. You may get a message from Windows Defender saying “Windows protected your PC” because we downloaded the application from the internet. Click on “More Info” link and then click on “Run Anyway” button. The application is totally safe to run as it is open source and actively used by many people. You may also need to allow the application if any UAC(User Access Control) prompt comes.

Once the application starts, follow these simple steps.

  • Press N on the initial menu to choose the option to “Create a new certificate”.
  • Next, It will ask you “What kind of certificate would you like to create?”. Enter 1 to choose “Single binding of an IIS site” option.

lets encrypt

  • Now the application will retrieve the list of websites from the IIS server and display it in command prompt. You will see the site we created on step 3 listed there. Press the number shown in front of the site.
  • It will now ask for your email to send you renewal notices. Provide your email address and agree to the terms and conditions.

let's encrypt acme

That’s it. If your domain is pointing to your server, it will successfully generate an SSL certificate for you. It will also add a scheduled task which will automatically renew the certificate when it will be due for renewal. The application will also install the SSL certificate for you.

new let's encrypt certificate

Now, you can access your website using HTTPS, eg.  and you should see the connection is secured with a valid certificate.

secure connection


In this detailed tutorial, we have installed the IIS server on Windows server 2019. We also created a demo website and added into the IIS server. Finally, we generated and installed Let’s encrypt SSL certificate on the demo website we created.

Was this article helpful?
Dislike 1
Views: 3730

Reader Interactions


  1. Steven Phan says

    I am hoping you can help me out. Please email me.

    The issue we are facing is that clients would setup domains in an A record or CNAME like pointed to our domain. That’s on our server like which is binded.

    We generate a certificate but where do we bind it because the certificate generated is for client domain which isn’t binded on our system because they have their CNAME/A Record pointed to our to handle all the requests.

    But if we were to physically bind the domain on the server and apply the certificate then yes we are able to obtain SSL. But this isn’t the case.

    • Yavuz Aydin says

      It looks like you're describing to bind multiple SSL certificates to a single site, this is not possible. You should bind the additional domains to the main domain and add the additional domains as a SAN to the main domain certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *