Let’s Encrypt is a free to use tool that allows creation, management and auto renewal of SSL certificates for web applications, services or any other apps where secure data transportation is needed.
However, there are few things that should be kept in mind when you are considering using Let’s Encrypt certificates as compared to any other traditional SSL Certificate through a Certificate Authority (CA) like GlobalSign.
- The certificate has a validity of 90 days only at a time and it may be even less in future.
- No easy installation wizard is available for it.
- Let’s Encrypt needs a certificate management agent for operating on the same server that will handle requests related to that domain.
How to set up Let’s Encrypt certificate on a Windows server
1. To begin with, you require a Let’s Encrypt client that speaks the Automated Certificate Management Environment (ACME) protocol. Let’s Encrypt client will utilize it for interacting with any CA supporting the ACME Protocol. ACME protocol is based upon JSON over HTTPS.
Therefore, firstly it needs to download Windows ACME Client. I used Version 1.9.6 compiled zip.
Extract it on the server in a directory where it can reside permanently.
2. Next you can deploy an SSL Certificate for your IIS web server. After downloading and extracting the Windows ACME Client to a directory, you need to runexe with administrative rights.
You will need to provide an email address, so that the renewals can be taken care of.
Press Enter Key.
It will show Menu options. Select ‘N’ and Press Enter key.
Choose menu option: 1 for Single binding of IIS site and Press Enter key.
Select Website ID where you want to Install SSL certificate and Press Enter key.
Choose verification method and Press Enter key.
Next, you will have to accept the Terms and Conditions. Type ‘y’ and enter.
Now you will be asked to choose which binding you want to generate the SSL for:
i.e. it is www.znetindia.net. So chose option 1
3. Lastly, as a final step, these are things you should know:
a.You have a date on which the certificate will become outdated, note it somewhere.
b. For renewing this certificate, a scheduled task has been set for 60 days’ time period on this machine.
c.Certificate Store is the place where certificate is deployed.
d. The IIS Website has an https binding now.
In case you have any query regarding this writeup or regarding SSL certificates, let me know via comments section. I’ll be happy to answer.