Let's Encrypt is a certificate authority that provides free SSL certificates to any web site that want's one through an automated API. For installation on our servers we use an application called win-acme (formally called lets-encrypt-win-simple). This allows us to request an SSL certificate for any site hosted on our servers. The certificates expire after three months, but can be renewed after two months. There is a scheduled task set up that will run win-acme at 09:00 every morning on all the servers that will automatically renew any certificate that is due for renewal. Therefore, once set up, these certificate should automatically renew every two months without any manual intervention required.
Create Certificate
To create a certificate you need to run win-acme. To do this, open a command prompt window by right clicking on the start menu and selecting "Command Prompt (Admin)". In the command prompt window:
cd "\Program Files\win-acme" wacs
Once started you're presented with a menu with a number of options.
To create a new certificate for a site:
- Select option N (create new certificate)
- Select option 3 (SAN certificate for all bindings of an IIS site)
- A list of all available sites will be displayed, enter the number for the site you want to create the certificate for
If there are multiple bindings (host names) set up for a site and you don't want all of them to be included in the certificate then select option 2 (Single binding of an IIS site) when creating the certificate and select the specific host name that you want in the certificate. You can run the process multiple times to create multiple certificates if there is more than one host name for a site that you want a certificate for.
The certificate request will be created and sent to Let's Encrypt. A response will be temporarily installed on the web site to allow the site to be validated. If the process is successful it will validate in a few seconds and the certificate will be downloaded and installed into IIS.
If a Certificate is no longer needed
If a certificate is no longer needed then you can cancel the automatic renewal by selecting option O (More Options...) followed by option C (Cancel Scheduled Renewal) in win-acme. You may also want to use option V to revoke it. This will make the certificate immediately invalid so it can no longer be used. It will also prevent a renewal notice from being sent when the certificate expires.
If any certificate fails to automatically renew then an email will be sent to support before the certificate expires.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article