How to Use Let’s Encrypt Certificates for Windows Servers

29Oct, 2019

Let’s encrypt certificates on Windows Servers.

In this tutorial I explain how you can use Let’s Encrypt on Windows Servers. You could use this for example for the new ‘Windows Admin Center’ or in ADFS. Let’s encrypt is a fairly new website that let’s you use certificates for free. From their website: “Let’s Encrypt is a free, automated, and open Certificate Authority.”

Managing multiple certificates in Windows on one Windows Server.

I always choose the management server as ‘management’ for all certificates. That way I always know that the key is on the management server. You can do the same with the let’s encrypt certificate for every windows role that’s using a website. Make sure you have installed the Windows Role Web Server (IIS) on the management server. I assume that you as a system administrator know how to install a windows role.

Let’s install a “Let’s Encrypt” certificate on your Windows Server.

Add the website temporarily to IIS.

Go to start and open Internet Information Services (IIS) manager.

Double click on the Management server and open Sites.

Right click on Sites click on Add website.

See the screenshot for the other information.
Use as a website the website you want to use the certificate for. This is the same domain name that you probably installed on another server, this does not matter. The website on your management server does not go live.

I am using tst.bwb.cloud. I use this for Windows Admin Center in my developer tenant.


‘Download’ a certificate from Let’s Encrypt.

Now that the website is ‘live’ on the management server, we can continue to install the certificate.

Go to Github and download the .zip file that contains letsencrypt.exe.
The latest version is here:

https://github.com/PKISharp/win-acme/releases

Copy / paste the .zip to the management server, or the server of your choice.
Unpack the zip file.

Run the Letsencrypt.exe executable that is in the extracted folder.

Let's Encrypt on Windows Servers for Windows Admin Center, ADFS or IIS
Let’s Encrypt on Windows Servers for Windows Admin Center, ADFS or IIS.

A Command Prompt opens with different options.
Choose Create new certificate here by typing N and pressing Enter.

Then choose for Single binding or an IIS site.
You only need to type number 1 for this.

If everything went well, you should now see the IIS website you created earlier.
Choose the number for the IIS site that you have added. For me this is number 2.

Let’s encrypt will now do the rest.


Download the certificate from IIS.

Now we can go back to IIS.
Open IIS again and click on the management server.

Let's Encrypt on Windows Servers for Windows Admin Center, ADFS or IIS
Let’s Encrypt on Windows Servers for Windows Admin Center, ADFS or IIS.

Open the Server Certificates.

Here you can see all certificates installed on the management server.
You can now export and use these for the website that you have previously added to IIS.

Let's Encrypt on Windows Servers for Windows Admin Center, ADFS or IIS
Let’s Encrypt on Windows Servers for Windows Admin Center, ADFS or IIS.

Recap

As I mentioned at the beginning, you can use the certificate for different roles or applications such as Windows Admin Center, or ADFS, but also standard IIS websites.

error: Content is protected !!