2. June 2016 09:00
We're slowly getting ready to present our youngest child, lemon, to the open public. In the process we moved the tracking app itself from www.lemontimetracker.com to app.lemontimetracker.com. Our currently installed TLS certificate covers only the domains lemontimetracker.com and www.lemontimetracker.com, so we need a new certificate for the app subdomain.
Let's Encrypt Provides TLS Certificates on Linux – and on Windows, too
For a few months we've been using free TLS certificates provided by Let's Encrypt for Camping.Info but these were created and are being managed on a CentOS system that also runs our NGINX reverse proxy and load balancer. In contrast to Camping.Info, we access lemon directly on the Windows hosting server without going through NGINX. So we needed a way to create and install a Let's Encrypt certificate on a Windows Server 2012 box.
Thanks to Rick Strahl and his recent post on Using Let's Encrypt with IIS on Windows this was an easy task. His walkthrough on using letsencrypt-win-simple, "A Simple ACME Client for Windows", was all I needed to get the job done. For brevity, here's a list of steps you need to do to get an IIS site TLS encrypted.
Using letsencrypt-win-simple to install a TLS certificate into IIS
- Log onto the machine where the site is hosted that you want to equip with SSL/TLS.
- Get the latest ZIP containing an exe and some SSH Windows DLLs.
- Unpack into a location dear to you.
- Open a command prompt in that location.
- Run letsencrypt
- Follow the instructions, i.e.:
- Pick an IIS site binding from the list. (You can ignore the other options at the bottom.)
Lean back and watch the magic happen!
Problems you might run into
When I ran the tool for the first time on our live server, I was greeted with this error:
System.CmomponentModel.Win32Exception (0x80004005): A specified logon session does not exist. It may already have been terminated.
It might have had something to do with the missing tick in the "Require Server Name Indication" check box for the https binding for app.lemontimetracker.com:
After checking that, the https version worked like a charm.
HTTPS in IIS on Windows is simple now
Try it yourself!
Happy encrypting :-)