How to Install a Let's Encrypt TLS Certificate Into IIS on Windows

by Oliver 2. June 2016 09:00

We're slowly getting ready to present our youngest child, lemon, to the open public. In the process we moved the tracking app itself from www.lemontimetracker.com to app.lemontimetracker.com. Our currently installed TLS certificate covers only the domains lemontimetracker.com and www.lemontimetracker.com, so we need a new certificate for the app subdomain.

Let's Encrypt Provides TLS Certificates on Linux – and on Windows, too

For a few months we've been using free TLS certificates provided by Let's Encrypt for Camping.Info but these were created and are being managed on a CentOS system that also runs our NGINX reverse proxy and load balancer. In contrast to Camping.Info, we access lemon directly on the Windows hosting server without going through NGINX. So we needed a way to create and install a Let's Encrypt certificate on a Windows Server 2012 box.

Thanks to Rick Strahl and his recent post on Using Let's Encrypt with IIS on Windows this was an easy task. His walkthrough on using letsencrypt-win-simple, "A Simple ACME Client for Windows", was all I needed to get the job done. For brevity, here's a list of steps you need to do to get an IIS site TLS encrypted.

Using letsencrypt-win-simple to install a TLS certificate into IIS

  1. Log onto the machine where the site is hosted that you want to equip with SSL/TLS.
  2. Get the latest ZIP containing an exe and some SSH Windows DLLs.
  3. Unpack into a location dear to you.
  4. Open a command prompt in that location.
  5. Run letsencrypt

image

  1. Follow the instructions, i.e.:
  2. Pick an IIS site binding from the list. (You can ignore the other options at the bottom.)

Screenshot-20160601-103823

Lean back and watch the magic happen!

Problems you might run into

When I ran the tool for the first time on our live server, I was greeted with this error:

System.CmomponentModel.Win32Exception (0x80004005): A specified logon session does not exist. It may already have been terminated.

image

It might have had something to do with the missing tick in the "Require Server Name Indication" check box for the https binding for app.lemontimetracker.com:

Screenshot-20160601-105528

After checking that, the https version worked like a charm.

HTTPS in IIS on Windows is simple now

Try it yourself!

Happy encrypting :-)

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

About Oliver

shades-of-orange.com code blog logo I build web applications using ASP.NET and have a passion for javascript. Enjoy MVC and Orchard CMS, and I do TDD whenever I can. I like clean code. Love to spend time with my wife and our three children. My profile on Stack Exchange, a network of free, community-driven Q&A sites

About Anton

shades-of-orange.com code blog logo I'm a software developer at teamaton. I code in C# and work with MVC, Orchard, SpecFlow, Coypu and NHibernate. I enjoy beach volleyball, board games and Coke.