IIS and LetsEncrypt

  • Anyone know if this is good info, before I try it? I've seen a lot of issue with getting letsencrypt working on IIS, so curious if anyone can tell if this is worth pursuing.


  • @Tim_G I recently used this to install a Let's Encrypt cert on a IIS server and worked flawlessly. The one thing that isn't mentioned in that SW post is that you MUST have your domain name entered in the port 80 binding setup which isn't always the case.

    These are the steps I followed...
    1- Forward port 80 from external WAN IP to IP address of IIS server on the router/firewall
    2- Forward port 443 from external WAN IP to IP address of the IIS server on the router/firewall
    3- Ensure that DNS record points to the correct WAN IP and that it is reachable
    4- Log into the server as Administrator
    5- Go to IIS Manager, select the site, and from the Actions pane, select “Bindings” under Edit Site
    6- Click on the http site binding and then click “Edit”
    7- Under the “Host name”, please ensure that the full domain is entered (domainname.com) then click OK and Close
    8- Download the Let’s Encrypt executable from https://github.com/Lone-Coder/letsencrypt-win-simple/releases/download/v1.9.3/letsencrypt-win-simple.V1.9.3.zip
    9- Unzip the file and save contents to a folder on the server (I simply saved it in c:\new)
    10- Open a command prompt as administrator and change command prompt directory to match where you saved the Let’s Encrypt client (in my case that was c:\new)
    11- Type in “letsencrypt” and press ENTER
    12- If this is the first time the client runs, you will be prompted to enter an email address and press ENTER
    13- You will be asked to agree to the ToS of Let’s Encrypt, Enter “y” and press ENTER.
    14- The command prompt will then show a list of available IIS sites as well as a number of other options. If this is the only site configured, it should appear under #1. It will ask you which option you would like to run. Simply select #1 and press ENTER
    15- It will then automatically register the domain name and create and bind the SSL certificate.
    16- You will be asked if you want to create a scheduled task to automatically renew the certificate in Windows Task Manager. If asked if you want to specify the user, select No and press ENTER
    17- Once complete, go back to Edit Site Bindings and you will see that a new entry has been made for “https”. If you select it and press “Edit”, you’ll see the new SSL certificate named in the SSL box.
    18- Test that you can now reach your server via HTTPS. Once you’ve confirmed, disable port forwarding for port 80 on your router/firewall and only keep port 443 active. This will ensure you don’t need to worry about redirection from http to https

  • @NashBrydges Oh this is awesome! Gonna be giving that a go on Monday or Tuesday.