How to Install Free SSL Certificate on Windows Server

Since Certbot officially dropped support for Windows, you can use Win-ACME, a popular alternative for obtaining SSL certificates from Let's Encrypt on Windows. Here's a step-by-step guide to get you started:

Step 1: Download Win-ACME

1. Visit the official Win-ACME website: https://github.com/win-acme/win-acme.
2. Under Assets, download the latest .zip file for your version (e.g., win-acme.v2.x.x.x.zip) (for me it's win-acme.v2.2.9.1701.x64.trimmed.zip).
3. Extract the ZIP file to a folder (e.g., C:\win-acme).

Step 2: Run Win-ACME

1. Open a Command Prompt as Administrator.
2. Navigate to the folder where you extracted Win-ACME: cd C:\win-acme
3. Run the Win-ACME executable: wacs.exe

Step 3: Follow the Interactive Prompts

Win-ACME will guide you through the process interactively. Here are the general steps:

1. Choose the type of certificate: Select N for "Create a new certificate (Simple for IIS)".
2. Choose the site for SSL: It will list the sites configured in IIS. Choose the site you want to secure (e.g., www.example.com).
3. Choose the certificate type: Select 1 to use Let's Encrypt.
4. DNS validation or HTTP challenge: Choose the appropriate method for validation. HTTP challenge is the most common and easier to configure.
   • HTTP challenge works if your site is accessible publicly via HTTP, and Win-ACME will automatically create the necessary challenge files for Let's Encrypt.
5. Install the certificate: After obtaining the certificate, Win-ACME will offer to install it automatically into IIS.

Step 4: Verify the Installation

• After the process is complete, check the IIS Manager:
  • Go to your site and open Bindings.
  • You should see an SSL certificate (with HTTPS) for the site.

Step 5: Automatic Renewal (Optional)

Win-ACME can automatically renew the SSL certificates for you:

1. It creates a scheduled task for automatic renewal.
2. You can check the scheduled task by typing taskschd.msc in the Windows search bar and looking for a task named win-acme.

Additional Notes:

• Ensure that port 80 is open for HTTP challenges to work.
• If you face issues with the installation or certificate renewal, check the Win-ACME logs in the C:\win-acme\acme-v02.api.letsencrypt.org folder for more details.

This solution should help you get SSL certificates for your IIS-hosted applications