Let’s encrypt certificates on Windows Servers.
In this tutorial I explain how you can use Let’s Encrypt on Windows Servers.
You could use this for example for the new ‘Windows Admin Center’ or in ADFS.
Let’s encrypt is a fairly new website that let’s you use certificates for free.
From their website: “Let’s Encrypt is a free, automated, and open Certificate Authority.”
For more about Let’s Encrypt go here.
Managing multiple certificates in Windows on one Windows Server.
I always choose the management server as ‘management’ for all certificates. That way I always know that the key is on the management server. You can do the same with the let’s encrypt certificate for every windows role that’s using a website.
Make sure you have installed the Windows Role Web Server (IIS) on the management server. I assume that you as a system administrator know how to install a windows role. If this is not the case, I refer you to Technet.
Let’s install a “Let’s Encrypt” certificate on your Windows Server.
Add the website temporarily to IIS.
Go to start and open Internet Information Services (IIS) manager.
Double click on the Management server and open Sites.
Right click on Sites click on Add website.
See the screenshot for the other information.
Use as a website the website you want to use the certificate for. This is the same domain name that you probably installed on another server, this does not matter. The website on your management server does not go live.
I am using tst.bwb.cloud. I use this for Windows Admin Center in my developer tenant.
‘Download’ a certificate from Let’s Encrypt.
Now that the website is ‘live’ on the management server, we can continue to install the certificate.
Go to Github and download the .zip file that contains letsencrypt.exe.
The latest version is here:
Copy / paste the .zip to the management server, or the server of your choice.
Unpack the zip file.
Run the Letsencrypt.exe executable that is in the extracted folder.
A Command Prompt opens with different options.
Choose Create new certificate here by typing N and pressing Enter.
Then choose for Single binding or an IIS site.
You only need to type number 1 for this.
If everything went well, you should now see the IIS website you created earlier.
Choose the number for the IIS site that you have added. For me this is number 2.
Let’s encrypt will now do the rest.
Download the certificate from IIS.
Now we can go back to IIS.
Open IIS again and click on the management server.
Open the Server Certificates.
Here you can see all certificates installed on the management server.
You can now export and use these for the website that you have previously added to IIS.
As I mentioned at the beginning, you can use the certificate for different roles or applications such as Windows Admin Center, or ADFS, but also standard IIS websites.
Do you have questions or comments regarding this? Then let me know with a comment.
A little extra
This post contains PowerShell. Would you like to learn the basics better? I have created a new website to learn basic PowerShell in an ’emulator’ environment.
Click here to go learn Basic PowerShell.