Letsencrypt-win-simple review existing certificate năm 2024

Let’s Encrypt is a free to use tool that allows creation, management and auto renewal of SSL certificates for web applications, services or any other apps where secure data transportation is needed.

However, there are few things that should be kept in mind when you are considering using Let’s Encrypt certificates as compared to any other traditional SSL Certificate through a Certificate Authority (CA) like GlobalSign.

• The certificate has a validity of 90 days only at a time and it may be even less in future.
• No easy installation wizard is available for it.
• Let’s Encrypt needs a certificate management agent for operating on the same server that will handle requests related to that domain.

How to set up Let’s Encrypt certificate on a Windows server

1. To begin with, you require a Let’s Encrypt client that speaks the Automated Certificate Management Environment (ACME) protocol. Let’s Encrypt client will utilize it for interacting with any CA supporting the ACME Protocol. ACME protocol is based upon JSON over HTTPS. Therefore, firstly it needs to download Windows ACME Client. I used Version 1.9.6 compiled zip. https://github.com/Lone-Coder/letsencrypt-win-simple/releases/tag/v1.9

Extract it on the server in a directory where it can reside permanently.

1. Next you can deploy an SSL Certificate for your IIS web server. After downloading and extracting the Windows ACME Client to a directory, you need to runexe with administrative rights. You will need to provide an email address, so that the renewals can be taken care of.

Press Enter Key.

It will show Menu options. Select ‘N’ and Press Enter key.

Choose menu option: 1 for Single binding of IIS site and Press Enter key.

Select Website ID where you want to Install SSL certificate and Press Enter key.

Choose verification method and Press Enter key.

Next, you will have to accept the Terms and Conditions. Type ‘y’ and enter.

Now you will be asked to choose which binding you want to generate the SSL for:

i.e. it is www.cloudtechtiq.com. So chose option 1

1. Lastly, as a final step, these are things you should know: a.You have a date on which the certificate will become outdated, note it somewhere.
2. For renewing this certificate, a scheduled task has been set for 60 days’ time period on this machine. c.Certificate Store is the place where certificate is deployed.
3. The IIS Website has an https binding now.

Clodtechtiq provides free Let’s Encrypt certificates with many services, like managed WordPress hosting, shared hosting, and more.

In case you have any query regarding this writeup or regarding SSL certificates, let me know via comments section. I’ll be happy to answer.

SSL certificates play an important role in securing your site and the data exchange between the server and the user. In this tutorial, you will learn how to generate a Let’s Encrypt SSL certificate on Windows Server 2016 using the IIS web server.

Prerequisites

• Cloud VPS or Dedicated Server with Windows Server 2016 installation.
• Log in as administrative user via Remote Desktop Protocol.
• A domain name pointed to your server. In this tutorial, we will use s30239.hosted-by-snel.com. Replace all occurrences of s30239.hosted-by-snel.com with your actual domain name.
• IE Enhanced Security Configuration should be turned off since you will need to download files from the server.

Step 1: Install IIS (Internet Information Services) Server

You can install IIS from the Server Manager. Launch Server Manager from the Start Menu. Click on Add roles and features link on the main screen. The following are the steps you need to follow on each screen to install IIS.

• Before You Begin – This page just explains what the Add roles and features wizard does. You can check the Skip this page by default option so that you don’t get to see this page again.
• Installation Type – Choose Role-based or feature-based installation and click Next.
• Server Selection – Select your server listed in the Server pool under the option Select a server from the server.
• Server Roles – Scroll down the list of roles to find Web Server (IIS) and checkmark it. When prompted for the required features, just click on the Add Features button without making any changes. Click the Next button when finished.
• Features – Don’t choose anything and click Next to proceed to the next screen as we don’t want to install anything here.
• Web Server Role – Click Next to go to the Role Services screen. Here you can add additional features to your IIS installation. Scroll down to select the FTP Server feature should you need it. In case you need any additional features, select them. Click Next when finished.
• Confirmation – Review the changes and click the Install button to start the installation.

Once the installation finishes, you can use a web browser to access your website. You should see the default IIS welcome page.

Step 2: Create a Website

Before installing the certificate, we will need a website. For this, we will create a simple demo site. Open the directory C:\inetpub\wwwroot and create a folder named s30239.hosted-by-snel.com. Launch Notepad and paste the following code into it.

<!DOCTYPE html>

<html>
    <head>
        <title>Demo Snel Site</title>
    </head>
    <body>
        <h1>
            Hello World
        </h1>
    </body>

Save the file in the folder we just created and name it index.html.

The next step is to add this site to the IIS server.

Step 3: Add Site to IIS

Launch IIS Manager from the Start Menu. Expand HOST –> Sites in the left pane and you will see the default website. Click on the Add Website link in the rightmost pane to add a new site.

Provide a site name with which to identify your site. Leave the Application Pool value changed. Select the path which we just created in Step 2 above. Enter the value of Host Name as s30239.hosted-by-snel.com and leave all other values unchanged. Click the OK button when finished to add the website.

Open the web browser to open your domain and you can see our demo HTML page being loaded.

Step 4: Download Let’s Encrypt Client

In this tutorial, we will use the win-acme client as it is open-source and actively developed. It can both generate and renew SSL certificates.

Download the latest version of the client from its Github releases page. Scroll down to the assets on the page and download the zip file with the name win-acme.v2.1.x.xxx.x64.trimmed.zip. For most users, the trimmed x64 release should be fine but in case you need to use any plugins, you should get the pluggable file. In this tutorial, we will use the trimmed file.

If you have trouble using Internet Explorer, you can follow our tutorial to install Google Chrome on the Windows Server. Once downloaded, extract win-acme to a safer location.

Step 5: Generate Let’s Encrypt Certificates

To generate the certificate, simply run wacs.exe from the client’s folder. Once the application starts, follow these steps.

• Press N on the initial menu to choose the option to “Create a new certificate”.
• Next, it will ask you which website(s) should be scanned for hostnames. You will be presented with a list of sites on your IIS server. Select the number corresponding to your site. (2 in our tutorial)

• Next, it will list the site bindings(URLs) corresponding to your selection and ask you to select a binding. Since we had only 1 URL, we will choose option 3 which represents all bindings.
• It will then ask you to confirm your selection. Enter y to proceed.

• Next, it will ask you for your email address to send renewal notices. Enter your email id and enter n & y for the next two options to agree to the terms. You can also enter y for both the options but then it tries to open the TOS(Terms of Service) in the default pdf application which if you don’t have any will just result in a popup window you will need to dismiss.
• That’s it. Your certificate is now ready for use. It will also create a scheduled task that will run daily to renew your certificate.

Step 6: Verify SSL

To verify that the SSL is working, launch https://s30239.hosted-by-snel.com in your browser and you can see the valid certificate sign in the address bar.

Conclusion

That’s all for this tutorial. We covered how to install IIS server, set up a basic website and install SSL for your site using Let’s Encrypt service.

How do I check my Letsencrypt certificate?

You can check the renewals of your cert by going to https://crt.sh/?match==&deduplicate=Y&CN=mycentralserver.com. You should see new certs every two months or so. Given that you've done some domain name changes, it might be good to throw away the nginx container and rebuild it.

How do I auto renew my Letsencrypt certificate in Windows?

Setting up Automatic Certificate Renewal.

Step 1: Open the Terminal. Open a terminal window on your server. ... .

Step 2: Edit the Crontab File. Run the following command to edit the root user's crontab file: sudo crontab -e..

Step 3: Create a New Cron Job. ... .

Step 4: Save Changes and Exit. ... .

Step 5: Verify the Cron Job..

How do I edit a certificate on Letsencrypt?

Certificates cannot be "edited" per se, as that would violate the existing signature.

How do I renew my Letsencrypt manual certificate?

In the case where your certificate does not automatically renew on your Droplet, you can manually trigger the renewal at anytime by running:.

sudo certbot renew. Copy. ... .

certbot certonly --force-renew -d example.com. Copy. ... .

sudo certbot renew --dry-run. Copy..