Install a free SSL certificate in IIS
For a long time, SSL web certificates were only accessible after payment. This is now history thanks to the arrival of Let’s Encrypt. This time we look into how to Install a free SSL certificate in IIS.
What is Let’s Encrypt
Founded by the Mozilla and Cisco Association, the Let’s Encrypt initiative aims to make the web more secure by providing free SSL certificates to anyone who needs them. It takes the form of an open, free and automated Certificate Authority.
A certificate is obtained using the Automatic Certificate Management Environment (ACME) protocol. This allows you to verify that you are the owner of the desired domain. Let’s encrypt provides all the required tools but only for the Linux environment. We must therefore turn to alternative solutions and more specifically the open source project letsencrypt-win-simple .
For the proper functioning of the procedure, you must configure the bindings with an explicit hostname.
Your site must also be accessible from the outside.
Go to https://github.com/Lone-Coder/letsencrypt-win-simple/releases and download the zip of the latest version (v1.9 when writing this article).
Unzip the previously downloaded archive and run the letsencrypt program.exe with administrator rights.
The program will read the IIS configurations and enumerate the list of domains resulting from Binding.
You will have the choice to configure a particular domain or all domains at the same time. Here we will choose the first option.
If this error occurs, go to Internet Information Service (IIS) in “Mappings handler” and click “Show sorted list” in the action list.
Locate the “StaticFile” line and trace it over the 3 “ExtentionlessUrlHandler” lines.
You can then restart letsencrypt. exe always with administrator rights. Choose an area from the list. This time the process should work to the end.
It should be noted that a task is added to the Windows task scheduler that will update the certificate so that it is always valid.
Thanks to Let’s Encrypt and the GitHub community there is no reason to offer your users secure access by the certificate.