How to manage Let's Encrypt SSLs on IIS
To get Let's Encrypt SSL certificates installed and running on your Windows IIS server is made easy with the Certify the Web utility. This tool doesn't require any complex command line or scripting knowledge, making it easy for anyone to get SSL certificates installed on their IIS websites.
|Running a reverse proxy server with IIS?|
||This method will also work to ensure that requests to your reverse proxy will be encrypted with SSL. If you need to encrypt traffic from your proxy to your resource, configure SSL according to your software vendor's recommendations. NodeSpace will not proactively assist with reverse proxy connections. If your application is hosted within the NodeSpace network, reverse proxy server administration is included in our advanced server management service. Contact Sales if you would like to add this service to your account.|
Start off by going to https://certifytheweb.com to download the latest version on your Windows server. If you restrict traffic on your Windows server, download the installer to your computer and then transfer it to your web server. Run the installer on your server. The application is a very simple installer which will allow you to customize where you'd like to have the application installed if you separate your disks.
Once the application is started, you will need to register your contact. Your contact can already be existing from other Let's Encrypt certificates (such as if you're on our shared hosting platform). If Let's Encrypt is having problems with your contact, you will need to setup a new account.
Be sure to adjust all the other settings as required for your environment. Please note that we strongly suggest leaving the default auto renewal period of 14 days to ensure overlap and to also enable certificate cleanup to ensure your server does not fill up with old certificates.
To issue a new certificate to an existing IIS site, click on the New Certificate button.
In the main section, select your IIS website. If you have an expired or expiring SSL, this method will replace the old certificate. The certificate manager will pull existing bindings from IIS. If you need to add more to your certificate or add a wildcard certificate, you can add these additional options here. Consider a wildcard certificate if you have either dynamic subdomains or a large number as you can be rate limited by Let's Encrypt for making too many rapid SSL requests.
If everything looks satisfactory, you can optionally test to make sure validation can happen or click on Request Certificate to have the application request the certificate and install it.
If you need to make changes to your certificate at any time (including adding or removing domains), you can manage it by clicking on either the auto-generated name or the name you specified from the left-hand side.