Creating Free SSL Certificates For Windows Server Using Let’s Encrypt
I usually need SSL certificates for staging and production environments. For a long time creating self-signed digital certificates was the only option if you were not willing to spend money for it.
Well, not any more. Let’s Encrypt is a non-profit CA (certificate authority) which provides free digital certificates to enable SSL.
In this guide I’ll try to explain how to get a SSL certificate for my staging Windows 2016 server. The server is a virtual machine created in Azure. If you are using Azure Virtual Machines you can setup a free DNS name for that server. This means once you setup IIS on that server you can access your websites in that server via that domain name instead of the IP address.
There are many ways of generating SSL certificates from Let’s Encrypt. In this post I’ll use SSL For Free to obtain the certificates for my domain.
First right your domain name (the one you get from Azure Virtual Machine) and click “Create Free SSL Certificate” button.
You have 3 options to verify that you own the domain. I chose “Manual Verification” since I have a virtual server that I can connect and manage.
To manually verify domain in a HTTP server you need to follow these steps:
- Upload the file to the server
- Create a web site that can serve this file as a web page.
- Verify the page in SSL For Free.
The verification process requires a specific GET request in the following format:
To provide this I created a new website (“letsencrypt”) in IIS. And applied these steps:
- The requested url includes “.well-known” but in windows you can not start a folder name with a “.”. To solve this problem create a “Virtual Folder” named “.well-known” pointing to the folder “well-known”.
- Browse to the “letsencrypt/well-known” folder in Explorer.