How to Create Let’s Encrypt SSL Certificate on Windows (Step-by-Step Guide)

Complete beginner-friendly guide to generate and install a free SSL certificate on Windows server

If you’re running a website on Windows Server, securing it with HTTPS is no longer optional. Modern browsers flag unsecured websites as “Not Secure,” which can scare visitors away and negatively affect SEO rankings.

The good news? You can create an SSL certificate for free using Let’s Encrypt — and install it on your Windows Server in just a few steps.

In this detailed beginner-friendly guide, you’ll learn how to:

• Create SSL certificate Let’s Encrypt on Windows

• Use Let’s Encrypt on Windows Server

• Install SSL certificate on Windows Server

• Use Win-ACME (recommended ACME client for Windows)

• Automatically renew your free SSL certificate

Let’s get started.

---

What Is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA) provided by the Internet Security Research Group (ISRG). It allows you to generate trusted SSL/TLS certificates at no cost.

Unlike traditional SSL providers, Let’s Encrypt certificates:

• Are completely free

• Can be automated

• Renew automatically every 90 days

• Are trusted by all major browsers

It’s widely used by hosting providers and system administrators worldwide.

You may also like: Let’s Encrypt vs Paid SSL: Which One is Right for Your Website?

---

Why Use Let’s Encrypt on Windows Server?

If your website runs on Windows Server with IIS (Internet Information Services), you’ll need an ACME client compatible with Windows.

That’s where Win-ACME comes in.

Win-ACME (also known as WACS) is a popular Windows ACME client designed specifically to request and install Let’s Encrypt certificates on IIS automatically.

Benefits of using Win-ACME:

• Fully compatible with IIS

• Automatic certificate installation

• Auto-renewal support

• Simple command-line wizard

• Free and open-source

Do not miss- How to Create a .pfx/.p12 Certificate File Using OpenSSL

---

Prerequisites Before You Begin

Before you create SSL certificate Let’s Encrypt on Windows, make sure:

1. Your website is already hosted on Windows Server

2. IIS is installed and running

3. Your domain name points to your server’s public IP

4. Port 80 (HTTP) is open in firewall

5. You have administrator access to the server

Without these, the certificate validation will fail.

---

Step-by-Step Guide: Create Let’s Encrypt SSL Certificate on Windows

Now let’s walk through the complete process.

---

Step 1: Download Win-ACME (Let’s Encrypt Windows Client)

1. Visit the official Win-ACME GitHub page.

2. Download the latest stable release ZIP file.

3. Extract it to a folder like:

C:\win-acme\

No installation is required — it runs directly from the folder.

---

Step 2: Run Win-ACME as Administrator

1. Open the extracted folder.

2. Right-click wacs.exe

3. Select Run as Administrator

You’ll see a command-line interface open with multiple options.

---

Step 3: Create SSL Certificate Using IIS (Recommended Method)

When prompted, choose:

N (Create new certificate)

Then select:

1 (Single binding of an IIS site)

Win-ACME will automatically detect IIS websites hosted on your server.

Select Your Website

• Choose the number corresponding to your domain.

• Confirm the domain name.

• Press Enter to continue.

Win-ACME will now:

• Perform domain validation

• Contact Let’s Encrypt servers

• Generate the certificate

• Install it automatically in IIS

If everything is configured correctly, you’ll see:

Certificate created successfully!

Congratulations — your free SSL Windows Server setup is complete.

You may also like - Extract PEM/CRT and KEY from PFX: Best Guide

---

Step 4: Verify SSL Installation

To confirm:

1. Open a browser

2. Visit:

https://yourdomain.com

You should see:

• A padlock icon

• No “Not Secure” warning

• HTTPS working properly

You can also test your SSL using online SSL checker tools.

---

How Let’s Encrypt Validation Works

Let’s Encrypt verifies domain ownership before issuing a certificate.

With IIS method, Win-ACME uses:

HTTP-01 challenge

This means:

• It places a validation file in your website folder

• Let’s Encrypt server checks it via port 80

• If accessible, certificate is issued

That’s why port 80 must be open.

You should also see this article for more troubleshooting with these steps - 

Create a Let’s Encrypt SSL Certificate on Windows

---

Automatic SSL Renewal (Very Important)

Let’s Encrypt certificates expire every 90 days.

But don’t worry — Win-ACME automatically creates a scheduled task in Windows Task Scheduler.

To check:

1. Open Task Scheduler

2. Look for “win-acme renew task”

It runs daily and renews your certificate automatically before expiration.

No manual action required.

---

Alternative: Manual DNS Validation (Advanced Users)

If port 80 is blocked, you can use DNS validation instead.

Choose:

M (More options)

Then select DNS challenge.

This method:

• Requires access to DNS provider

• Requires manual TXT record entry

• Works even if port 80 is closed

This method is ideal for:

• Internal servers

• Cloud environments

• Servers behind strict firewalls

---

How to Install SSL Certificate Manually in IIS (If Needed)

If automatic installation fails, follow these steps:

Step 1: Open IIS Manager

1. Press Windows + R

2. Type inetmgr

3. Press Enter

Step 2: Bind HTTPS

1. Select your website

2. Click Bindings

3. Click Add

4. Choose:

   • Type: HTTPS

   • Port: 443

   • Select your certificate from dropdown

5. Click OK

Now HTTPS is manually configured.

---

Troubleshooting Common Issues

Here are some common problems when using Let’s Encrypt Windows:

---

Issue 1: Validation Failed

Reason: Port 80 blocked
Solution: Open port 80 in:

• Windows Firewall

• Hosting firewall

• Router firewall

---

Issue 2: Domain Not Pointing to Server

Reason: DNS not updated
Solution: Ensure your domain A record points to correct IP.

---

Issue 3: IIS Not Detected

Reason: Website not properly configured
Solution: Make sure site exists in IIS with correct binding.

---

Security Best Practices After Installing SSL

After installing SSL certificate on Windows:

1. Force HTTPS Redirect

Add URL Rewrite rule in IIS to redirect HTTP to HTTPS.

2. Disable Weak Protocols

Disable SSL 3.0 and old TLS versions.

3. Enable HSTS

Add HTTP Strict Transport Security header.

These steps improve security and SEO rankings.

---

Benefits of Free SSL on Windows Server

Using Let’s Encrypt offers:

• Zero cost SSL

• Improved SEO rankings

• Secure data encryption

• Increased user trust

• Automatic renewals

• No licensing fees

For small businesses, bloggers, and startups, this is the perfect solution.

---

Frequently Asked Questions (FAQ)

Is Let’s Encrypt really free?

Yes, completely free forever.

---

Is it safe to use?

Yes. It’s trusted by all major browsers and widely used worldwide.

---

Does it work with Windows Server 2016/2019/2022?

Yes, Win-ACME supports modern Windows Server versions.

---

What happens after 90 days?

The certificate auto-renews via scheduled task.

---

Can I use it for multiple domains?

Yes. You can create multiple certificates for different domains or use SAN certificates.

---

Final Thoughts

Setting up HTTPS on Windows Server is no longer complicated or expensive. With Let’s Encrypt and Win-ACME, you can create SSL certificate Let’s Encrypt on Windows in just minutes.

To summarize:

1. Download Win-ACME

2. Run as administrator

3. Select IIS site

4. Let it generate and install automatically

5. Confirm HTTPS

6. Ensure auto-renewal works

That’s it!

Your website is now secure, SEO-friendly, and trusted by browsers — without paying a single dollar for SSL.



You may also like -