Letsencrypt had been around for a while now and is supported by very big names in tech such as Facebook, Mozilla, Cisco, and a lot more. The free service is there to allow anyone to have a secure website which helps the whole web by making sure things like login details are encrypted.

The system had been designed with Linux in mind and some very kind people have offered up Windows variants to make use of it. You can see a full list of recognized bots/programs and websites under the documentation ACME Client Implementations.

I use letsencrypt-win-simple which is a project started by Bryan Livingston which is easy to use and can automatically keep the certificates up to date with a scheduled task.

The main step to remember is adding a mime type on the acme-challenge folder so the verification keys will be served by IIS when the Let’s Encrypt service tried to check your site. Verification will fail without this because IIS will present a 404 error for unknown for types.

. Text/Plain

For example, if your site is located at C:\inetpub\wwwroot you will be guided to create some directories:

C:\inetpub\wwwroot\.well-known\acme-challenge\

NOTE: Windows prevents you from starting a directory with a dot so you can create it through Command Prompt/Powershell with mkdir. There are other ways to fiddle with it but this is the quickest and easiest.

Once that’s done you can run letsencryptwinsimple and get your free certificates! They’ll be saved to:

C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org