SSL certificates on any website serve two major purposes. One is to ensure the security of the connection established between the client and the server. Another is to improve the SEO score of the website. Having an SSL gives your website an upper hand over the others as search engines prefer websites with SSL over the ones without it. Let’s Encrypt can prove to be the best companion of your website in providing this as its certificates are recognized as trusted certificates by all major web browsers.
In this article, we’ll be guiding you through the process of generating Let’s Encrypt certificates on your Windows Server 2022.
Before diving straight into the process make sure that you have the following prerequisites:
- You’ll obviously need to have a dedicated server or a cloud VPS with Windows Server 2022 installed.
- Make sure that you’re logging in as an administrative user via Remote desktop protocol.
- One more thing you’ll need is a domain name that is pointed towards your dedicated server or cloud VPS, whatever you’re using, and you’re all set to go.
- Open your Start Menu and search for Server Manager.
- In Server Manager, you’ll see Add roles and features in the dashboard. Click on it.
- A new window will open. Click on the Next button to move forward.
- The next page will ask you to choose between the two types of installation types. Click on Role-based or feature-based installation and then click on the Next button.
- The next page is Server selection. Click on Select a server from the server pool. You’ll see a Server Pool list. Select your server from it and click on the Next button.
- From the list of Roles select Web Server (IIS). A pop-up window will appear. Click on the Add Features button without changing anything. Click on Next.
- Don’t make any changes on the next page also and click on the Next button.
- The next page is Web Server Role (IIS). Click on Next and on the next page leave everything as it is. Click on the Next button.
- This is the confirmation page. You can review all your selections here and then click on the Install button. This will start the installation.
After this, open a web browser and enter your domain name. You should see something like the following screenshot. This is the default IIS page.
Go to file explorer and navigate to C:\inetpub. Create a new folder and give it the name of your domain. Create a new file here. Name it index.html. Open it with notepad and enter the following code in it.
<!DOCTYPE html> <html> <head> <title>HostAdvice Test</title> </head> <body> <h1>Testing is fun</h1> <p> HostAdvice Test</p> </body> </html>
- Go to the search menu and enter IIS.
- Open the IIS manager. Under connection on the left panel, click on Host and then Sites.
- Under sections in the right panel, click on the Add Website.
A new pop-up window will open up. Fill in a name in the box under Site Name. The Application pool is supposed to be the same as the Site Name. Under Physical path put the path of the file index.html. Put your website’s address under Hostname and leave everything else as default. Make sure the Start Website immediately checkbox is checked. Click on the OK button.
Open a web browser and visit your website again by entering the domain name. You’ll no longer see the IIS welcome page. Instead, you’ll see the website you created using HTML.
The internet is filled with a host of clients to generate Let’s Encrypt certificates and it is up to you to choose the right fit for you. However, for this tutorial, we’ll be using the win-acme client because of its simple interface and highly developed command-line application. A pro of this client is that it also automatically renews the certificates for you. Follow the following steps to download the client.
- Scroll down a little, you’ll see the assets section. Find the zip file with the name win-acme.v2.x.x.x.zip
- Extract the application after downloading.
Find wacs.exe from the folder you downloaded and run it. As it is an application downloaded from the internet, you might get a warning pop-up from Windows Defender. But it is completely safe to run this application as it is open source. Go ahead and click on Run Anyway, under More info.
- In the application, you’ll be given a couple of options and then asked to choose one of them. Press the N key to choose the Create a new certificate option.
- Then you’ll be asked to select the kind of certificate you want to create. Press 1 as we want to choose the Single binding of an IIS site.
- You’ll be asked to choose the website you want to generate the certificate for. Choose the test website we created.
- You’ll now be asked to enter your email address and then agree with the terms and conditions.
Yayy!! You have successfully generated an SSL certificate for your website. Not just this, the application will also renew the certificate whenever it’s due.
Open a web browser and try accessing your website using HTTPS. You’ll also see the Connection is secure dialogue box with the certificate section saying it’s valid.
SSL certificates are kind of a must-have now and Let’s Encrypt lets you generate one for yourself easily, as demonstrated in the tutorial above. We hope to have helped you with generating an SSL certificate and securing the connection between the user and the server.