The following guide will teach you how to install an SSL certificate for a site instance along with all its bindings using Win-ACME, a simple Automated Certificate Management Environment (ACME) client for Windows.
Responsible Parties:
This is a third-party free solution that xByte can install on your server. However, the responsibility for managing and maintaining the solution will rest with the owner of the VPS deployment.
If you are looking for a managed SSL solution, please check out our Sectigo SSL’s here
Prerequisites
Before getting started, make sure you have:
- Administrator access to your Cloud server.
- Internet Information Services (IIS) up and running.
- A Fully Qualified Domain Name (FQDN) that points to your server’s public IP address.
Steps
1. Install Win-ACME
If you would like to have Win-ACME installed on your Cloud server for you to use, just reach out to [email protected] and out team can assist with getting this installed for you.
2. Launch Win-ACME
Open the Command Prompt with Administrator privileges. Navigate to the directory where you extracted Win-ACME and run the following command:
cd C:\Tools\win-acme
.\wacs.exe
This will open the main menu of the Win-ACME client.
3. Generate a New Certificate
In the Win-ACME menu, select the option N (for Create new certificate with default settings
) by typing N
and hitting Enter. The tool will list all the IIS websites available on your server.
4. Select Your IIS Site
Choose the ID of the site instance for which you want to install the SSL certificate and hit Enter.
5. Confirm Domain Binding
The tool will read site bindings from the selected IIS site and confirm the domain(s) to be included in the certificate. Verify the listed domains and hit Enter to continue.
Note: Recommended to just pick all bindings as seen in the below screenshot
6. Provide Contact Information
You’ll be prompted to provide an email address. This is necessary as Let’s Encrypt requires an email for issuing an SSL certificate. This email will be used for important updates and notifications about your certificates.
7. Agree to the Terms of Service
After entering your email, you’ll need to accept the Let’s Encrypt Subscriber Agreement. Type Y
and press Enter.
8. Automatic Renewal Setup
Win-ACME will then offer to set up automatic renewal for the certificate. It’s recommended to accept this by typing Y
and hitting Enter. This schedules a task in the Task Scheduler to automatically renew the certificate every 60 days.
9. Finalizing the Process
Once you’ve accepted the automatic renewal setup, Win-ACME will proceed with the certificate request. It will validate the domain, request the SSL certificate from Let’s Encrypt, install the certificate in IIS, and bind it to the specified site.
Congratulations, you’ve successfully installed an SSL certificate for your site instance and all its bindings in IIS using Win-ACME. The process is automated, simple, and requires very little manual intervention.
10. Setup Email Notifications
Additionally, you can also configure WinAcme to send you email notifications when there is a failed renewal. This can be done by editing the settings.json file in the following path:
C:\tools\win-acme
You can find all the configurable settings in the WinAcme settings.json in the following documentation from WinAcme:
You can find the notification settings if you scroll down on that page and it will let you know what options you have available to configure.
xByte’s Role in Supporting Win-ACME
Regarding the WinAcme application, our support scope for complimentary third-party software includes the initial installation on the server and aid in the installation of some SSL certificates. Post-installation management of the software falls under the purview of the account owner.
For any SSL certificates acquired through xByte, please be assured that our team will manage their renewal and installation on your server.