Using Win-ACME(Let's Encrypt) to secure your website

The following guide will teach you how to install an SSL certificate for a site instance along with all its bindings using Win-ACME, a simple Automated Certificate Management Environment (ACME) client for Windows.

Responsible Parties:

When choosing the SSL option that is best for you, xByte Cloud offers two types of SSL solutions with different levels of responsibility:

  1. Managed Sectigo SSL: This option provides a fully managed SSL service where xByte handles the entire SSL lifecycle—from purchasing and installation to ongoing management and renewals. With Managed Sectigo SSL, we ensure your website remains secure, up to date with the latest protocols, and that there’s no disruption in service due to certificate expiration. Our team monitors SSL expiration and performs timely renewals, so you can focus on your business while we manage the security details. check out our Sectigo SSL’s here.

  2. Let’s Encrypt (LE): For those preferring a free SSL option, we can deploy Let’s Encrypt on your server. However, the responsibility for maintaining the SSL will fall on the server owner. xByte installs WinAcme by default for LE requests and assists with the initial setup. Ongoing management, including certificate renewals, site additions are the responsibility of the VPS account owner.

Prerequisites

Before getting started, make sure you have:

  • Administrator access to your Cloud server.
  • Internet Information Services (IIS) up and running.
  • A Fully Qualified Domain Name (FQDN) that points to your server’s public IP address.

Steps

1. Install Win-ACME

If you would like to have Win-ACME installed on your Cloud server for you to use, just reach out to [email protected] and out team can assist with getting this installed for you.

2. Launch Win-ACME

Open the Command Prompt with Administrator privileges. Navigate to the directory where you extracted Win-ACME and run the following command:

cd C:\Tools\win-acme
.\wacs.exe

This will open the main menu of the Win-ACME client.

3. Generate a New Certificate

In the Win-ACME menu, select the option N (for Create new certificate with default settings) by typing N and hitting Enter. The tool will list all the IIS websites available on your server.

4. Select Your IIS Site

Choose the ID of the site instance for which you want to install the SSL certificate and hit Enter.

5. Confirm Domain Binding

The tool will read site bindings from the selected IIS site and confirm the domain(s) to be included in the certificate. Verify the listed domains and hit Enter to continue.

Note: Recommended to just pick all bindings as seen in the below screenshot

6. Provide Contact Information

You’ll be prompted to provide an email address. This is necessary as Let’s Encrypt requires an email for issuing an SSL certificate. This email will be used for important updates and notifications about your certificates.

7. Agree to the Terms of Service

After entering your email, you’ll need to accept the Let’s Encrypt Subscriber Agreement. Type Y and press Enter.

8. Automatic Renewal Setup

Win-ACME will then offer to set up automatic renewal for the certificate. It’s recommended to accept this by typing Y and hitting Enter. This schedules a task in the Task Scheduler to automatically renew the certificate every 60 days.

9. Finalizing the Process

Once you’ve accepted the automatic renewal setup, Win-ACME will proceed with the certificate request. It will validate the domain, request the SSL certificate from Let’s Encrypt, install the certificate in IIS, and bind it to the specified site.

Congratulations, you’ve successfully installed an SSL certificate for your site instance and all its bindings in IIS using Win-ACME. The process is automated, simple, and requires very little manual intervention.

10. Setup Email Notifications

Additionally, you can also configure WinAcme to send you email notifications when there is a failed renewal. This can be done by editing the settings.json file in the following path:

C:\tools\win-acme

You can find all the configurable settings in the WinAcme settings.json in the following documentation from WinAcme:

You can find the notification settings if you scroll down on that page and it will let you know what options you have available to configure.

xByte’s Role in Supporting Win-ACME

Regarding the WinAcme application, our support scope for complimentary third-party software includes the initial installation on the server and aid in the installation of some SSL certificates. Post-installation management of the software falls under the purview of the account owner.

For any SSL certificates acquired through xByte, please be assured that our team will manage their renewal and installation on your server.