SSL on IIS 8.5 Web Server using Let’s Encrypt

I am currently working on setting up my website (austinoneil.com) to be SSL encrypted. The webserver is currently setup with Microsoft IIS and is not currently configured to be SSL secure. Today, we shall change this.

Lets talk about Let’s Encrypt. Let’s Encrypt is doing some amazing things for the security of webservers. They make it easily available for people to create certificates for their webservers for free instead of shelling out money for a certificate. With that being said, the lifetime of the certificate is much shorter than a verisign or a globalsign cert and you will have to renew it, or setup auto renew on the certificate so it does not expire.

However, IIS and Lets Encrypt don’t get along well. We will need to download a program to interface with Lets Encrypt.

  1. Go to https://github.com/PKISharp/win-acme/releases and download the latest version.
  2. Copy content to the desktop in a folder.
  3. Start “wacs” as administrator
  4. Type “N” to create a new certificate
  5. Select your type of certificate, typically I would select option 2 here.
  6. Follow the remaining steps, It will then try to create an SSL certificate for your site.
  7. If done correctly, your site should now be browsable at https://(website.address)
  8. Just to be on the safe side, I would go back to the main menu and press T to recreate the scheduled task to renew the certificate.

At this time your website is viewable on HTTPS but if you would like to have IIS automatically show the HTTPS version of your site, you need to do some more configurations.

  1. Open IIS and go to your site.
  2. Open URL Rewrite module
  3. On the right sidebar, hit Add Rule(s)…
  4. Select blank rule and name the rule.
  5. For the condition under Input put “{HTTPS}” Matches the pattern “^OFF$”
  6. Under action, select redirect as the action type and under redirect URL: “https://{HTTP_HOST}/{R:1}”
  7. Under redirect type, Use “Found (302”
  8. See the screenshot below for my configuration. If you’re still having problems, please see Microsoft’s Technet Blog post.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *