Skip to content
ONeil's Lab
ONeil's Lab
  • Home
  • About Me
  • Helpful Readings
  • Gitlab

SSL on IIS 8.5 Web Server using Let’s Encrypt

December 26, 2018August 19, 2019 AONeil

I am currently working on setting up my website (austinoneil.com) to be SSL encrypted. The webserver is currently setup with Microsoft IIS and is not currently configured to be SSL secure. Today, we shall change this.

Lets talk about Let’s Encrypt. Let’s Encrypt is doing some amazing things for the security of webservers. They make it easily available for people to create certificates for their webservers for free instead of shelling out money for a certificate. With that being said, the lifetime of the certificate is much shorter than a verisign or a globalsign cert and you will have to renew it, or setup auto renew on the certificate so it does not expire.

However, IIS and Lets Encrypt don’t get along well. We will need to download a program to interface with Lets Encrypt.

  1. Go to https://github.com/PKISharp/win-acme/releases and download the latest version.
  2. Copy content to the desktop in a folder.
  3. Start “wacs” as administrator
  4. Type “N” to create a new certificate
  5. Select your type of certificate, typically I would select option 2 here.
  6. Follow the remaining steps, It will then try to create an SSL certificate for your site.
  7. If done correctly, your site should now be browsable at https://(website.address)
  8. Just to be on the safe side, I would go back to the main menu and press T to recreate the scheduled task to renew the certificate.

At this time your website is viewable on HTTPS but if you would like to have IIS automatically show the HTTPS version of your site, you need to do some more configurations.

  1. Open IIS and go to your site.
  2. Open URL Rewrite module
  3. On the right sidebar, hit Add Rule(s)…
  4. Select blank rule and name the rule.
  5. For the condition under Input put “{HTTPS}” Matches the pattern “^OFF$”
  6. Under action, select redirect as the action type and under redirect URL: “https://{HTTP_HOST}/{R:1}”
  7. Under redirect type, Use “Found (302”
  8. See the screenshot below for my configuration. If you’re still having problems, please see Microsoft’s Technet Blog post.
Posted in Networking, Security, Tutorial

Post navigation

Grafana on Ubuntu Server 18.04 | InfluxDB / Telegraf
Domain Password Spray by Dafthack

Welcome to my corner of the internet.

This blog is my dedicated space to post about network security, homelab stuff, CNC / 3D Printer work, and various other projects I undergo. Feel free to contact me via one of the social icons on the "about me" page.

Categories

  • 3D Printing (1)
  • Homelab (3)
  • Misc (4)
  • MPCNC (3)
  • Networking (3)
  • Powershell (1)
  • Projects (2)
  • Security (4)
  • Storage (1)
  • Tutorial (3)
  • Uncategorized (1)

Archives

© 2021 ONeil's Lab