How to Install Lets Encrypt Certificates on IIS with Autorenew

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

g'day guys it's jake here today i'm going to be showing you how to use the win acme client so the acme v2 client for windows to automatically install and update ssl certificates using let's encrypt so if you don't know what let's encrypt is let's encrypt is a free open source non-profit ssl certificate authority so basically what they do is they allow you to download and publish 90 days certificates and just automatically renew them so it works pretty well keeps things encrypted using ssl so https so at the moment basically what i've got here is i've got an ios server and at the moment it's just running on port 80. you can see here my local host is running on port 80. i've got test dot here's jaken.com routed to this server so basically test.here is jaken.com we'll go to this server at the moment it won't because i haven't configured it but from external to this server it will go to this server i've got the ports folded so for this to work you will need port 80 and port 443 folded through to your server so what we can do here first thing we need to do is we need to add a binding for port 443 which is what ssl which is what https runs on so if we go to bindings what i'll do here is we'll go https we'll just grab the default certificate out of here and we'll go test.here's jacon.com and you can see here it's running on port 443 it's allocated to my default website so if i now refresh this you can see at the moment your connection is not private and i can proceed there and i can see at the moment i've got an ssl certificate that is invalid so you can see here it's invalid it's not working for test.here's jaken.com so what you want to do to run the win acme is you just want to download it so you just go to this download page which the links will be in the description and basically it downloads this win acme client here now a best practice is to move it out of your downloads folder so if we actually extract this we'll extract the software and you can see here it's in my downloads folder now it's best practice to move this out of your downloads folder because it is going to make a scheduled task to automatically renew the ssl certificate and it will automatically put that to wherever you run it from so what i'm going to do is i'm just going to make a new folder here called acme we'll call it win me and i will paste this folder in there so installing it's quite simple you just run the application and then it gives you the options so if you want to create a certificate using the default settings we just hit n site identifiers and if you click you could type in one here if you had multiple sites you can just hit enter to choose all which we're just going to choose all and then you can pick your bindings based on the search pattern but basically we're just going to do all of them and you can see here it's found test.here's jaken.com which is what we actually set in ios here on the binding so that figures it out because we've added the binding here and put in the host name if you didn't put in the host name it wouldn't figure that out so make sure you put in the hostname for what you're going to be running your website on and then you continue which we say yes and do you agree with the terms yes enter notification emails i'm just going to use jake at here's jaken.com so that's email it's going to send any notifications if there's problems with it what it's going to do is it's going to validate using http which is running on this server so because we have it running on the same server we can actually just have it automatically verify so what should happen now is if i cancel out of here and we go back into the bindings this should have just set it up for us we go edit you can see here my certificate has changed so if i renew this web page bang there we go so you can see here my certificate is valid it's issued to test dot here's jaken.com and for the auto renew it does automatically create a scheduled task which we can find in the task scheduler that will run at 9am every day what this task does is it runs this command here so if you want you can change it or you can make it manually run however you want to run it but that's basically this this task will run every day what it will do is it will check it will check to see if the certificate needs renewing and then if it does it will renew so i'll show you what it actually does because we can actually run this in command prompt and you will see so if i copy this here and open a command prompt we'll paste that in there and then paste these arguments afterwards so this is just manually running that scheduled task uh so it's saying that it's already running so it won't run while it is running so if i do q for quit we'll hit enter and let's run that command again you can see here it goes the scheduled task looks healthy the renewal for the site is due after there so when it is due it will automatically renew so anyway guys don't forget to like and subscribe to see more this is a pretty good solution seems to work pretty well if you have any questions just leave them down in the comments below and i'll see you next time

Info

Channel: HERESJAKEN

Views: 42,024

Rating: undefined out of 5

Keywords: lets encrypt, free ssl, windows, iis, letsencrypt, https, ssl, certbot, ssl certificate, free, certificate, free ssl certificate, ssl for free, lets encrypt iis, lets encrypt autorenew

Id: vbk5kUT7GeY

Channel Id: undefined

Length: 6min 53sec (413 seconds)

Published: Wed Dec 09 2020