Articles by Upendo Ventures

We "Upendo" to Write for You!

Our team loves to share our thoughts, research, experiences here in our blog. Please enjoy our articles and leave a comment to let us know what you think.

Securing Your Non-Azure Website Using Let’s Encrypt

Securing Your Website Using Let's Encrypt

If you’re in the developer community, and especially if you’re using or near any Azure conversations, you’ll continuously hear someone suggest Let’s Encrypt when it comes to securing your domain name.  You know, that thing you do to allow your website to use the HTTPS protocol to get that lock in front of it in the web browser.  I’ve tended to use NameCheap.com these days.  They’re cheap like their name suggests, and they’re super easier to use.  However, things just got even easier.

One of the primary reasons people have gravitated towards using Let’s Encrypt is that it’s free.  That’s amazing and even sounds too good to be true!  It almost is, because you have to update your SSL certificate quite regularly.  In their FAQs, they state that the SSL certificate will expire every 90 days and recommend renewing every 60 days.  If you run one website, that’s not a huge hassle, but it’s still time that you may not want to spend.  Luckily, there have been automated renewal options built so you don’t have to.

If you’re on your own Windows server, you’ll need to do something on your own to automate this, unless it's built into your web host's website control panel.  At least, so I thought.  Luckily, there is a hero out there named Wouter Tinus who created PKISharp.  One of the PKISharp open source projects is called Windows ACME Simple, or WACS, for short.  This is an open source tool that makes it super simple to connect to, issue, and automatically renew your SSL certificate using Let’s Encrypt.  Oh, and here’s the best part… It also installs the certificate and configures IIS for you too! 

Yep.  You read that correctly.  Now, go clean up that coffee you just spit out, and ask your IT group for a new keyboard. 

Download WACS

First, you’ll need to download the tool in order to use it.  Scroll down and download the installation package that is named win-acme.vX.X.XXX.zip.  Just replace the X’s with the version number.  At the time of this writing, that would be version win-acme.v2.0.7.315.zip.  (Note that there isn’t anything else in the file name, such as Azure.  See the image below.)

Let's Encrypt Windows Installation Package

Download Windows Acme Simple Now

Install WACS

Installation is super simple.  There is none.  What you’ve downloaded is simply a ZIP file.  All you need to do is extract that to a working folder.  Do this on the computer that the website is running on, such as your web server.  In my case, I have a Web folder and in it I created a folder called _Tools.  I created another folder there named win-acme and extracted everything there.  Do remember where you put it.  You’ll need to know that in a moment.

Running WACS to Get Your SSL Certificate

Now that everything is in place, you’ll need to open a command prompt.  I opened mine with administrator rights, because what was about to happen definitely would seem to require that, but I never tested this without running the command prompt as an administrator.  Have you?

Anyhow…

Change directory in the command prompt to where you extracted the win-acme files.  Once in that folder, type in the wacs.exe command and hit enter.  You’ll be shown the information in the screenshot below. (Click to enlarge.)

Run wacs.exe

You’ll be asked what you want to do.  In this case, choose N and hit to move to the next step.

Now, you can do a bunch of websites all at once, but let’s keep this simple for now.  Choose either option 1 or 2 to bind to a single website.  I used 2 in my case, then hit to proceed.  You can see my progress in the image below.  (Click to enlarge.)

Choose binding option

Now you’ll be shown a listing of all of the websites on the server/computer this prompt is running.  Choose the number that matches the name of the website in IIS and hit again to continue.

Choose domain(s) to secure

At this point in time, all of the magic will begin to happen.  Just sit back with your popcorn and watch.  (Actually, it happens too fast to truly enjoy your popcorn, so I’d instead advise to enjoy it during a sip of your favorite desk beverage.)

WACS requests and installs your SSL certificate

What’s amazing is that this tool not only requested and installed a SSL certificate successfully, but it also updated IIS with the requisite bindings!

IIS bindings updated

In our case, since this is a DNN website, now all I needed to do is configure DNN to recognize and properly use the new domain name (if necessary), and then test and enforce SSL across all requests.

On a side note, if you’re using a control panel or firewall of some kind and it supports enforcing the non-secure requests to SSL, I’d still recommend doing this in DNN too.  You never know if that firewall might fail or if/when the website moves, whether or not the new location supports this.  Doing this in DNN too is only a few minutes of work, for the peace of mind of you and the other website stakeholders.

Summary

Just in case you weren’t paying attention, here’s how easy this was…

I downloaded the ZIP file and extracted it on the computer that’s hosting the website. 

I don’t think it really counts as code, but I wrote two lines of code to navigate to the folder and then choose from the options presented to me.  Once I was done selecting from the options provided, the certificate was requested, accepted, installed, and even IIS was updated.  Pretty sweet, right?

Yes, it was THAT simple.  In only THREE steps, I was able to secure an existing website in a dedicated/virtual server environment.  I recommend you give this a try the next time one of your domain name renewals come up.  If I were a betting man, I’d guess you’d not use any other SSL moving forward (depending on the website in question.

Contact Us
Let's Chat!

We'd love to work with you. Let's talk about how.

Contact Us


About the Author

Will StrohlFounder & CEO
Upendo Ventures
Overall, Will has nearly 20 years of experience helping website owners become more successful in all areas, including mentoring, website development, marketing, strategy, e-commerce, and more.

blog comments powered by Disqus

Newsletter

Loading

About Our Company

We are a values-based company who provides technical and leadership services in a wide variety of areas. Contact us to learn how we can help you.

Get In Touch

  • Email: [email protected]

  • Phone: (650) 381-9160

  • Address: 548 Market St. #65401
    San Francisco, CA 94104