One of the primary reasons people have gravitated towards using Let’s Encrypt is that it’s free. That’s amazing and even sounds too
good to be true! It almost is, because you have to update your SSL certificate quite
regularly. In their FAQs, they state that the SSL certificate will expire every 90 days and
recommend renewing every 60 days. If you run one website, that’s not a huge hassle, but it’s
still time that you may not want to spend. Luckily, there have been automated renewal options
built so you don’t have to.
If you’re on your own Windows server, you’ll need to do something on your own to automate this, unless it's built into your web host's website control panel. At least, so I thought. Luckily, there is a hero out there named Wouter Tinus who created PKISharp. One
of the PKISharp open source projects is called Windows ACME Simple, or WACS, for short. This is an open source tool
that makes it super simple to connect to, issue, and automatically renew your SSL certificate using
Let’s Encrypt. Oh, and here’s the best part… It also installs the certificate and configures
IIS for you too!
Yep. You read that correctly. Now, go clean up that coffee you just spit out, and ask
your IT group for a new keyboard.
First, you’ll need to download the tool in order to use it. Scroll down and download the
installation package that is named win-acme.vX.X.XXX.zip. Just replace the X’s with
the version number. At the time of this writing, that would be version
win-acme.v184.108.40.2065.zip. (Note that there isn’t anything else in the file name, such
as Azure. See the image below.)
Download Windows Acme
Installation is super simple. There is none. What you’ve downloaded is simply a ZIP
file. All you need to do is extract that to a working folder. Do this on the computer
that the website is running on, such as your web server. In my case, I have a Web
folder and in it I created a folder called _Tools. I created another folder there
named win-acme and extracted everything there. Do remember where you put it. You’ll need to know that in a moment.
Running WACS to Get Your SSL Certificate
Now that everything is in place, you’ll need to open a command prompt. I opened mine with
administrator rights, because what was about to happen definitely would seem to require that, but I
never tested this without running the command prompt as an administrator. Have you?
Change directory in the command prompt to where you extracted the win-acme files. Once
in that folder, type in the wacs.exe command and hit enter. You’ll be shown the
information in the screenshot below. (Click to enlarge.)
You’ll be asked what you want to do. In this case, choose N and hit
to move to the next step.
Now, you can do a bunch of websites all at once, but let’s keep this simple for now. Choose
either option 1 or 2 to bind to a single website. I used 2 in my
case, then hit to proceed. You can see my progress in the image
below. (Click to enlarge.)
Now you’ll be shown a listing of all of the websites on the server/computer this prompt is
running. Choose the number that matches the name of the website in IIS and hit
again to continue.
At this point in time, all of the magic will begin to happen. Just sit back with your popcorn
and watch. (Actually, it happens too fast to truly enjoy your popcorn, so I’d instead advise
to enjoy it during a sip of your favorite desk beverage.)
What’s amazing is that this tool not only requested and installed a SSL certificate successfully, but
it also updated IIS with the requisite bindings!
In our case, since this is a DNN website, now all I needed to do is configure DNN to recognize and
properly use the new domain name (if necessary), and then test and enforce SSL across all requests.
On a side note, if you’re using a control panel or firewall of some kind and it supports enforcing
the non-secure requests to SSL, I’d still recommend doing this in DNN too. You never know if
that firewall might fail or if/when the website moves, whether or not the new location supports
this. Doing this in DNN too is only a few minutes of work, for the peace of mind of you and
the other website stakeholders.
Just in case you weren’t paying attention, here’s how easy this was…
I downloaded the ZIP file and extracted it on the computer that’s hosting the website.
I don’t think it really counts as code, but I wrote two lines of code to navigate to the folder and
then choose from the options presented to me. Once I was done selecting from the options
provided, the certificate was requested, accepted, installed, and even IIS was updated. Pretty
Yes, it was THAT simple. In only THREE steps, I was able to secure an existing website in a
dedicated/virtual server environment. I recommend you give this a try the next time one of
your domain name renewals come up. If I were a betting man, I’d guess you’d not use any other
SSL moving forward (depending on the website in question.