Whenever we are faced with the task of configuring SSL/HTTPS in IIS (Internet Information Services) we realize that it is not the most user-friendly task.
For the purposes of this article, we’ll assume we already have a certificate installed.
According to IIS documentation, we need about twelve clicks and some luck on our side (as something usually fails) to configure SSL/HTTPS in IIS correctly.
If we want to obtain a valid certificate or manage its life cycle (renew it before it expires) automatically, we can use this excellent tool https://certifytheweb.com/. It will automatically generate a certificate in letsencrypt.org and will download, install, and register it with our website/service in IIS or renew the certificate if necessary, without any manual intervention.
Setting up SSL/HTTPS with this tool is super simple. Once we have downloaded and installed the tool we encounter this screen:
To configure a new website or service, we simply click on the “New Certificate” button:
Then, we must choose a name for the certificate, select the website, and specify the domain or domains we want to apply it to. Finally, we click on “Request Certificate” and we will get this screen:
And that’s it! A task that used to be complicated and gave us quite a headache is now as simple as a couple of clicks, and we don’t even have to worry about updating the certificates.
This tool allows us to perform this task in a fraction of the time it would take us by hand, while also avoiding human errors during configuration.
Now the question is… Are both the tool and the certificates ready? The short answer is YES. The long answer, according to LetsEncrypt documentation, is YES, BUT we need to be aware of this:
- Let’s Encrypt doesn’t issue “EV” certificates – i.e., certificates that give you a big green bar in web browsers (you can see these e.g., Bank of America – Banking, Credit Cards, Mortgages and Auto Loans )
- Let’s Encrypt certificates are strictly for server and client authentication – i.e. not email signing or data encryption. It’s suitable for web, email, ssh, and servers. We have written up a list of all the restrictions at Letsencrypt numbers to know.
- Let’s Encrypt can only be used for internet-facing servers as it verifies the domain names you want to have in your certificates by connecting to them from outside (or via your DNS records).
- Let’s Encrypt certificates are valid for 3 months only so it’s definitely worth automating renewals, (we already covered this in the article with Certify The Web).