Install or renew an SSL certificate on Windows/IIS (Certbot)
- Download https://dl.eff.org/certbot-beta-installer-win32.exe
- Install the file
- Make sure IIS has all required sites (the ones requiring SSL) set up and with proper ssl host headers (using appcmd)
- Make note of all required urls and place them into a text file, separated by spaces
- Stop the World Wide Web Publishing Service
- Open Command prompt as admin
- cd C:\Program Files (x86)\Certbot\bin
- Run certbot certonly –standalone
- If you are renewing and not adding new urls (or creating the whole certificate anew) run certbot renew
- Follow the guidelines/prompts
- When asked to enter the domain names, copy and paste the text file content from above
- Find the saved cert and private key (usually in C:\Certbot\archive)
- cd to the above folder
- Make sure you have openssl installed. On Windows it comes with Git.
- Use openssl to convert it to *.pfx (including the quotes; replace the below path with the actual one you found above)
- “C:\Program Files\Git\usr\bin\openssl.exe” pkcs12 -export -out *.pfx -inkey *.key -in *.crt
- Start the World Wide Web Publishing Service
- Open IIS manager
- Find Server Certificates
- Import the pfx
- Go to Default web site/Bindings
- Find the https(443) binding and edit
- Change the certificate to the one you’ve imported