Here's what I needed to do to get the LetsEncrypt client working on IIS (8.5)
Manually create the well-known folder which is required for Lets-Encyrpt to validate your domain. Create this in the root of your site - e.g. C:\inetpub\wwwroot\.well-known
(apparently you should create the folder with a trailing '.', e.g. .well-known. – windows will then remove last period)
Add web.config file to the .well-known folder with the following content, this ensures that the page is served correctly as static content and isn't run as a script, it also ensures that this particular folder isn't trying to use any form of Windows authentication :
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <staticContent> <mimeMap fileExtension=".*" mimeType="text/plain" /> <mimeMap fileExtension="." mimeType="text/plain" /> </staticContent> <handlers> <clear /> <add name="StaticFile" path="*" verb="*" type="" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" scriptProcessor="" resourceType="Either" requireAccess="Read" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" /> </handlers> <security> <authentication> <anonymousAuthentication enabled="true" /> <windowsAuthentication enabled="false" /> </authentication> </security> </system.webServer> </configuration>
- Run [LetsEncrypt Windows client](https://github.com/Lone-Coder/letsencrypt-win-simple/releases) (my version is letsencrypt-win-simple.V22.214.171.124). When running I chose manual set up (item 4 on menu) and entered my domain name (so for here that would be www.chipshop.co) and directory path (c:\inetpub\wwwroot), the client should be able to validate your domain and issue your certificate.
- You will now need to sort out the bindings if you weren't using SSL before this - open IIS Manager, click on your site from the list and select **Bindings...** on the right. Add https on Port 443, if you only have one site leave the rest blank and click OK. Best to leave http/Port 80 running and use URL Redirect to redirect users to the SSL version.
- You will also need to choose the certificate that was created, I think this is done by clicking your server name in IIS Manager and going to Server Certificates.
- The certificate will last 3 months and the Let-Encrypt client should auto-renew, I'm not sure how automated this will be - on linux automated renewal works pretty seemlessly)