Skip to main content
Version: 7.0

Issuing trusted certificate with win-acme (Let’s Encrypt)

Overview

This article provides an example of configuring and issuing a trusted public certificate using win-acme (Let’s Encrypt) on Windows Server.

Preparing IIS

Open — Server ManagerToolsIIS Manager:

Open IIS Manager

Navigate to the Passwork website:

Open the Passwork website

In the right panel ActionsBindings... edit the HTTP protocol binding, specify in Host name: the domain or subdomain that will be used for connections to the Passwork web interface:

Set the assigned domain for Windows Server

Configuring and issuing trusted certificate

Obtaining and running Win-acme

Open PowerShell as “Administrator”:

Using the Start context menu
  1. Right-click the Start icon in the lower-left corner of the screen.
  2. Select “Windows PowerShell (Administrator)” from the context menu.
Using the Start menu
  1. Left-click the Start icon in the lower-left corner of the screen.
  2. Type powershell
  3. Open PowerShell as “Administrator” by pressing Ctrl + Shift + Enter
danger

When using Windows Server 2016, you need to enable the TLS 1.2 security protocol with the following command:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Download the archive — win-acme.v2.2.9.1701.x64.pluggable.zip to the current working directory of the shell:

if (-not (Test-Path "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip")) {
(New-Object System.Net.WebClient).DownloadFile(
"https://github.com/win-acme/win-acme/releases/download/v2.2.9.1701/win-acme.v2.2.9.1701.x64.pluggable.zip",
"$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip"
)
Write-Host "Archive successfully downloaded"
} else {
Write-Host "Archive already downloaded"
}

Extract the contents into a separate directory — win-acme:

Expand-Archive `
-Path "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip" `
-DestinationPath "$pwd\win-acme\"

Run wacs.exe to issue the trusted certificate:

try {
Start-Process `
-FilePath "$pwd\win-acme\wacs.exe" `
}
catch {
Write-Host "Application launch failed with error: $_" -ForegroundColor Red
}

Issuing certificate

After opening wacs.exe in CMD.exe:

  • Create a certificate:
Select create certificate
  • Select the Passwork website:
Select the Passwork website
  • Use a single binding for the website:
Select single binding
  • Confirm actions, accept the terms of use, and provide an email for notifications:
Accept terms and enter email address
  • After completing these steps, a trusted certificate will be issued for the Passwork website, which will be available on port 443:
Example of obtaining an SSL certificate for the Passwork website

As a result, Passwork will be accessible via HTTPS protocol using a certificate from Let’s Encrypt.