Officially Certbot is now available for windows too. It is not that much complicated, but you have to be careful while doing this on a live server.
This would require administrative privileges.
Specific Windows system requirements and user knowledge requirements
- Basic knowledge of the command-line interface (CLI) is required because Certbot is purely based on the CLI program.
- The user account must have administrative privileges to install and run the Certbot utility.
- use PowerShell instead of Command prompt (CMD) with elevated privileges before invoking Certbot utility.
- Default Path C:\Certbot must be writable by the current user.
- Certbot for Windows is currently unable to automatically renew wildcard certificates.
- The Apache and Nginx plugins will be available soon and a plugin to install certificates into IIS is under development, but you can install the certificates manually.
Installation instructions (Standalone Method for IIS)
- Connect locally or remotely (using Remote Desktop) to the server using an account with having administrative privileges for this machine.
- Install Certbot utility.
- Download the latest version using the below link for Certbot https://dl.eff.org/certbot-beta-installer-win32.exe.
- This will install Certbot to a default directory, C:\Program Files(x86), that can be customized.)
- To start a shell for Certbot, locate Powershell and right-click on that, and open as “Run as administrator”
In order to run Certbot with the standalone method, First Stop your webserver, then run the below command from a specified location to get a certificate. Certbot will temporarily spin up a webserver on your machine.
C:\Program Files (x86)\Certbot> certbot certonly –standalone
Your certificates for domains will be downloaded at this location C:\Certbot\live
Note: Exit from PowerShell now and start the IIS server again.
Install your certificate in IIS
Go to the above location you will find certificates are downloaded in .pem format but are symlinked to location i.e. C:\Certbot\archive\example.com
And in IIS support .pfx file format while importing.
So, now you have to club cert, key, and chain file to form a .pfx file using commands or using the below online tool.
Save the PFX file generated and import it to the IIS server
It will be listed here now.
Now set the Imported certificate with domain.
Confirm that Certbot worked
To confirm that your site is set up properly, visit https://example.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.