Domains
Hosting
cPanel Hosting Plesk Hosting cPanel Reseller Plesk Reseller WordPress Hosting WooCommerce Hosting
Servers
VPS Server Windows VPS Dedicated Servers

How to Install a Let’s Encrypt SSL/TLS Certificate on Windows Server 2019 with Internet Information Services (IIS)

Securing your web applications with HTTPS is essential for protecting data in transit and improving user trust. This article explains how to install a free Let's Encrypt SSL/TLS certificate on Windows Server using Internet Information Services (IIS).

In this article, you’ll use the Win-Acme client to request and apply a certificate, bind it in IIS, and enable automatic HTTPS redirection. Optional instructions for Certbot and manual .pfx conversion are also included for advanced use cases.

Install IIS

IIS is a built-in feature on Windows Server that can be enabled using Server Manager.

  1. Open Server Manager from the Start menu.
  2. Click Add Roles and Features.
  3. Choose Role-based or feature-based installation, then select your server.
  4. On the Server Roles screen, check Web Server (IIS).
  5. Add any additional features you need, then click Install.
  6. After installation, test the setup by visiting your public server IP in a browser:

http://YOUR-SERVER-IP

You should see the default IIS welcome page.

Create A Simple Web Application

To verify that IIS is serving content correctly, create a basic HTML application:

Open File Explorer and create a folder for your website.

Press Win + R, type Notepad, and press Enter.

Paste the following HTML code into Notepad:

<html>
 <head>
   <title>Hello World</title>
 </head>
 <body>
   <h1>Hello World!</h1>
 </body>
</html>

Save the file as index.html in the folder you just created.

Next, you’ll add this directory as a site in IIS and map it to your domain.

Set Up An IIS Site with Your Domain

After creating your web files, configure a new IIS site that maps your domain to the correct folder.

Open IIS Manager from the Start Menu under Windows Administrative Tools.

In the Connections pane, expand your server name and right-click Sites, then select Add Website.

In the Add Website window, configure the following:

  • Site name: Enter a name to identify the site internally (e.g., example.com).
  • Physical path: Click ... and select the folder you created earlier.
  • Binding:
    • Type: Select http.
    • IP address: Leave as All Unassigned unless you're using a dedicated IP.
    • Port: Use 80.
    • Hostname: Enter your domain name (e.g., example.com).

Click OK to create and start the site.

To verify the setup, open a browser and navigate to:

http://example.com

You should see the "Hello World" page you created earlier.

Request And Install A Let's Encrypt Certificate

You can install a free SSL/TLS certificate from Let's Encrypt using one of two tools:

  • Win-acme: Recommended for most users; installs directly into IIS and automates renewal.
  • Certbot: More advanced; offers flexible control and cross-platform support.

Review both methods below and choose the one that best suits your workflow.

Use Win-acme (Recommended)

Win-acme is a lightweight Let's Encrypt client that installs certificates directly into the IIS certificate store and configures HTTPS bindings automatically.

  1. Download the latest Win-acme zip archive.
  2. Extract the contents and run wacs.exe as Administrator.
  3. Click More info > Run anyway if SmartScreen appears.
  4. When prompted, press N to create a new certificate.
  5. Choose the site from the list that matches your IIS domain.
  6. Press A to apply the certificate to all bindings.
  7. Accept all defaults (Y to continue, open in IIS, agree to Let's Encrypt terms).
  8. Enter your email address when prompted.

Win-acme automatically:

  • Request the certificate
  • Stores it in the Windows certificate store
  • Binds it to your IIS website
  • Sets up automatic renewal

Once complete, visit https://example.com in a browser to verify HTTPS is active.

Redirect HTTP Requests to HTTPS

Use the IIS URL Rewrite module to automatically redirect all HTTP traffic to HTTPS.

Install The URL Rewrite Module

  1. Download the URL Rewrite module.
  2. Run the installer and complete the setup.
  3. Open IIS Manager, click your server name, and confirm that URL Rewrite is available in Features View.

Create A Redirect Rule In IIS

In IIS Manager, expand your server and select your site under Sites.

Double-click URL Rewrite.

In the Actions pane, click Add Rules.

Under Inbound Rules, select Blank rule and click OK.

Name your rule (e.g., Redirect to HTTPS).

Keep Requested URL as Matches the Pattern, Using Regular Expressions.

Set the Pattern to:

(.*)

Uncheck Ignore case.

Add A Condition

Expand Conditions and click Add.

Set Condition input to:

{HTTPS}

Leave: Check if the input string Matches the Pattern.

Set Pattern to:

^OFF$

Click OK.

Define Redirect Action

Scroll to Action settings and configure:

Action type: Redirect

Redirect URL:

https://{HTTP_HOST}{REQUEST_URI}

Uncheck Append query string

Set Redirect type to Permanent (301)

Click Apply in the Actions pane.

Test The Redirect

Open your browser and visit:

http://example.com

You should be redirected to the HTTPS version automatically.

Conclusion

In this article, you learned how to secure a website hosted on Internet Information Services (IIS) with a free Let's Encrypt SSL/TLS Certificate on Windows Server. You set up IIS, deployed a basic web application, installed the certificate using Certbot or win-acme, configured HTTPS bindings, and redirected HTTP traffic to HTTPS.

With SSL properly configured, your server is now ready for secure web hosting.

We use cookies to personalize your experience. By continuing to visit this website you agree to our use of cookies

More