ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
    • Domain Name Management
    • SafeDNS
    • SSL Certificates
      • Purchasing and Renewing
      • Generating A CSR (Certificate Sigining Request)
      • Validating your Certificate
      • ANS SSL Types
      • Self Signed Certificates
      • Using Server Name Indication (SNI)
      • Extended Validation Certificates
      • Generating a PFX file
      • Let’s Encrypt
    • Reverse DNS Records
  • Backup and High Availability
  • eCommerce Stacks
  • Security
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Domains and DNS management >
  • SSL Certificates >
  • Let’s Encrypt >
  • Using Let's Encrypt on Windows

How to use Let’s Encrypt on Windows¶

Windows operating systems have a number of ACME clients available. Here are a couple that clients have found to be simple to use and feature rich.

Certify the Web¶

Certify the Web is one of the most popular Let's Encrypt services available on Windows currently. This offers features such as;

  • Automatic renewal

  • IIS Integration

  • Option to integrate alternative ACME certificate authorities

One downside to this product is that it does only offer a few certificates for free before requiring you to purchase an upgrade key.

For a complete guide on how to install this client and start issuing Let's Encrypt certificates, please see the following guide;

Certify the Web - Docs

Win-ACME¶

Win-ACME is a popular command line alternative for issuing and maintaining Let's Encrypt certificates. This offers the following features;

  • IIS Integration

  • A simple command line interface

  • Support for alternative web servers, such as Apache

  • Automatic renewal via an integrated scheduled task

For a complete guide on how to install and use this client, please see the following official documentation

Win-ACME - Docs

Posh-ACME¶

For PowerShell users, we recommend using Posh-ACME for your Let's Encrypt needs. This offers a feature set similar to certbot, and can be incorporated into environments that use APIs for DNS Challenges and automated certificate renewal.

Installation¶

To install this client, first open your PowerShell terminal and run the following, replacing youruser for the system user in question.

Install-Module -Name Posh-ACME -Scope youruser

If you have elevated privileges and wish for this to be available for all system users, use the following syntax

Install-Module -Name Posh-ACME -Scope AllUsers

Once installed, you will need to import the module

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
Import-Module Posh-ACME

Issuing a certificate¶

To issue a certificate for your chosen domain, run the following command, adjusting as per your specific requirements.

New-PACertificate yourdomain.com -AcceptTOS  -Contact admin@yourdomain.com

This will default to using the Manual plugin, and prompt you to create a TXT record for the DNS-01 challenge. Please be aware of your chosen DNS provider’s DNS propagation time.

Using a DNS Plugin¶

Please see the list of Available Posh-ACME DNS Plugins for a full list of available DNS Plugins for use with this software.

As an example, to use this with Route53, please see the following usage guide, which falls outside the scope of this article.

Route53 Posh-ACME Guide

Next Article > Let’s Encrypt Revocation of TLS-ALPN-01 Validated Certificates

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ