Issue a trusted win-acme certificate (Let's Encrypt)

11min
Description
This article provides an example of how to configure and issue a trusted public certificate using win-acme (Let's Encrypt) in Windows Server.
IIS preparation
Open — "Server Manager" → "Tools" → "Internet Information Services (IIS) Manager":
﻿
Go to the website with Passwork:
﻿
In the right panel "Actions" → "Bindings" edit the HTTP connection protocol, specify in "Hostname:" the domain or subdomain to be used for connections to the Passwork web interface:
﻿
Configure and issue a trusted certificate
Getting and running win-acme
Open PowerShell as "Administrator":
Right-click on the Start icon in the lower left corner of the screen.
Select "Windows PowerShell (Administrator)" from the context menu.
Left-click on the Start icon in the lower left corner of the screen.
Write powershell
Open PowerShell as "Administrator" with the combination — Ctrl + Shift + Enter
When using Windows Server 2016, you must enable the TLS 1.2 security protocol using the command:
PowerShell
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
﻿
Get the archive — win-acme.v2.2.9.1701.x64.pluggable.zip into the working directory of the user shell:
PowerShell
if (-not (Test-Path "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip")) {
    (New-Object System.Net.WebClient).DownloadFile(
        "https://github.com/win-acme/win-acme/releases/download/v2.2.9.1701/win-acme.v2.2.9.1701.x64.pluggable.zip", 
        "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip"
    )
    Write-Host "Archive successfully retrieved"
} else {
    Write-Host "The archive has already been received"
}
if (-not (Test-Path "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip")) {
    (New-Object System.Net.WebClient).DownloadFile(
        "https://github.com/win-acme/win-acme/releases/download/v2.2.9.1701/win-acme.v2.2.9.1701.x64.pluggable.zip", 
        "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip"
    )
    Write-Host "Archive successfully retrieved"
} else {
    Write-Host "The archive has already been received"
}
﻿
Unzip the contents into a separate directory — win-acme:
PowerShell
Expand-Archive `
    -Path "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip" `
    -DestinationPath "$pwd\win-acme\"
Expand-Archive `
    -Path "$pwd\win-acme.v2.2.9.1701.x64.pluggable.zip" `
    -DestinationPath "$pwd\win-acme\"
﻿
Run wacs.exe to issue a trusted certificate:
PowerShell
try {
    Start-Process `
        -FilePath "$pwd\win-acme\wacs.exe" `
    }
catch {
    Write-Host "Running the application ended with an error: $_" -ForegroundColor Red
}
try {
    Start-Process `
        -FilePath "$pwd\win-acme\wacs.exe" `
    }
catch {
    Write-Host "Running the application ended with an error: $_" -ForegroundColor Red
}
﻿
Issuing a Certificate
After opening wacs.exe in CMD.exe:
Create certificate:
﻿
Passwork website:
﻿
Use a single binding for the website:
﻿
Confirm actions, accept the terms of use and provide an email address for notifications:
﻿
After you complete these steps, a trusted certificate for the Passwork website will be issued and will be available on port 443:
﻿
﻿
Updated 21 Jan 2025
Did this page help you?
Online installation
Offline installation