In this tutorial, I will explain how to generate a Let’s Encrypt certificate in PFX and then import it on another IIS server, in Exchange or on an RDS gateway.
In the tutorial: Installing a Let’s Encrypt certificate on IIS, I explain how to generate a Let’s Encrypt certificate with IIS. This article is produced with a version 1.9 of WACS, which allows the export in PFX of the certificate after generation.
Since version 2.X of WACS is out and no longer allows the export of the private key if we pass the method explained,.
Using Let’s Encrypt services for the generation of certification for the RDS gateway, version 2.X no longer allows the import of the certificate by the administration console, since it is necessary to provide a certificate in PFX format.
- An IIS web server.
- Download Windows ACME Simple (WACS).
- Have the site (s) to configure on the IIS server on port 80 and accessible from the Internet.
- If necessary copy the file Web_Config.xml to the directory of Internet sites which available in the WACS archive.
Generate a Let’s Encrypt PFX
Run WACS as Administrator, right click on wacs.exe 1 and click on Run as administrator.
Once the menu loaded, enter the letter M to create a certificate in full options mode.
Use option 1 (IIS) to list the available domains.
Select the IIS site where the domain is linked.
Enter choice 1: Pick specific binding from the list.
Include bindings, validate by pressing Enter.
Confirm the selection of the domain (s) found by pressing Enter (yes).
Confirm again by pressing the Enter key.
Select a validation method, default 2.
Choose the type of key, by default RSA Key 2.
Choose the certificate output mode, select 1 to generate a PFX – IIS Central Certificate Store (.pfx per domain).
Enter the location where the certificate will be saved.
Enter the password for the PFX file.
Choose another certificate output location if necessary, default 3.
Enter choice 4 to not take any additional action.
Wait while generating the certificate.
Once the certificate has been generated, WACS offers to update the renewal task, by default No.
Get the certificate format PFX
Open Windows Explorer and go to the location configured during the generation of the certificate to recover the file.