If you’re in the developer community, and especially if you’re using or near any Azure conversations, you’ll continuously hear someone suggest Let’s Encrypt when it comes to securing your domain name. You know, that thing you do to allow your website to use the HTTPS protocol to get that lock in front of it in the web browser. I’ve tended to use NameCheap.com these days. They’re cheap like their name suggests, and they’re super easier to use. However, things just got even easier.
One of the primary reasons people have gravitated towards using Let’s Encrypt is that it’s free. That’s amazing and even sounds too good to be true! It almost is, because you have to update your SSL certificate quite regularly. In their FAQs, they state that the SSL certificate will expire every 90 days and recommend renewing every 60 days. If you run one website, that’s not a huge hassle, but it’s still time that you may not want to spend. Luckily, there have been automated renewal options built so you don’t have to.
If you’re on your own Windows server, you’ll need to do something on your own to automate this, unless it's built into your web host's website control panel. At least, so I thought. Luckily, there is a hero out there named Wouter Tinus who created PKISharp. One of the PKISharp open source projects is called Windows ACME Simple, or WACS, for short. This is an open source tool that makes it super simple to connect to, issue, and automatically renew your SSL certificate using Let’s Encrypt. Oh, and here’s the best part… It also installs the certificate and configures IIS for you too!
Yep. You read that correctly. Now, go clean up that coffee you just spit out, and ask your IT group for a new keyboard.
First, you’ll need to download the tool in order to use it. Scroll down and download the installation package that is named win-acme.vX.X.XXX.zip. Just replace the X’s with the version number. At the time of this writing, that would be version win-acme.v22.214.171.1245.zip. (Note that there isn’t anything else in the file name, such as Azure. See the image below.)
Download Windows Acme Simple Now
Installation is super simple. There is none. What you’ve downloaded is simply a ZIP file. All you need to do is extract that to a working folder. Do this on the computer that the website is running on, such as your web server. In my case, I have a Web folder and in it I created a folder called _Tools. I created another folder there named win-acme and extracted everything there. Do remember where you put it. You’ll need to know that in a moment.
Running WACS to Get Your SSL Certificate
Now that everything is in place, you’ll need to open a command prompt. I opened mine with administrator rights, because what was about to happen definitely would seem to require that, but I never tested this without running the command prompt as an administrator. Have you?
Change directory in the command prompt to where you extracted the win-acme files. Once in that folder, type in the wacs.exe command and hit enter. You’ll be shown the information in the screenshot below. (Click to enlarge.)
You’ll be asked what you want to do. In this case, choose N and hit <Enter> to move to the next step.
Now, you can do a bunch of websites all at once, but let’s keep this simple for now. Choose either option 1 or 2 to bind to a single website. I used 2 in my case, then hit <Enter> to proceed. You can see my progress in the image below. (Click to enlarge.)
Now you’ll be shown a listing of all of the websites on the server/computer this prompt is running. Choose the number that matches the name of the website in IIS and hit <Enter> again to continue.
At this point in time, all of the magic will begin to happen. Just sit back with your popcorn and watch. (Actually, it happens too fast to truly enjoy your popcorn, so I’d instead advise to enjoy it during a sip of your favorite desk beverage.)
What’s amazing is that this tool not only requested and installed a SSL certificate successfully, but it also updated IIS with the requisite bindings!
In our case, since this is a DNN website, now all I needed to do is configure DNN to recognize and properly use the new domain name (if necessary), and then test and enforce SSL across all requests.
On a side note, if you’re using a control panel or firewall of some kind and it supports enforcing the non-secure requests to SSL, I’d still recommend doing this in DNN too. You never know if that firewall might fail or if/when the website moves, whether or not the new location supports this. Doing this in DNN too is only a few minutes of work, for the peace of mind of you and the other website stakeholders.
Just in case you weren’t paying attention, here’s how easy this was…
I downloaded the ZIP file and extracted it on the computer that’s hosting the website.
I don’t think it really counts as code, but I wrote two lines of code to navigate to the folder and then choose from the options presented to me. Once I was done selecting from the options provided, the certificate was requested, accepted, installed, and even IIS was updated. Pretty sweet, right?
Yes, it was THAT simple. In only THREE steps, I was able to secure an existing website in a dedicated/virtual server environment. I recommend you give this a try the next time one of your domain name renewals come up. If I were a betting man, I’d guess you’d not use any other SSL moving forward (depending on the website in question.
This blog post is cross-posted from my company website.