Securing your web applications with HTTPS is essential for protecting data in transit and improving user trust. This article explains how to install a free Let's Encrypt SSL/TLS certificate on Windows Server using Internet Information Services (IIS).
In this article, you’ll use the Win-Acme client to request and apply a certificate, bind it in IIS, and enable automatic HTTPS redirection. Optional instructions for Certbot and manual .pfx conversion are also included for advanced use cases.
IIS is a built-in feature on Windows Server that can be enabled using Server Manager.
Open Server Manager from the Start menu.
Click Add Roles and Features.
Choose Role-based or feature-based installation Then select your server.
On the Server Roles screen, check Web Server (IIS).
Add any additional features you need, then click Install.
After installation, test the setup by visiting your public server IP in a browser:
http://YOUR-SERVER-IPYou should see the default IIS welcome page.
To verify that IIS is serving content correctly, create a basic HTML application:
Open File Explorer and create a folder for your website.
Press Win + RType Notepad, and press Enter.
Paste the following HTML code into Notepad:
<html>
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World!</h1>
</body>
</html>Save the file as index.html in the folder you just created.
Next, you’ll add this directory as a site in IIS and map it to your domain.
After creating your web files, configure a new IIS site that maps your domain to the correct folder.
Open IIS Manager from the Start Menu under Windows Administrative Tools.
In the Connections pane, expand your server name, and right-click Sitesthen select Add Website.
In the Add Website window, configure the following:
Site name: Enter a name to identify the site internally (e.g., example.com).
Physical path: Click ... and select the folder you created earlier.
Binding:
Type: Select http.
IP address: Leave as All Unassigned unless you're using a dedicated IP.
Port: Use 80.
Hostname: Enter your domain name (e.g., example.com).
Click OK to create and start the site.
To verify the setup, open a browser and navigate to:
http://example.comYou should see the "Hello World" page you created earlier.
You can install a free SSL/TLS certificate from Let's Encrypt using one of two tools:
Win-acme: Recommended for most users; installs directly into IIS and automates renewal.
Certbot: More advanced; offers flexible control and cross-platform support.
Review both methods below and choose the one that best suits your workflow.
Win-acme is a lightweight Let's Encrypt client that installs certificates directly into the IIS certificate store and configures HTTPS bindings automatically.
Extract the contents and run wacs.exe as Administrator.
Click More info > Run anyway if SmartScreen appears.
When prompted, press N to create a new certificate.
Choose the site from the list that matches your IIS domain.
Press A to apply the certificate to all bindings.
Accept all defaults (Y to continue, open in IIS, agree to Let's Encrypt terms).
Enter your email address when prompted.
Win-acme automatically:
Request the certificate
Stores it in the Windows certificate store
Binds it to your IIS website
Sets up automatic renewal
Once complete, visit https://example.com in a browser to verify HTTPS is active.
Use the IIS URL Rewrite module to automatically redirect all HTTP traffic to HTTPS.
Run the installer and complete the setup.
Open IIS Manager, click your server name, and confirm that URL Rewrite is available in Features View.
In IIS Manager, expand your server and select your site under Sites.
Double-click URL Rewrite.
In the Actions pane, click Add Rules.
Under Inbound Rules select Blank rule and click OK.
Name your rule (e.g., Redirect to HTTPS).
Keep the Requested URL as Matches the Pattern, Using Regular Expressions.
Set the Pattern to:
(.*)Uncheck Ignore case.
Expand Conditions and click Add.
Set Condition input to:
{HTTPS}Leave: Check if the input string Matches the Pattern.
Set Pattern to:
^OFF$Click OK.
Scroll to Action settings and configure:
Action type: Redirect
Redirect URL:
https://{HTTP_HOST}{REQUEST_URI}Uncheck Append query string
Set the Redirect type to Permanent (301)
Click Apply in the Actions pane.
Open your browser and visit:
http://example.comYou should be redirected to the HTTPS version automatically.
In this article, you learned how to secure a website hosted on Internet Information Services (IIS) with a free Let's Encrypt SSL/TLS Certificate on Windows Server. You set up IIS, deployed a basic web application, installed the certificate using Certbot or win-acme, configured HTTPS bindings, and redirected HTTP traffic to HTTPS.
With SSL properly configured, your server is now ready for secure web hosting.