Free Let’s Encrypt Wildcard Certificate for your Lab

The Challenge

When you build your Microsoft Lab, an SSL Certificate is often required. In the past this was a cost problem, no one wants to buy a cert for 50 Euros or more for his personal Lab. The alternative was to install a CA or using self-signed certificates. Thank God, these times are over with free certificates from Let’s Encrypt.

Let’s Encrypt certificates have a maximum lifetime of 90 days; this is a little short for production environments, but won’t be a problem in your Lab for sure. However, automatic renewal is possible, certificate service binding is sometimes complex but most of the times solvable. Therefore, I will publish a blog article about certificate auto-renewal within a Microsoft RDS Farm in the future. Since March 2018, there are even free wildcard certificates. Nevertheless, an issue was the complex handling of the ACMESharp Client like in this example on GitHub.

The Solution

Thankfully, there is a Software Project called “Certify the Web” aka “Certify”. With the Tool, you can easily install and auto-renew your free Let’s Encrypt Certificates. In this Blog Post, I want to give you a short overview of how to use this cool Let’s Encrypt GUI for Windows.

Installation Guide

Choose the Target System

Decide on which Server you want to install Certify. If you want to use the certificate on a Microsoft IIS Website it is a good idea to install the Tool directly on the IIS Server, because the tool can automatically bind the certificate in IIS.

Download

Get the newest Version from https://certifytheweb.com

Run the setup

Nothing to explain here, click through the installation wizard and you’re done.

Register for Mail Notifications

Specify a proper Mail address for renewal notifications.

Requesting a Certificate

Choose your Domain

Click the New Certificate button to request your certificate.

In this example, we choose to request a wildcard certificate and have no IIS installed on the Server.

Verify your Domain Ownership

Configure Authorization Settings in Certify SSL Manager

We use the manual DNS Validation because my Domain Name Registrar (1&1 Ionos) is not supported for auto-approval in the Certify SSL Manager.
Read more about this in the official Documentation => Link

After you configured the validation settings copy the values for the DNS text record,  continue with the next step.

Create DNS TXT Record

Create the DNS text record in the management console of your domain name registrar.

Finalize the request

Optional: Export the certificate

The Result

As a result, you have a valid certificate for your Lab.

Last but not least

Kudos to Webprofusion Pty Ltd for their great work!

Philipp Kohn

IT Consultant Specialties: Remote Desktop Services, Office 365, User Profile and Group Policy Management

One thought on “Free Let’s Encrypt Wildcard Certificate for your Lab

  • 18. June 2019 at 23:10
    Permalink

    Hello Phillip,

    Thank you very much for the article.

    Any luck with writing follow up article on how to auto-renew?

    Thank you

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.