How to get a free SSL/TLS compatible certificate from Let's Encrypt and make it work in Windows.
Recently in the Dreamhost newsletter, I discovered that Let’s Encrypt has been offering, since December 2015, free certificates that are compatible with SSL/TLS. What a great chance to get a certificate for the HeyHttp project. Comodo PositiveSSL certificates are available for 5 dollars, but why not keep your five dollars and get this free certificate?
To get the certificate use the script that Let’s Encrypt provides for Linux. This script will also automatically install the certificate on Apache servers.
However, HeyHttp only runs on Windows and it is a server itself, so some extra steps are needed to make the certificate work in Windows.
Although there are discussions in the forums about porting Let’s Encrypt to Windows, I just went to my Ubuntu machine, downloaded the enlistment, and executed the script in manual mode. These are the commands needed:
In the middle of this process, you need to create a file with a key and copy the file to the wwwroot folder on your Windows server.
Now, go back to Linux and complete the authentication to get two pem files, one with the certificate and one with the private key.
In the forums, [forum][Ryan Hilliker] posted the following OpenSSL command to convert the pem files into a pfx file:
Copy the resulting pfx file to your Windows machine, double click on it, and install it wherever you want (in the case of HeyHttp, choose “local machine” and then “personal store”).
That’s it, now the secure connection is trusted and you can go and spend those five dollars on a latte.
Let’s Encrypt certificate expire in 90 days. To renew the certificate, you will need to execute the next command:
And create a new pfx file with the resulting files as done above.
Backing up and restoring Let’s Encrypt account files
The key files that you need to keep backed up are:
- Your account directory at
- Your domain config file at
- Your domain keys directory at
/etc/letsencrypt/live/heyhttp.org/, which in reality are symbolic links to the archive of keys.
- The directory containing the archive of keys at