Google has specified that websites are not secure unless they are utilizing an SSL certificate. With recent updates to Chrome, warnings are displayed indicating that your website is not secure if the user attempts to use any text inputs on a website that does not have an SSL certificate. I have not previously seen a need to use an SSL certificate, as I didn’t sell anything on my code-gorilla website, but now that my website will be throwing warnings and impacting my search results I have been inspired to implement one.  
 
There are numerous ways that you could buy an SSL certificate, and I’m sure there are times when you’d want to, but I am just looking for the cheapest way possible to satisfy this need from a reliable source. I was glad to find that at the same time Google presents a new requirement that Google also recommended a cost free solution at https://letsencrypt.org/.  
 
Let’s Encrypt is a Certificate Authority (CA) which can provide you with a free SSL certificate using the ACME protocol. Certbot is their recommended ACME client but they also have a list of recommended clients that could also be used. Certbot is intended for use on Linux and if I were using Linux I would have gone that route, but I’m running on a Windows server so I decided to go with Windows ACME Simple (WACS), which is a CLI client that runs on Windows and has no limits on certificates per server.  
 
Download the latest version of the code. At the time of writing this article the latest version is v1.9.11.2. For simplicity, I will simply download the binary but you could also build from the source. Unzip the file and place onto your server that you will be installing the certificates onto. Here is the server information for my installation:

• Windows Server 2012R2 Datacenter
• IIS 8.5

Behavior before SSL

Before we add the certificates, let’s look at our current state so we can compare and ensure that we are successful on completion:

• Open IIS Manager
• Confirm that we don’t have any certificates.
• Check the bindings to see that we are using port 80 only.

Note: If your website is not using port 80, which is the standard port, then you will need to run in manual mode. For our example I am assuming that you are using the standard port.  
 
Then hit our website with both http and https to confirm that the https is not found. Download the latest version of the code here: https://github.com/PKISharp/win-acme/releases  
 
Unzip and copy the folder structure on your server.

Test Certificate

Open the DOS Command prompt and run as Administrator. Change directory into the location that you’ve copied and we’ll first run in test mode by running letsencrypt.exe --test.
We will then select N: Create new certificate. We will be creating the certificates individually so select option 1. You will then get a list of sites available to have certificates generated, select your site of interest.
Also enter the email address that will be receiving certification notifications. Next, review and approve the agreement. Confirm that you would like to install the certificate. Because we are in test mode, select no as the answer to automatically renew. Confirm that the test was successful by checking the bindings to see that https now exists on port 443. You can also see that the server certificate now exists as “Fake” because it’s a test. When we run normally without the test parameter it will overwrite the fake certificate.

Production Certificate

At this point we confirmed that WACS will be able to do what we intend to do, so let’s run it for real. Run letsencrypt.exe Select a single binding, then select the site of interest. Enter the email address to receive certification notifications. Review and agree then the certificate install will begin. You can confirm that the install was successful by reviewing the bindings to see that https is now on port 443.
You could also see that the real certificate is now bound to the site. If you hit the HTTP and HTTPS sites you can see they are BOTH now online. You could also view the SSL certificate. During the certificate installation a task was created to automatically renew any expiring certificates which you can see in the Windows Task Manager.