Windows IIS Setup

For Windows Server with IIS.

This guide uses Win-ACME to issue, install, and renew the certificate automatically.

Requirements

• You can access the server through RDP.
• IIS already has a binding for the domain, at least on port 80.
• The domain points to this server.
• You have the Server URL, EAB MAC ID, and EAB MAC key.

TIP

If the IIS site only has a default wildcard binding, Win-ACME may not identify it correctly. Add a clear Host Name binding first.

1. Install Win-ACME

1. Open https://www.win-acme.com/.
2. Download the latest release.
3. Extract it to:

C:\Program Files\Win-ACME

4. Run wacs.exe once to confirm it works.

2. Issue and Install

Open PowerShell as Administrator.

Single domain:

& "C:\Program Files\Win-ACME\wacs.exe" `
  --source iis `
  --host example.com `
  --store certificatestore `
  --installation iis `
  --baseuri "your Server URL" `
  --eab-key-identifier "your EAB MAC ID" `
  --eab-key "your EAB MAC key" `
  --accepttos

With www:

& "C:\Program Files\Win-ACME\wacs.exe" `
  --source iis `
  --host "example.com,www.example.com" `
  --store certificatestore `
  --installation iis `
  --baseuri "your Server URL" `
  --eab-key-identifier "your EAB MAC ID" `
  --eab-key "your EAB MAC key" `
  --accepttos

3. Confirm IIS Binding

Open:

Server Manager -> Tools -> Internet Information Services (IIS) Manager

Then:

Sites -> your site -> Bindings

Confirm that HTTPS on port 443 has been created.

4. Check Renewal

& "C:\Program Files\Win-ACME\wacs.exe" --list --baseuri "your Server URL"

For troubleshooting, add:

--verbose

5. Browser Check

https://example.com