You are here: Rants, Rave, & Tips

Rants, Raves & Tips

ZeroSSL with IIS 10

Date: 5/3/2019 5:11:00 PM

I have an IIS 10 server behind a VPN/Firewall, and was bound and determined to use Let's Encrypt even though the server can't be reached by Let's Encrypt to authorize the SSL certificate request.

I ran across, but was very confused has how to successfully complete the process.  Here's my suggestions that allowed me to get it working:


  1. In IIS, create a Certificate Request (CR).  Copy the contents of the CR to the clipboard.
  2. Start the Free SSL Cert process on
  3. Leave the domains box blank, paste in the CR from above
  4. Click next to have zerossl create the LetsEncrypt key (on the left side)
  5. SAVE the LetsEncrypt Key that it creates for you (you'll need this for renewals)
  6. Click next to have the certificate generated
  7. The cert generated will contain TWO keys.  Save its entire contents, but then make a SEPARATE .cer (txt) file that contains ONLY the first key from cert generated.
  8. Return to IIS, use the Complete Certificate Request wizard.
  9. Provide your .cer file that ONLY has the first key in it.
  10. Finish the wizard and then handle your site binding(s) per usual.

Rock n' roll.


Hope this helps someone in the future.