Installing Win-Acme will assist us with manually installing but automatically renewing LetsEncrypt SSL Certificates on IIS for Windows Server 2008 R2 SP1. I am using Win-Acme to provide SSL Encryption for the IIS Default Web Site that is running Microsoft Exchange 2010 (an older version of Exchange). Consequently, Exchange users will be able to log into Outlook Web Access (OWA) with secure encrypted access from their web browsers using https: on TCP Port 443.

Go Here: https://support.microsoft.com/en-us/topic/support-for-urgent-trusted-root-updates-for-windows-root-certificate-program-in-windows-a4ac4d6c-7c62-3b6e-dfd2-377982bf3ea5

On that web page, find All supported x64-based versions of Windows Server 2008 R2 (if that is your System).

Download and install “Trusted Root Certificate Updates” for Server 2008 R2 X64. In other words, in my case, I would be downloading and installing the “Update for Windows Server 2008 R2 X64 (update-Root-CAs).” Download this Update from here:

http://www.microsoft.com/download/details.aspx?familyid=4c34d8d0-f354-4323-b421-af373acbad8d

The filename of my Root Certificate update is:

Windows6.1-KB3004394-v2-x64.msu 

Before installing this Windows6.1-KB3004394-v2-x64.msu file, Open the “Properties” dialog sheets of this *.msu file and click UNBLOCK and APPLY. In other words, right-click the icon for the *.msu file, and left-click “Properties” in the drop-down options list. At the bottom of the General Property page, see where it says “This file is blocked because it came from another computer.” Click “unblock” this file and click the “apply” button.

Then, Open this Windows6.1-KB3004394-v2-x64.msu file to run it and Install Trusted Root Certificate Updates.

The Filename is: VC_redist.x64.exe Note: This executable file actually installs MS Visual Studio C++ 2015-2022 Runtime Redistributable (x64)

See: https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170&wt.mc_id=studentamb_203301#latest-microsoft-visual-c-redistributable-version

Download Link for Visual Studio C++ 2015-2022 Runtime Redistributable (x64) is:
https://aka.ms/vs/17/release/vc_redist.x64.exe

The Filename is: ndp472-kb4054531-web.exe

Download the “.Net Framework 4.7.2 Runtime Web Installer” from the following link:

https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net472-web-installer

On Windows 2008 R2 SP1, you need to download an older version of Win-Acme. Use Version win-acme.v2.0.1.183. It works.

https://github.com/win-acme/win-acme/releases/download/v2.0.1.183/win-acme.v2.0.1.183.zip

https://github.com/win-acme/win-acme/releases/download/v2.0.1.183/win-acme.v2.0.1.183.zip

BEFORE YOU EXTRACT the contents of the win-acme Zip file, find this Zip file in Windows file explorer in your selected download folder, and then Right-click the zip file's icon, and then left-click the “Properties” option in the drop-down options list. On the first tab of the Property pages (which open) you will notice that “This file is blocked because it came from another computer.” Click “Unblock” near the bottom of the first Property tab and then click the “Apply” button BEFORE YOU EXTRACT the contents of this Zip file. After unblocking the zip file, then Extract from it the Win-Acme files to a subfolder. Caution: If you do not unblock the zip file first before extracting files from it, then you may later need to unblock every file that was extracted from the zip file!

Create a new folder on the server as follows on the C: Drive:

c:\win-acme

and then copy the extracted win-acme files into the new c:\win-acme folder (maintaining the folder structure for the scripts folder, etc.) and paste those files into the c:\win-acme folder. The Windows scheduler will point to the C:\Win-Acme folder and its executable contents and scripts to automatically update the SSL certificate before it expires.

Please view this Youtube Video of “How to Install Lets Encrypt Certificates on IIS with Autorenew” at:

https://www.youtube.com/watch?v=vbk5kUT7GeY

Note: I had to use the “M” option for creating the new certificate, not the “N” option as shown in the video. I manually input the host header with fully qualified domain name of my Exchange Server that is running from the “Default Website” of my IIS server. For example, manually input my own “host.domain.com” and, to authenticate that I owned this particular host.domain.com, I selected the http-1 method where I would create a TXT record in my DNS server for testing with the _Acme-Challenge.my.domain.com TXT record. The installer will provide the text to insert in the DNS TXT record. Make sure the Secondary DNS Server is refreshed to synch with the Primary DNS server to include the new TXT Record before clicking Enter to test the _acme-challenge DNS Record. Follow the directions to then remove / delete the new TXT record from primary and secondary DNS servers before clicking Enter again to finalize the test of domain ownership.

(Created 11/11/2024) (Last Updated 11/12/2024)