Go back

How to create a “Let’s Encrypt” certificate on Windows

March 17, 2023
Anthony Baadzhy

Anthony Baadzhy

Cryptographic certificates are the digital equivalent of website validation, which enables you to encrypt connections using TLS protocol and thus provide a secure link between server and client.

There are both paid and free certification centers. Let’s Encrypt is one of the free centers, which provides certificates for 90 days with an automatic renewal option.

For TrueConf Server users TLS certificate is required to join web meetings via WebRTC application and sync TrueConf Server with Active Directory.

Step 1: Getting started

First, you should stop all TrueConf Server services and all processes that can use 80 and 443 ports, such as Apache Http Server.

To create a TLS certificate on Windows, download the ACME Simple (WACS) program. Then follow the instruction:

  1. Extract the downloaded archive to the C:\wacs\ folder.
  2. Create a crt directory in the same folder.
    How to create a "Let's Encrypt" certificate on Windows 1
  3. In Windows Defender Firewall, go to Advanced SettingsInbound RulesNew RulePort; enter 80 and 443 ports separated by comma in the Specific local ports field and click Next. Then select Allow the connection, click Next again, specify which profiles the rule will apply to (for all by default) and after clicking Next, save the rule under any name.

Step 2: Creating a certificate

Open the command line (cmd) as administrator and run the following program:

Next, run the following commands sequentially by entering the letters and digits corresponding to the menu options that you want to select. For example, to run the command Create certificate (full options), you will need to type m and press Enter. (for version 2.2).

  1. Start creating the certificate by manually specifying the parameters. To do it, select:
    • Create certificate (full options)
    • Manual input.

    How to create a "Let's Encrypt" certificate on Windows 2

  2. Specify your domain name and press Enter twice to confirm.
    How to create a "Let's Encrypt" certificate on Windows 3
  3. If necessary, you can create separate certificates for subdomains and hosts. In our case, we will select Single Certificate:
    How to create a "Let's Encrypt" certificate on Windows 4
  4. Then select the following options sequentially:
    • [http] Serve verification files from memory
    • RSA key
    • PEM encoded files (Apache, nginx, etc.).

    How to create a "Let's Encrypt" certificate on Windows 5

  5. Specify a folder for saving certificates C:\wacs\crt.
  6. You will be offered to create the password for the private key. Select None.
    How to create a "Let's Encrypt" certificate on Windows 6
  7. Next, select:
    • No (additional) store steps
    • No (additional) installation steps.

    How to create a "Let's Encrypt" certificate on Windows 7

  8. Answer additional questions as follows:
    • type no for the question Open in default application?
    • type yes for the question Do you agree with terms?.
  9. Specify an email address for error notifications.

 

When you successfully create the certificate, you will see the Authorization result: valid message. Answer no to the question Do you want to specify the user the task will run as? question.

If a certificate has already been generated for the specified domain name, there will be the corresponding notification in the Existing renewal line. The certificate expiry date will be provided as well. You can create the certificate again by entering yes in response to the question Overwrite settings?.

Three files will be generated in the C:\wacs\crt folder:

  • domain_name-crt.pem is the certificate itself
  • domain_name-key.key is the key file
  • domain_name-chain.pem is the trust chain, it includes Let’s Encrypt root and intermediate certificates.

Now you can use them in TrueConf Server, as shown in our article.


Still have questions? Please contact our support team directly via online chat.

Sign up for newsletter