Configuring and renew certificates on Win 2016 /IIS10


our server OS is Win2016 x64bit. IIS version is 10+. currently, one IPaddress is configured with IIS. we hosted multiple websites with same IPaddress in IIS. Our Hosting provider is

We tried below steps:

  1. I downloaded and copied let’s encrypt directory at server.
  2. open command prompt and generate certificates for each websites using below command :
    letsencrypt.exe --manualhost --webroot “”
  3. at end of command it asked for update scheduled task for renew. we said Yes during generation of each certificates.
  4. in IIS, we got to binding for each websites and add https binding using checked “Require SNI” option
  5. it worked fine from day we generated (almost 2-3 month before)
  6. almost all certificates stopped working. we observed during accessing websites from browser.

Note: we also configured our server for PHP websites using Apache web server. we generated certificate for PHP websites and set in Apache. its worked fine without any issues till date.

Can you please help me what is wrong in IIS configuration? or Please let me know steps for generating and renew on windows server.


Hi @srpatel

I am curious about your sequence. I don’t use letsencrypt.exe (have my own tool). But:

If you create the bindings after creating your update task to renew:

Perhaps this job has created new certificates. But:

They have to saved in Webhosting (Certificate Container - machine). And the binding must use the new certificate.

So check your Webhosting Certificate container, if there are new certificates. If not, this part doesn’t work.

And check, if Letsencrypt.exe updates the binding-information.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.