Let's Encrypt on Older Windows 2003 Servers


Following the thread for Let’s Encrypt on Windows to get my self oriented.
See thread t/how-letsencrypt-work-for-windows-iis/2106

From that thread and some experimentation, I was able to get a low usage Windows 2003 server working. Here is what I did:

The client: https://github.com/ebekker/letsencrypt-win
only works with .NET 4.5 which is available only on window 2008 servers or greater.

I temporarily modified DNS to point to a Amazon Windows 2012 server and setup a stub web site to act as a temporary agent for my target SSL cert. Once I confirmed DNS was working and the site was visible from the internet, I ran the client software which easily created and installed the certificate. Great client software for the community!

Next, I exported the certificate using this site as a reference guide:
https://www.digicert.com/ssl-support/pfx-import-export-iis-8.htm#export pfx

From there, I exported the SSL cert with the private key to the old Windows 2003 server. Using a similar technique as noted in the export guide, I imported the SSL cert and private key in the Windows 2003 server. I then rebound the web site to the new cert.

I then needed to reverse the DNS references to point back to the old Windows 2003 server. Done!

The cert is only good for 90 days but I proved I could get it working! Hope this helps someone else.


well this thing is no longer supported and I dont think this thing does have TLS1.2 or anything new, as it’s more or less the same as XP, so I doubt it will be any good for a long time.