I succeeded in testing IIS 8.5 against the staging (test) CA using letsencrypt-win-simple as the client. This was simpler than I expected, with documentation being sparse and technobabble-heavy. It really was as simple as making sure I had HTTP bindings defined for each host name the server was supposed to respond to, then running the client application and answering a few prompts. The client read the HTTP bindings and created corresponding HTTPS bindings to match.
IIS Manager then complained that there was no default SSL site created. What it meant was there was no HTTPS binding with a blank host header defined, to help browsers that don’t support server name identification.
Do any IIS users here know if this client supports adding a default HTTPS binding using a new or renewed cert? Or maybe I have to script the creation or replacement of a new binding after creating or renewing a cert. The client does not recognize a default HTTP binding as valid for creating a corresponding default HTTPS binding. Maybe I could do a manual SAN cert for the site instead because I have application request routing and URL rewrite installed, but then I’d still have to create or edit a manual binding for the default HTTPS site.