have a look at the ZeroSSL client https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke
This client is usually the easiest way to start with as you can paste your domain name in and it will generate the CSR for you
when you are more confident there are other ways of generating the CSR
I use certreq utility personally for several reasons
Creating a CSR with Certreq
Reviewing the documentation here: https://technet.microsoft.com/en-us/library/dn296456(v=ws.11).aspx we can see that to use certreq we need to specify a configuration file and use the following syntax.
**certreq -New .\certreqconfig.txt**_
**The contents which work the best for certreqconfig.txt are below**_
Subject = "CN="
Exportable = TRUE
KeyLength = 4096
KeySpec = 1
MachineKeySet = TRUE
SuppressDefaults = True
SMIME = false
Some explanation for configuration:
Exportable=TRUE. Allows the private key (stored in Microsoft Store) to be exported. You need this to be able to export the certificate and key in PFX format.
SuppressDefaults = True - stops certreq adding certain Microsoft Extension to CSR (e.g. name of request machine) which can break the process
SMIME = false - Stops certreq adding certain extensions to the CSR which can break the process
RequestType= PKCS10 - forces certreq to format the CSR in a PCKS10 format.
If everything works well we can use MMC and the Certificate Snap-In we can confirm a pending certificate request.
You can also use openssl to generate your CSRs
out of interest are you a video guy or a article guy?
I am thinking of doing a youtube series on windows and letsencrypt