...
Download win-acme
Extra the zip
Copy the contents of the extracted directory to a permanent location such as
C:\Program Files\win-acme
Run wacs.exe with admin privileges from the permanent location
M - Create certificate (full options)
2 - Manual input
Enter the server’s public FQDN (ex: myserver.myorg.com)<Enter> -
accept Friendly name: Enter the server’s FQDN as the friendly namepublic FQDN (ex: myserver.myorg.com) The default name has “[Manual]” which will cause issues.
4 - Single certificate
2 - [http] Serve verification files from memory
2 - RSA
4 - Windows Certificate Store (Local Computer)
2 - [My] - General computer store (for Exchange/RDS)
5 - No (additional) store steps
1 - Create or update bindings in IIS
1 - Default Web Site
3 - No (additional) installation steps
N - Open in default application
Y - Do you agree with the terms
Enter an email address for notifications about problems and abuse
N - Do you want to specify the user the task will run as
Q - Quit
Edit
C:\Program Files\win-acme\settings.json
Change
PrivateKeyExportable
from false to trueSave
Run wacs.exe with admin privileges from the permanent location
A - Manage renewals
S - Run the renewal (force) This forces the certificate to be re-created with an exportable key
Q - Quit
At this point, the certificate should be in the server's certificate store and an IIS binding for port 443 using the certificate and the host name should have been created. The certificate will be setup to auto renew every 30 days.
...