Getting Started

Certify SSL Manager is designed to make https easy for IIS users on Windows Servers. The good news is you don't need any special knowledge about SSL, TLS, Private Keys, Certificate Signing Requests, Certificate Authorities or the renewal of expiring certificates. The app takes care of all that for you, with the help of the free Let's Encrypt service (https://letsencrypt.org).

Note: This guide assumes you already have a working website that's accessible to the public.

What you need

First Steps

Register a Contact

The only thing that's required before you can request certificates from the free Let's Encrypt service is to register yourself as the contact for the certificates you are going to be requesting. Let's Encrypt use this to notify you if a certificate is about to expire and hasn't yet been renewed. Fortunately, our Auto Renew feature means they're less likely to need to email you, but registration is still required.

Create a new Managed Site

A Managed Site in Certify SSL Manager is how you specify what settings to use each time a certificate renewal takes place for a particular website, or even a just a subset of the domains used for a particular site (if you need different settings for each).

Click on the New Certificate button to set up a new Managed Site:

  1. Pick which IIS website you want to manage from the 'Select IIS Site' drop down list
  2. If your website has mutliple domain bindings you should see them all listed, one will be auto selected as the Primary Domain
  3. For many sites, the defaults are already fine and you can just click Save to store your new Managed Site

Getting your first Certificate

With your Managed Site selected, Click on the Request Certificate button to begin a Certificate Request. The app will show you the progress of the request, once it's completed successfully your site will now be accessible over https!

If all went well, you just need to configure Auto Renewal and then you can forget about it.

Configure Auto Renewal

Certificates from the Let's Encrypt service expire after 90 days. You've probably seen what happens when you visit a site with a broken certificate - usually the browser will prevent you accessing the page. To look after expiring certficates Certify SSL Manager will set up a Windows Scheduled Task that takes care of certificate renewals.

All you have to do is click Configure Auto Renew and provide the details of the user the task will runs as, this user needs to be Administrator level to that it can manage settings in IIS and update your local Certificate store on the server.

Troubleshooting

Having trouble? Check out our Frequently Asked Questions (FAQs) first to see if those help.