Let’s Encrypt on Windows 10

HTTPS is big, and getting bigger every day. At the same time, it’s become even easier to actually implement HTTPS onto your website. The most commonly used free service is known as Let’s Encrypt. However, this service is normally only compatible with Mac OS X, Linux, and other UNIX based operating systems. With the introduction of a Bash Shell in Windows 10’s Anniversary Update, it’s now significantly easier to use Let’s Encrypt.


Step 1: Installing the Bash Shell

You need to be running the Windows 10 Anniversary Update (or newer) for this to work. Assuming you are, you’ll need to jump through some hoops to get Bash up and running. Thanks to this How-To Geek guide for information on getting started with that.

  1. Enable Developer Mode for your computer by going to Settings > Update & Security > For developers > Enable developer mode

2. You might need to restart computer after enabling Developer Mode. Once it does, you’ll need to download and install Bash itself. Go to the Control Panel, then proceed to Programs / Programs and Features (if viewing Control Panel as a list / viewing Control Panel as fewer icons) > “Turn Windows Features on and off”

3. Your computer will definitely need to restart after this. Once it does, type Bash into your Start Menu, and select the first result that appears.

You’ll need to accept the Terms of Service by typing “y”. The Bash shell will then begin to download and install itself. When it’s completed, you’ll need to set an administrative username and password.

Once that’s done, you’ll be all set to actually install Let’s Encrypt.


Step 2: Installing Let’s Encrypt

  1. Close out of the installation window from before. You can’t install certbot in the same Bash process as the same one you installed it in. Open a brand new Bash shell by typing “bash” into the Start menu, which now shows itself as “Bash on Ubuntu on Windows”.
  2. In your Bash shell, enter the following command:
sudo wget https://dl.eff.org/certbot-auto

3. The download process for certbot-auto will be fairly quick, but you need to get its dependencies. Type the following command into Bash:

./certbot-auto

4. You’ll be prompted to install quite a few dependencies. Type “Y” to install them all. Your dependencies may not look exactly like mine.

5. When the process is completed, you’ll be prompted for your password and Certbot will automatically run. Once it does, it will also automatically close. This is normal, due to the nature of the Unix system that you’re running. You’ll need to re-launch certbot with the following command:

./certbot-auto --manual certonly

6. A new, blue window will appear and you’ll be asked for your email address to be associated with the certificate. Type one in and click Enter.

7. Agree to the Terms of Service that appear.

8. You’ll be prompted to add the domains for which you are adding a certificate for. Enter them here, separated by commas (without spaces). You’ll have to confirm your ownership of each domain in the order in which you list them here. Even if the domains are the same (e.g. naked domain vs www domain), you’ll be presented with two different strings and you’ll have to change your code to accommodate for each separate string.

9. Confirm that your IP address will be associated with the certificate request.

10. Once you do, you’ll be presented with a long alphanumeric string. This is the string that certbot will use to verify that you own the domain. The method with which you actually verify your ownership will depend on what web framework you are using.

11. Once you do so, press enter in certbot. It will send a GET request with the string that it previously provided; as long as you’ve set up your code and platform to properly handle this request, you should get a confirmation message in certbot with some information to find the files.

12. In Windows Explorer, browse to the following path (best to copy and paste this into the address bar):

%localappdata%\lxss\rootfs\etc\letsencrypt

13. All your files will be stored in the “archive/your-domain-name/” folder. From there, you can be free with your new HTTPS certificates! You did it! :D

Like what you read? Give Shea Belsky a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.