Using LetsEncrypt Certs with IIS without ACME


I use LetsEncrypt for my SSL needs on my websites (including this one!). It works seamlessly with my hosting provider (GoDaddy) but sometimes I generate a certificate to use on a local Windows box for testing purposes. However, the certificates that LetsEncrypt gives you aren't readily importable into IIS. Fortunately, there is a way to do it.

The web interface to generate a cert ( gives you four files:

  • domain-key.txt
  • domain-crt.txt
  • account-key.txt
  • domain-csr.txt

But you can’t import this directly into IIS in Windows. To do that, install the OpenSSL for Windows Light version from:

Then add the OpenSSL directory (ie: C:\Program Files\OpenSSL\bin) to your Path environment variable.

Finally, run the following command in a command prompt while in the folder with your .txt files:

openssl pkcs12 -inkey domain-key.txt -in domain-crt.txt -export -out yourdomainname.pfx

The program will prompt you for a password and make you confirm it. Once you are done, you’ll have a .pfx file that you can import directly into IIS!


My name is Rick Towns and I am an amateur astronomer and computer programmer from Canada. This is a collection of interesting posts I've gathered over the years.