Let's Encrypt with Windows

It is possible to setup an SSL in a Windows version of an Ignition server? Everything that I can see in the documentation and other forums is for Linux only.

I’m not really following what you’re saying but hopefully starting here helps you out: https://docs.inductiveautomation.com/display/DOC80/Using+SSL#UsingSSL-EnablingSSL

Sorry should have been more clear in the description. I’m wondering if anyone has successfully setup an SSL certificate with Let’s Encrypt on a Windows Ignition Server. All of the literature/examples that I can find are only for Linux.

You absolutely can set up Let’s Encrypt on a Windows host - you’ll find that most guides follow Linux because it’s somewhat simpler to set up, but there’s absolutely nothing stopping you. It’s important to separate a few things:
Let’s Encrypt is a new CA (Certificate Authority) and one of/the first CAs to support the ACME protocol - as the acronym implies, it’s all about automated certificate management. ACME/LE push towards a new style of short-lived, automatically renewed certs; ‘legacy’ SSL certs generally last so long (2, 3, 5 years) that it’s not worth the effort to automate. By only issuing short lived certs, LE incentivizes automation.
In addition to Let’s Encrypt, you’ll often see something called certbot - though it’s usually not called out as a separate “thing”. certbot is an ACME ‘client’, and it absolutely has support for Windows:
https://certbot.eff.org/lets-encrypt/windows-other.html - but, you really just need any ACME client to use Let’s Encrypt - certbot is just the “reference” implementation. For instance, there’s a variety of IIS implementations: https://letsencrypt.org/docs/client-options/#clients-windows-/-iis

Once you have an ACME client, a lot of the rest of the SSL guide here should still apply - you’ll have to change the command line arguments a bit, but the basic process is still the same.

@PGriffith we’ll give it a try as you describe. Many thanks!

I have used Certify the Web successfully on a Win2016 server:

1 Like


Certify The Web requires Port 80 to be open to validate you domains. I am currently already using a Cert and have HTTPS enabled on the Gateway (have not implemented ACME). How did you configure things to both use Port 80 for Certify domain validation, but keep the Gateway access only using HTTPS? My concern comes from having to expose Port 80 and how to do this securely.