Free SSL certificate from Let’s Encrypt!


I’m using an Intel Compute Stick with an USB 3.0 harddisk as my “Home-Server”. The stick has Windows 10 pre-installed:

I installed Serviio for streaming to my Samsung TV and I also installed XAMPP to run my ownCloud (8.0.x). In the past I used a self-signed certificate for HTTPS but I want a free and all-trusted SSL certificate. Let’s Encrypt can offer you this for free!

The enrollment is very easy and I want to show you how I did it. The Windows XAMPP software runs an Apache webserver. There’s an windows tool that can request a ready-to-use certificate. You can download this tool here: letsenrypt-win-simple

In our example we are using ““. Your webserver also needs to be accessible with http (tcp 80), so you need to forward this port to you internal webserver. Let’s Encrypt will check if your requested domain-certificate is coming from a real-running webserver to prevent abuse! If your webserver isn’t reachable, you will get this error code:

Authorization Result: invalid

The ACME server was probably unable to reach

Check in a browser to see if the answer file is being served correctly.


Extract the archive to your harddisk and open a command prompt with administrative rights. Now go to your folder (for example C:\letsencrypt) and run the exe file like this:

letsencrypt.exe --manualhost --webroot C:\xampp\htdocs


A correct procedure will look like this:

Let's Encrypt (Simple Windows ACME Client)
Renewal Period: 60
Certificate Store: WebHosting

ACME Server:
Config Folder: C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\
Certificate Folder: C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\
Loading Signer from C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\\Signer

Getting AcmeServerDirectory
Loading Registration from C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\\Registration
Authorizing Identifier Using Challenge Type http-01
Writing challenge answer to C:\xampp\htdocs\.well-known/acme-challenge/KYhSTwaDTg_c1GFyMLDJFc5WPkTsdsfwef9Ncc8cAIs1LeTE
Answer should now be browsable at
Submitting answer
Refreshing authorization
Authorization Result: valid

Requesting Certificate
Request Status: Created
Saving Certificate to C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\\
Saving Issuer Certificate to C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\\ca-008BE12wrwerfwe944ED3C546431F097614FE5-crt.pem
Saving Certificate to C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\\

Do you want to install the .pfx into the Certificate Store/ Central SSL Store? (Y/N) y
Opened Certificate Store "My"
Adding Certificate to Store
Closing Certificate Store
Do you want to add/update the certificate to your server software? (Y/N) y
WARNING: Unable to configure server software.
Opened Certificate Store "My"
Closing Certificate Store

Do you want to automatically renew this certificate in 60 days? This will add a task scheduler task. (Y/N)
Creating Task letsencrypt-win-simple with Windows Task Scheduler at 9am every day.

Do you want to specify the user the task will run as? (Y/N) n
Renewal Scheduled Manual (C:\xampp\htdocs) Renew After 17.02.2017


The wizard copied the files into your local cert container and also in a sub-folder under your personal roaming folder. The wizard also created a daily-recurring task that can be found under “administrative tools / tasks”:

The two tasks are starting the following commands:

letsencrypt.exe --renew --baseuri ""
letsencrypt.exe --renew --baseuri ""


You can create this task by your own or implement it in other task-jobs or in a crontab on linux-systems. The certificate validity is only 90 days long but this task job will re-request the new certificate automatically. Our website is now secured with a valid and trusted SHA2 certificate:

Now we need to stop the Apache service within the XAMPP service console and open the httpd-ssl.conf:

Go to “<VirtualHost _default_:443>” and place an hashtag (#) before SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile to ignore them. Place new entries like this:

# Let's Encrypt


RewriteEngine On
# Redirect to the correct domain name
RewriteCond %{HTTP_HOST} !^$ [NC]
RewriteRule ^/?(.*)$$1 [NE,L,R=301]

Alias /.well-known C:/xampp/htdocs/.well-known

SSLEngine on
SSLCertificateFile "C:/Users/YourMama/AppData/Roaming/letsencrypt-win-simple/"
SSLCertificateKeyFile "C:/Users/YourMama/AppData/Roaming/letsencrypt-win-simple/"
SSLCertificateChainFile "C:/Users/YourMama/AppData/Roaming/letsencrypt-win-simple/<ID>-crt.pem"


Change the paths to your correct location. Start the Apache service again and check if your server is reachable via https.

Don’t hestitate to ask for help if you have any further questions! Have a nice day!

4 thoughts on “Free SSL certificate from Let’s Encrypt!

  1. Hi Michel,
    Thank you for the tutorial.
    It also failed for me at first. Seems we should have double dash instead of simple ones for parameters. Also, we might need to specify a folder if our website is not at the root, but in a folder of HTDOCS:

    letsencrypt.exe –manualhost –webroot C:\xampp\htdocs

    Might be:
    letsencrypt.exe –-manualhost –-webroot C:\xampp\htdocs

Leave a Comment