Tutorials

Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.

Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.

If you have visited this page before you notice we have changed the way Lets Encrypt certificates (Let's Encrypt - Free SSL/TLS Certificates) are requested. We now use ‘Certify the Web’ from Certify Your Windows IIS Website - free SSL and https powered by Let's Encrypt. A very easy to use tool to configure Let Encrypt certificates on your server for Anywhere Access. It is completely free up to 5 certificates and for most SMB’s this is more than enough. No more wrestling with Powershell as we did in the past, let's use ‘Certify the Web’.

Lets Encrypt certificates are valid for 90 days (lifetime) but renewal kicks in shortly after the certificate is 60 days old. The renewal is done by the Certify the Web software you install during this tutorial.

No, that is not needed at all. The renewed certificate is placed in the personal store of the machine certificates by Certify the Web and can be reused by Anywhere Access.

Before you can complete the procedure in this tutorial port 80 and 443 must be open to the server.

As far as I can see this also works on other operating systems

In this tutorial, the 'Numinous Travel' company has set up their Windows Server 2016 server and configured the Essentials Experience role on it. Now they want to configure Anywhere Access but before they can do that they need to get a valid certificate from an official Certificate Authority and because they want it for free they are going to get a Lets Encrypt certificate (Let's Encrypt - Free SSL/TLS Certificates).

The 'Certify the Web' client allows you to get Let's Encrypt certificates for max 5 domains. For most SMB's running Windows Server Essentials, this is enough

  1. Go to https://certifytheweb.com/ and download the latest installer.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  2. Once downloaded install it.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  3. Before we run ‘Certify the Web’ we need to make a small change in IIS. From the Server Manager start Internet Information Services (IIS) Manager.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  4. Right-click the Default website and click Edit Bindings.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  5. Click Add
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  6. In Hostname type your own Hostname. In our case, it is remote.numinous-travel.com and click 'OK'.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  7. Click Close
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  8. Start Certify SSL/TLS certificate management and click OK.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  9. Fill in the email address will be used by Lets Encrypt to notify you and click Register Contact.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  10. Click New Certificate
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  11. From the drop-down choose the Default Web Site.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  12. Delete the wse2016 if you have such a domain listed, we don’t need that.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  13. Click Show Advanced Options
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  14. Choose the default website in IIS, right-click and choose Explore
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  15. Copy the path
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  16. Paste the path in Certify the web
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  17. Click Test
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  18. It should show all green checks.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  19. Now we can Request a real Certificate
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  20. On the screen, you should finally see this
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  21. We have a Lets Encrypt certificate
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  22. Open the log file and see what happened behind scenes.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.

We need to export the certificate from IIS and import in the Access Anywhere wizard from the Essentials Dashboard. This is only done once and it is not nessacary to repeat this after the Certify the Web client has renewed the certificate

  1. Go back to IIS Manager and export the certificate to a pfx file that later will be used to configure Access Anywhere.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  2. Choose export
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  3. Type a password. That can be anything, make it an easy one for now.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.

Import the Let's Encrypt certificate in Access Anywhere and use it for web access to the VPN, files, folders, and computers

  1. Start the Windows Server Essentials Dashboard and click settings.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  2. Choose Anywhere Access and click Configure
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  3. Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  4. Fill in the domain name and click next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  5. DNS records are already set up on my DNS host, click Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  6. Now we are going to use the certificate we exported. Click next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  7. Browse to the certificate and type the password. Click Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  8. Click Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  9. I choose both, click Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  10. Permissions can be changed later on the Dashboard, click Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  11. The wizard completed successfully, click Close
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  12. Our Access Anywhere site works just fine with the free Lets Encrypt certificate
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.

Last but not least we set autorenewal. This is 'set and forget' after configured correctly

  1. Click Settings and click Configure Auto Renew
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  2. Select ‘Use Background Service’ and click OK
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  3. Make sure ‘Show Advanced Options’ is checked and click Scripting. Click ‘Select’ for MS RDP Gateway: Enable Certificate
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  4. Finally Click Save.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  5. Start Powershell ISE as administrator
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  6. Click Yes.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  7. Click the ‘Open’ button and browse to C:\Program Files\CertifytheWeb\Scripts\Common and open RDPGatewayServices.ps1
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  8. Uncomment the last line
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  9. This is what the result should be and click Save.
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.

Users inside your network browsing to the URL of your Access Anywhere will get a 'page not found' if you do not have a proper DNS zone.

  1. Start DNS Manager from Server Manager
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  2. Right-click and choose New Zone
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  3. Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  4. Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  5. Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  6. Type the zone name
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  7. Next
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  8. Finish
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  9. Right-click in the right hive of the zone you just created and choose New Host (A or AAAA)
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  10. Type the IP address of your server and leave Name empty
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  11. Click OK
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
  12. Our Access Anywhere site works just fine with the free Lets Encrypt certificate, also from inside your Lan
    Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it.
     

About www.server-essentials.com 

www.server-essentials.com is founded by Mariette Knap, a Dutch Microsoft MVP. www.server-essentials.com is a community for IT Consultants and Business Owners who, themselves, take care of the IT infrastructure and Employees who do that little extra in the company to keep things running. Our forum is for discussing all things ‘IT’ and more.  Our documentation is top notch and written by and for the community.

Change your cookie settings


 
Contact Us
(030) 2250455

International: +31302250455

 

Concentrix BV

C. de Rijcklaan 1

3723 PM Bilthoven

The Netherlands

KvK 30202318

VAT Id 814036739B01

The layout of this page is made to be viewed online.