I have been using Let’s Encrypt certificates for my Linux servers for a long time. They work great, it’s quite easy, and they’re free. The only challenge is that the installation might be complicated, and you need to refresh the certificate on a regular basis.
In this How-To, I expect that you have a NAV server running with an IIS installed and you know your way around both the IIS administration tool and how to configure a NAV Service Tier.
I have created a NAV instance with the brilliant http://aka.ms/navdemodeploy script, and I have added the DNS name I want for the certificate to the Hostname field on the binding for port 80. This is onthe “http” website in case of the Azure demo NAV deployment.
In this post, I’ll create a certificate for the ssltest.digitalkontrakt.dk and I have added a CNAME DNS entry for that.
The first thing we do, it to go to GitHub and grab the latest Let’s Encrypt Windows-Simple Zip installer version and unzip in a folder on your NAV server.
I unzipped to C:\LetsEncrypt\
Before you run, you might need to edit the web.config file, I added the:
<add name=”StaticFile” …. /> to allow the IIS to serve any file. The way Let’sEncrypt works, is that you place a challenge file on your webserver that the Let’sEncrypt server picks up to verify that it’s your server.
Run the letsencrypt.exe application and supply an email and accept the ELUA for LetsEncrypt:
Select the [IIS] (Option 2 in my case) and continue:
Now you have a valid SSL certificate on your IIS site:
Move that binding over to the NAV Web Client website in the IIS admin and you have NAV running on a valid SSL/LTS certificate that works with all devices:
So now you can avoid all the issues with self-signed certificates 🙂
Since Let’sEncrypt certificates expire within 60 days, you need to renew them, the last piece of the program we ran setup a scheduled task to handle the renew
If you also want to use the certificate for your NAV server Instance, go into MMC (Add Certificate Plugin for local machine)
Copy the certificate from Web Hosting to Personal, double click on the certificate to get the thumbnail
and use that in the NAV admin (remember to give private key read access to the account running the service tier)
Bam – Enjoy 🙂