DEV Community


Posted on

Nginx configures free SSL certificate in Windows environment (Let’s Encrypt)

Nowadays, Baidu, Google, Github and other websites have enabled https on the entire site. https is like a "lock" on the website. What HTTPS does is to encrypt the request to make it more secure for users. In addition to protecting the interests of users, it can also prevent the traffic that belongs to itself from being hijacked. Google has defined http as an insecure website. In my opinion, HTTPS is the future trend.

1、The deployment environment is Winodws Nginx
2、Let's Encrypt is a public free SSL project abroad, hosted by the Linux Foundation and initiated by organizations such as Mozilla, Cisco, Akamai, IdenTrust, and EFF!
3、The certificate is valid for three months, and the visa certificate needs to be renewed every three months
4、Use win-acme tool to generate Let's Encrypt certificate


  1. Download the latest version of win-acme on github download win-acme [My version win-acme.v2.1.12.943.x86.pluggable]

  2. download nginx。

  3. Unzip win-acme, open wacs.exe

  4. choose M [Create certificate(full options)]

  5. choose 2 [Manual input] , then enter your domain ,
    [such as :] , then press enter next.

  6. choose 6 . verify domain with dns

  7. choose 2. RSA

  8. choose 2. nginx container . then enter your Local storage file path . [such as : D:/ssl]

  9. Choose the last of the next two options - pass

  10. Don’t rush to the next step at this time, look at the information given

    domain : your domain
    record : host record
    type : record type
    content : record value
    now,Go to your domain name resolution backend and fill in the corresponding value , then press enter

  11. If the verification is successful, go to your local directory to see if the encrypted file has been generated
    local file

  12. Configure nginx, open /conf/nginx.conf then start nginx

    server {
        listen       443 ssl;
        server_name  your domain;
        ssl_certificate      D:/nginx-1.15.6/ssl/xxxxx-chain.pem;  
        ssl_certificate_key  D:/nginx-1.15.6/ssl/xxxxxx-key.pem;  
        ssl_session_timeout 5m;
        charset utf-8;

        location / {
            root  D:/index/;
            index index.html;
Enter fullscreen mode Exit fullscreen mode

My small website has been configured with https .


The validity period of the certificate is 90 days
application restrictions

Top comments (1)

matrixebiz profile image
matrixebiz • Edited

Hello, thank you for this. Can we Delete the TXT Entry after validation or will we still need it for when it renews every 90 days?