I have an Amazon Lightsail MS Windows (2019) Server instance with static IP and a registered verified domain name, let's call it my-iis-website-test.net, running an IIS web site, having a static HTML page at root default web app URL http://my-iis-website-test.net and a sample .NET Web API running at http://my-iis-website-test.net//test1/WeatherForecast (see screenshots at P.S.).
Now, I wanted my IIS web apps/API to be secured with Let's Encrypt SSL certificates.
I tried to toss-out tons of articles both in Amazon AWS knowledge base and on Internet but I didn't find any useful straightforward tutorial how to implement my solution using Certbot.
For MS Windows Server LightSail instance, the solution, I have found, seems to be to use AWS Load Balancer (SSL/TLS certificates in Lightsail - see link in the bottom of the referred web page).
But I don't currently need an AWS Load Balancer, I wanted to use a simpler solution with Certbot, similar to the ones presented in the following tutorials for the Amazon Lightsail Linux instances:
- Tutorial: Using Let’s Encrypt SSL certificates with your WordPress instance in Amazon Lightsail
- Tutorial: Using Let’s Encrypt SSL certificates with your LAMP instance in Amazon Lightsail
They don't need an AWS Load Balancer, do they?
IOW, I'm missing a proven straightforward
- Tutorial: Using Let's Encrypt SSL Certificates with your IIS Web Sites running on MS Windows Server 2019 Instance in Amazon Lightsail
If there is no one, which can be googled, then I wanted to make this 'tutorial' prepared and tested here with the help of the StackOverflow members. I have collected some information - Certbot seems to be available for MS Windows (Server):
and Route53 DNS Authenticator plugin for Certbot is described in very brief online docs Welcome to certbot-dns-route53’s documentation!. The only question (left) is how to apply all this information to make my IIS Web Site running on MS Windows Server (2019) instance running on Amazon Lightsail?
NB: I must note my Amazon Lightsail MS Windows 2019 Server instance is currently running as a free-tier one - first three months promotion. If using a free-tier instance would be a stopper to enable SSL/TLS on this instance then it wouldn't be a problem to upgrade it to a paid instance.
P.S. Screenshots:
A. Default IIS Web site serving static index.html at http://my-iis-website-test.net
B. Test .NET Web API/APP within default IIS Web Site http://my-iis-website-test.net//test1/WeatherForecast:
