Create a free 3-months wildcard SSL certificate for use on a Windows machine

Notice that generation of the free SSL certificate will require that you prove ownership of the domain for which you are requesting the certificate. Proof of ownership will require publishing one or more DNS TXT records related to the specified domain.

1) go to https://github.com/do-know/Crypt-LE/releases and download the appropriate version (32-bit or 64-bit) of the Crypt-LE command-line utility.

2) unzip and run from a cmd prompt the following command (notice that I'm running the 64 bits version of the Crypt-LE tool)

le64.exe -email "<email>" -key account.key -csr CSR-FILE.csr -csr-key CSR-FILE-KEY.key -crt CERT.crt -domains "*.<domain>, <domain>" -generate-missing --handle-as dns --export-pfx "<password>" --tag-pfx "<domain>" --live

where:

  • <email> is your email
  • <domain> is your domain
  • <password> is the password for importing the PFX certificate into the Windows certificate store.

Here is an example of the command with fake values:

le64.exe -email "myemail@email.com" -key account.key -csr CSR-FILE.csr -csr-key CSR-FILE-KEY.key -crt CERT.crt -domains "*.mydomain.com, mydomain.com" -generate-missing --handle-as dns --export-pfx "mypassword" --tag-pfx "mydomain.com" --live

3) five files will be generated by the end of this process: the account file (account.key), the CSR file (CSR-FILE.csr), the CRS file private key (CSR-FILE-KEY.key), the certificate (CERT.crt) and the certificate in PFX format (CERT.pfx)

Crypt-LE is just one of many applications that utilize the Let’s Encrypt’s ACMEv2 API for generating free certificates. The full list of clients and libraries that use this API is available at https://letsencrypt.org/docs/client-options/.

Following screenshots of the entire process.

Having specified both a wildcard domain (*.mydomain.com) and a so-called "naked domain" (mydomain.com), I'll be asked to publish two DNS TXT records. Clearly, to add new DNS records for you domain you will typically have to use you domain name registrar DNS tools.

Here I'm requested to publish a first TXT record: c01.png

And here I'm asked to publish a second one: c02.png

And after both TXT records are published and checked to be correct, the process completes and the requested certificate is returned: c3.png

And here are all the created files: cert04.PNG