I wish! Windows servers is an excellent excuse to not have it. Two years running now there still isn't a practical solution for Windows servers and none in sight for the foreseeable future.
I am not comfortable running a daily, task scheduler based, third party script with local admin rights, on my Windows Server, that checks my Lets Encrypt certs and auto renews them.
However, now that Chrome v56+ is revoking StartSSL.com certs, I've probably got no choice. Either that, or actually PAY for a multi-domain cert (Comodo do a fairly cheap one).
Why? Just have it drop the certs in some directory and then reload the services. Just give the account running the script permissions to only reload services.
I assume such is possible on Windows, but I don't know for sure because I only use Linux servers. It is trivial there, so I assume you can do it on Windows as well.
It's not unfortunately - Certs are held in the Computer partition of the Windows Credential Store, which you need elevated rights to update. It sucks, but that's how it's designed. You also need to re-associate the renewed cert (once its in the credential store) with the IIS binding as well, and then you can stop/start the website instance. Again also needing elevated rights.
I don't get it. Are you talking about SSL on Windows in general, or Let's Encrypt on Windows in particular? Because the former is absolutely possible, and not that hard to add to IIS.
