Certify for Windows

The SSL Certificate Manager powered by Let's Encrypt

Certify is a Windows app which uses Let's Encrypt to provide free trusted SSL certificates for websites you control.


To begin your download, fill out our quick survey. Your answers help us decide how best to improve Certify :

Quick Survey (for Download)

If you have already filled out a survey recently you can download here.

Warning: This is pre-release software for testing and feedback and is not intended for general use. If you are uncomfortable testing software which may have serious bugs please wait for the full release. Uninstalling the previous release before installing the latest version is recommended.

Got feedback? Email Us or file issues on GitHub

Please donate to the development of Certify:

Latest Release: Alpha V 0.9.98 - Released 2017/03/11


You can download the latest PowerShell updates for your operating system at: https://www.microsoft.com/en-us/download/details.aspx?id=50395.

Windows SmartScreen Filter will complain the installer is not trusted. This is because we don't currently digitally sign the executable. Please donate if you'd like to fund a code signing certificate.

If you receive an error regarding extensionless files, see the FAQs below

Change Log






V 0.9.92

Note: Certify is Open Source (https://github.com/webprofusion/certify) and uses the cool ACMESharp PowerShell project by Eugene Bekker and ACMESharp contributors which is licensed under MPL 2.0


Let's Encrypt is a free service for generating trusted SSL certificates for your domain. Most tools are command line only, Certify help by providing a simple GUI. Just fire up Certify on your IIS web server to get started.



I get the error "Automated checks for extensionless content failed.."

This means your web server configuration is not allowing files with no extension to be served to site visitors. Unfortunately this is a requirement of the Lets Encrypt service in order for it to fetch the verification file which is automatically created within your site when you request a certificate (more info).

To help with this requirement we try to automatically configure this for you. If you look in {your site}\.well-known\acme-challenge you will see we have created a web.config and a file called configcheck. If you can't browse to this configcheck file in your web browser (http://{your site}/.well-known/acme-challenge/configcheck then the Lets Encrypt service can't access the files it needs either. You can edit the web.config file in this folder to get extensionless files working, then you can re-request your certificate. A mimeMap entry for either "." or ".*" usually works depending on your operating system version.