To make it easy to use "Let's encrypt" certificates on your services - we have created a free SSL proxy. It automatic issues certificates for all public names that is used against your public IP and takes care of all renew automatic. - Its as simple as set and forget.
1. Download it from here: https://gms.inpadi.dk/Res/inpadi-SSLproxy.exe
2. Make a folder - fx. c:\inpadi-SSL and copy inpadi-SSLproxy.exe into the folder
3. Run it and terminate it - it will create config files you need to edit!
4. Edit file: DestinationHost.txt and specify destination url - fx. http://localhost:8080 or https://remote.server.tld:443
5. Edit file: hostname.txt - write the public URL to your proxy - this will be the default url in case someone goes to https://yourip
6. Consider if you need http access to backend server - the file: only.ssl makes redirect from port 80 to 443 - delete it and HTTP support without SSL is enabled.
7. Create a windows service:
cd /d c:\inpadi-SSL
sc create inpadi-SSL binpath= c:\inpadi-SSL\inpadi-SSLproxy.exe start= auto
sc start inpadi-SSL
That's all. If you have any question write a mail to firstname.lastname@example.org and we will try to help you ;-)
Please note: port 80 and 443 must not be bound to anything else! inpadi-SSL proxy takes them. Also note - both port 80 and 443 must be natted thru firewall as port 80 it is needed for Lets Encrypt to work!
For SSL in front of Terminal Server gateway or other non standard HTTP services! Use this exec:
It cannot redirect from http to https - but it will tunnel ALL from https to inside HTTP - so if you configure Terminal Service Gateway to use HTTP with SSL offload you can use the TSGW.exe!
Please note - inpadi SSL proxy and TSGW.exe are free to use and does NOT come with any warranty and support.