Remove Let’s Encrypt certificate in Windows Server

We like to remove Let’s Encrypt certificate in Windows Server. Before we uninstall Let’s Encrypt certificate, let’s answer some questions regarding the uninstallation process. Is it safe to delete Let’s Encrypt certificate? What is the correct way to completely remove issued Let’s Encrypt certificates in Windows Server?

Let’s Encrypt is a great way to secure Internet Information Services (IIS) in Windows Server. We are going to use another certificate provider. Because of that, we are going to remove Let’s Encrypt from the Windows Server. There are a couple of places to check and to uninstall Let’s Encrypt certificate in Windows Server. We are going to have a look at all these places and make sure that we remove the certificate.

Steps to uninstall Let’s Encrypt certificate in Windows Server

Make sure to completely remove the Win-ACME client and everything else connected. Follow the following steps:

1. Remove Let’s Encrypt Win-ACME client and everything in the folder with it
2. Remove configuration folder from %programdata%
3. Remove scheduled task from the Windows Task Scheduler
4. Remove certificate from MMC snap-in

When you delete all of the above, there is nothing left.

Remove Let’s Encrypt Win-ACME client

Start File Explorer and go the path where the Win-ACME client is placed. In my example, it’s the following path:

C:\Program Files

Right-click Lets Encrypt folder and click delete.

Delete configuration folder

In File Explorer go to the path configuration folder of the ACME client.

C:\ProgramData

Right-click win-acme folder and click delete.

Delete scheduled task

Start Task Scheduler. Check if there is a scheduled task configured for automatic Let’s Encrypt certificate renewal. Right-click win-acme renew and click delete. A message will show if you want to delete this task. Click Yes.

Remove certificate from Internet Information Services Manager

Start Internet Information Services (IIS) Manager. In the left pane click the Windows Server. In my example, it’s the EX01-2016 server. Click Server Certificates in the features view.

Right-click the Let’s Encrypt certificates and click remove. A message will show up if you are sure to remove this certificate, and permanently remove it from the certificate store. Click Yes.

Delete the certificate from MMC snap-in

There are two places that you need to check. Start MMC (Microsoft Management Console) and add the certificate snap-in. If you can’t find the certificate, it means that it’s deleted with the previous step.

Expand the folder Personal and click the subfolder Certificates. Right-click the Let’s encrypt certificate and click Delete. A message will show up if you want to delete the certificate? Click Yes.

Expand the folder Web Hosting and click the subfolder Certificates. Right-click the Let’s encrypt certificate and click Delete. A message will show up if you want to delete the certificate? Click Yes.

The Let’s Encrypt certificate is deleted from all the places. In the next step, we are going to reset IIS.

Restart IIS (Internet Information Services)

We have to restart IIS after removing the Let’s Encrypt certificate. Run Command Prompt as administrator and run the IISReset command.

C:\>iisreset

Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

We can restart IIS from IIS Manager.

Did it help you to uninstall Let’s Encrypt certificate in Windows Server 2016?

Keep reading: Let’s Encrypt unable to install certificate (0x80070520) »

Conclusion

In this article, you learned how to remove Let’s Encrypt certificate in Windows Server. Uninstall Let’s Encrypt and install another certificate provider in Windows Server. Don’t leave the Windows Server insecure.

If you liked this article, you might also like to read Disable Windows Firewall with PowerShell. Follow us on Twitter and LinkedIn to stay up to date with the latest articles.