Read your article about automating the process of installing free SSL (TSL) certificates. Have a couple of quick questions.

Securing IIS Web Sites with Let Encrypt Certificates

What versions of Windows IIS are supported ? (win 2k, 03, 08, 12, 16 and what about 7 and 10)

You describe "Certify the Web" tool as better when it comes error reporting. What about "LetsEncrypt-Win-Simple", what sort of error reporting does it give you if something goes wrong?

Finely, in your example of LetsEncript, I don't see anything about the schedule or errors notifying you. In Certify, you point out this feature where they send an email when actions occur. Is this feature handled in LetsEncript ?

Lets Encrypt or the certificates it produces is not specific to a given version of Windows - it'll work with all of them. However, the tools (Win-Simple/Certify) work with the IIS SNI feature to allow multiple certificates on a single IP address. That feature is available only on Server 2012 R2 and newer. For older servers you can only have one IP address mapped to a single certificate (ie. not multiple certificates for a given host-headered sub-domain).

Error handling - you get errors when the certificates are generated. Both tools will tell you what if anything goes wrong. For renewals, those operations run unattended so it's up to you to automate if you want additional error trapping and notification.

I've been using Lets Encrypt for 2 years now with no problems. If a renewal fails, it'll just re-run the next time the update check comes around, so unless there's a change in your configuration it 'just' works.

+++ Rick ---