It helps to save private key to certificate store. Added admin manifest.

letsencrypt-win-simple/Program.cs

@@ -227,16 +227,16 @@ static void Auto(TargetBinding binding)
             {
                 var pfxFilename = GetCertificate(binding);
 
-                if (options.Test && !options.Renew)
-                {
-                    Console.WriteLine($"\nDo you want to install the .pfx into the Certificate Store? (Y/N) ");
-                    if (!PromptYesNo())
-                        return;
-                }
+                //if (options.Test && !options.Renew)
+                //{
+                //    Console.WriteLine($"\nDo you want to install the .pfx into the Certificate Store? (Y/N) ");
+                //    if (!PromptYesNo())
+                //        return;
+                //}
 
                 X509Store store;
                 X509Certificate2 certificate;
-                InstallCertificate(pfxFilename, out store, out certificate);
+                InstallCertificate(binding, pfxFilename, out store, out certificate);
 
                 if (!options.Renew)
                 {
@@ -272,24 +272,50 @@ private static void ConfigureBinding(TargetBinding binding, X509Store store, X50
                 }
                 else
                 {
+
                     Console.WriteLine($" Adding https Binding");
                     var iisBinding = site.Bindings.Add(":443:" + binding.Host, certificate.GetCertHash(), store.Name);
                     iisBinding.Protocol = "https";
+                    // only do this for IIS 8+ and only if users want it
+                    //iisBinding.SetAttributeValue("sslFlags", 1);
                 }
 
-                Console.WriteLine($" Commiting binding changes to IIS");
+                Console.WriteLine($" Committing binding changes to IIS");
                 iisManager.CommitChanges();
             }
         }
 
-        private static void InstallCertificate(string pfxFilename, out X509Store store, out X509Certificate2 certificate)
+        //public Version GetIisVersion()
+        //{
+        //    using (RegistryKey componentsKey = Registry.LocalMachine.OpenSubKey(@"Software\Microsoft\InetStp", false))
+        //    {
+        //        if (componentsKey != null)
+        //        {
+        //            int majorVersion = (int)componentsKey.GetValue("MajorVersion", -1);
+        //            int minorVersion = (int)componentsKey.GetValue("MinorVersion", -1);
+
+        //            if (majorVersion != -1 && minorVersion != -1)
+        //            {
+        //                return new Version(majorVersion, minorVersion);
+        //            }
+        //        }
+
+        //        return new Version(0, 0);
+        //    }
+        //}
+
+        private static void InstallCertificate(TargetBinding binding, string pfxFilename, out X509Store store, out X509Certificate2 certificate)
         {
             Console.WriteLine($" Opening Certificate Store");
             store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
             store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
 
             Console.WriteLine($" Loading .pfx");
-            certificate = new X509Certificate2(pfxFilename, "");
+
+            // See http://paulstovell.com/blog/x509certificate2
+            certificate = new X509Certificate2(pfxFilename, "", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
+            certificate.FriendlyName = $"{binding.Host} {DateTime.Now}";
+
             Console.WriteLine($" Adding Certificate to Store");
             store.Add(certificate);
 

letsencrypt-win-simple/Properties/AssemblyInfo.cs

@@ -33,4 +33,4 @@
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
 [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyFileVersion("1.0.*")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

letsencrypt-win-simple/app.manifest

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
+  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
+    <security>
+      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
+        <!-- UAC Manifest Options
+             If you want to change the Windows User Account Control level replace the 
+             requestedExecutionLevel node with one of the following.
+
+        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
+        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
+        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
+
+            Specifying requestedExecutionLevel element will disable file and registry virtualization. 
+            Remove this element if your application requires this virtualization for backwards
+            compatibility.
+        -->
+        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
+        <!--<requestedExecutionLevel level="asInvoker" uiAccess="false" />-->
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+
+  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
+    <application>
+      <!-- A list of the Windows versions that this application has been tested on and is
+           is designed to work with. Uncomment the appropriate elements and Windows will 
+           automatically selected the most compatible environment. -->
+
+      <!-- Windows Vista -->
+      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
+
+      <!-- Windows 7 -->
+      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
+
+      <!-- Windows 8 -->
+      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
+
+      <!-- Windows 8.1 -->
+      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
+
+      <!-- Windows 10 -->
+      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
+
+    </application>
+  </compatibility>
+
+  <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
+       DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need 
+       to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should 
+       also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
+  <!--
+  <application xmlns="urn:schemas-microsoft-com:asm.v3">
+    <windowsSettings>
+      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
+    </windowsSettings>
+  </application>
+  -->
+
+  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
+  <!--
+  <dependency>
+    <dependentAssembly>
+      <assemblyIdentity
+          type="win32"
+          name="Microsoft.Windows.Common-Controls"
+          version="6.0.0.0"
+          processorArchitecture="*"
+          publicKeyToken="6595b64144ccf1df"
+          language="*"
+        />
+    </dependentAssembly>
+  </dependency>
+  -->
+
+</assembly>

letsencrypt-win-simple/letsencrypt-win-simple.csproj

@@ -31,6 +31,9 @@
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationManifest>app.manifest</ApplicationManifest>
+  </PropertyGroup>
   <ItemGroup>
     <Reference Include="CommandLine, Version=2.0.275.0, Culture=neutral, PublicKeyToken=de6f01bd326f8c32, processorArchitecture=MSIL">
       <HintPath>..\packages\CommandLineParser.2.0.275-beta\lib\net45\CommandLine.dll</HintPath>
@@ -68,6 +71,9 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="App.config" />
+    <None Include="app.manifest">
+      <SubType>Designer</SubType>
+    </None>
     <None Include="packages.config" />
   </ItemGroup>
   <ItemGroup>