Guide: Subsonic with Letsencrypt SSL using IIS (revised)

Tutorials, tips and tricks.

Moderator: moderators

Guide: Subsonic with Letsencrypt SSL using IIS (revised)

Postby b.bassett » Thu Jun 29, 2017 6:37 pm

Hey all,
Thanks for checking out my guide. I have a Windows machine and I wanted to run Subsonic over HTTPS. I also have a custom domain. I wanted to share my experience for those others out there that would like to run their Subsonic installation using HTTPS on a Windows machine using IIS.

Step 1. Install Subsonic for Windows on your server/workstation. (This will require Java, if you do not already have it installed.)

Step 2. Install the Internet Information Services (IIS) role on your server using “Add Roles & Features” in Server Manager, or in “Turn Windows features on or off” in the Programs and Features menu.

Step 3. Once IIS is installed, you’ll need to download and install the URL Rewrite module and ARR module. Found here: ... lDownloads and here: ... lDownloads

Step 4. Set up A record/CNAME record in DNS.

Step 5. For my installation, I used Letsencrypt for my SSL. I love this project. If you are not familiar you can get more information from their site: . Since I am using Windows, I tried a couple of the different ACME clients for Windows. I settled on a project I discovered that allows you to use Letsencrypt and provides a GUI to interact with called Certify The Web: (For those that prefer, there is also a command prompt based tool called “letsencrypt-win-simple”. Found here: ... e/releases .)

Step 6. Run Letsencrypt to get your certificate.

Step 7. Configure reverse proxy and http redirect in IIS.

Okay, let’s break down the steps a little and show you how I configured each section.

Step 1 – Install Subsonic

This step should be self-explanatory. I used the default locations for the install and the default port for Subsonic. Since we will be using a URL rewrite, we won’t need to change anything unless you happen to already be running something that is using the default port. After Subsonic is installed, launch your browser and finish setting up according to the documentation and your requirements. Then log into your firewall and forward port 80 and 443 to your server. Now you’re ready to install IIS.

Step 2 – Install IIS

Again, this part is pretty simple. Just turn on the feature or install the role and then open your IIS console. In IIS, I am going to create a new site. Open up your inetpub folder (should be located at C:\inetpub) and create a new folder to house your site. I named my folder “subsonic”. Copy the contents of “C:\inetpub\wwwroot” to your new folder “C:\inetpub\subsonic”. In IIS, expand your server and right click on Sites. Then “Add Website” and name your site. I named it “subsonic” to match the folder I created for it and pointed to
Code: Select all
then gave it a hostname of
Code: Select all
and mapped it to port 80.

Step 3 – Install URL Rewrite Module

Browse to the sites provided and click on “additional downloads” and download the appropriate installations. After they are installed, reboot your server. IIS should now be prepped.

Step 4 – Create A record/CNAME record

I am going to assume that if you have a custom domain name, that you are familiar with this process. It should be set to the match the hostname you gave the binding in IIS. In my case, “”. This is going to be your Public A record, however, your local machine needs to resolve your hostname to its local IP. If it’s running DNS, create a record in your DNS manager or create a record in your HOSTS file to map the hostname to your servers local IP.

Step 5 – Letsencrypt Certify The Web (or letsencrypt-win-simple)

Use the link provided above to download and install Certify The Web.

Step 6 – Run Letsencrypt

Run Certify The Web application and in the upper left click on "New Certificate". Type a friendly name in the box to identify what the certificate is for and then use the drop-down box to select the Site in IIS that you are going to be using the certificate on "Subsonic". Make sure that the URL you will be using matches and the box for INCLUDE is checked at the bottom. Now you can click on Test to make sure that you have IIS configured correctly and your DNS record is forwarding port 80 through your firewall. If all tests pass, then select "Request Certificate" letsencrypt should find your HTTP page and install the certificate. If you get a success message, you can click on the "Managed Certificates" tab to return to the main page and you should see your new certificate on the left hand side. If you get an error, follow the steps in the response provided by the program. If it works correctly, you should see your new certificate in IIS under “Server Certificates”.

Step 7 – Reverse Proxy

Now we’re ready to continue in IIS. When Certify The Web installs the certificate, it adds a HTTPS binding to your HTTP site. Right click on the site and choose Edit Bindings and choose the HTTPS binding and hit edit. Make sure that “Require Server Name Indication” (SNI) is checked and that your domain name is correct and the certificate is chosen. Now go back to your “subsonic” site and click on the URL Rewrite module. First we are going to redirect our HTTP traffic to HTTPS. Click Add Rule in the upper right hand corner and choose Blank Rule. Put in a name for the rule (Something like "RedirectToHTTPS") and put a wildcard(*) in the pattern box. Now expand Conditions and add a condition. In the Condition Input box type
Code: Select all
. The check input string is "Matches the Pattern". In the Pattern box type
Code: Select all
and hit Okay. Now set the Action to "Redirect" and in the Redirect Action box type
Code: Select all
. Now hit Apply in the upper right and then Back to Rules to return to the URL Rewrite page. We are now going to add another rule and this time choose “Reverse Proxy” option and enter in the hostname:4040
Code: Select all
. You can leave the SSL Offloading checked and click OK. Make sure that the "RedirectToHTTPS" rule is above the "URLRewrite" rule in the order. There you have it. You should now be able to browse to your hostname in a web browser using HTTP and it will redirect to HTTPS and then use reverse proxy to connect into your subsonic installation.

If everything is working, you are all set. You can now browse to Subsonic over HTTPS and your certificate should automatically stay up to date using Letsencrypt. If any of you have any questions or issues with the process, please feel free to reach out to me via email:
Last edited by b.bassett on Sat Mar 16, 2019 8:12 pm, edited 3 times in total.
Posts: 9
Joined: Thu Jan 19, 2017 10:51 pm

Re: Guide: Subsonic with Letsencrypt SSL using IIS

Postby alphawave7 » Fri Jun 30, 2017 3:52 am

Dynamite tute. Brian! Yes, you do rock! 8)
Posts: 1042
Joined: Thu Feb 11, 2010 9:54 am

Re: Guide: Subsonic with Letsencrypt SSL using IIS

Postby LRanger » Mon Jul 03, 2017 4:53 am

To make a small addition to this excellent guide; provides a free dynamic DNS that can be used with Letsencrypt.
Posts: 47
Joined: Thu Mar 03, 2016 10:51 am

Re: Guide: Subsonic with Letsencrypt SSL using IIS (revised)

Postby b.bassett » Sat Mar 16, 2019 8:05 pm

I discovered a few quirks to the way the installation was detailed in this guide originally. Namely you would have to remove the added binding every time the certificate renewed and then restart the site that was stopped. I have reworked it to include the Certify The Web application for handling the certificates, as well as changing the way the site was handled in IIS. The updated method does not require you to disable and re-enable the HTTP Redirect in order for the certificate renewal to take place. And you only need to create 1 site in IIS instead of 2.
Posts: 9
Joined: Thu Jan 19, 2017 10:51 pm

Re: Guide: Subsonic with Letsencrypt SSL using IIS (revised)

Postby Redsyrup » Tue Jan 21, 2020 9:53 pm

Thank you so much! I happened to have IIS installed on the same server when trying to setup a Windows FTP service and used that install to implement your Reverse Proxy SSL. Worked like a charm. I then setup my Ubooquity and BlueIris Services to use the same technique with the same SSL just bound on different ports with additional rules filtering for each incoming {SERVER_PORT}. I really can't thank you enough for teaching me something new! Have a wonderful year OP! :D
Posts: 6
Joined: Sun May 06, 2012 4:36 am

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 3 guests