The win-acme client for Windows is a great tool to issue and renew Let's Encrypt certificates.

If your not familiar with Let's Encrypt certificates they a completely free SSL certificates which can be used with most web facing services.

Out of the box win-acme can handle IIS bindings, IIS FTP bindings and other services, it cannot however handle the automatic updating of the SSL certificate for the IIS Management Service (WMSVC) which is used by the Web Deploy service.

To solve this annoyance we have created a Powershell script which can be run after win-acme has generated the certificate, the Powershell script handles updating the IIS Management Service (WMSVC) with the new certificate.

First you will want to create a file called ImportWMSVC.ps1 and place it into the Scripts folder found next to the main win-acme file wacs.exe 

After you have created the file run the below command using Powershell from within the folder locating the wacs.exe fie

In this command we are passing the certificate thumbprint using the win-acme {CertThumbprint} parameter to the Powershell script, this is the glue which allows both the script and win-acme to work together.

.\wacs.exe --installation script --script "Scripts\ImportWMSVC.ps1" --scriptparameters "'{CertThumbprint}'" --certificatestore My

Once this completes you will now have the certificate issued and applied to the IIS Management Service (WMSVC), win-acme will then renew this certificate on a regular basis and automatically keep it up to date.

You can read more about using scripts with win-acme in their documentation on their website here:
https://www.win-acme.com/reference/plugins/installation/script