Using Netcam Studio with Let's Encrypt Free TLS/SSL Certificates

I was able to configure Netcam Studio for https using a free certificate from Lets Enrypt. I have my own domain registered with ( and I set up a sub domain for use by Netcam Studio ( this uses dynamic DNS through Up until now this subdomain was running on plain old http, so I was starting to see the mixed content issues with my main site.

To create a Lets Enrypt certificate I followed these instructions to install certbot on my Netcam Studio Server. I also had to make sure I port forwarded port 80 to the server because certbot uses this to prove that you own the server and also will automatically renew the certificate every 3 months. It’s safe to leave port 80 open since it will only be live while certbot is doing it’s thing. I run Netcam Studio on port 8100. Also if you run the Windows Defender Firewall, make sure you allow port 80 traffic for certbot - the certbot installer doesn’t do this for you.

I ran the command certbot certonly --standalone

Running certbot will prompt you for some information including the domain you would like to create a certificate for - I entered It will then generate a certificate for you and place it in C:\Certbot\live[certificate_name]. It actually creates several variations. You want to use the one named fullchain.pem.

Since certbot creates pem files you will need to convert it to a pfx. You can do this various ways including online via this site

Once you have your fullchain.pfx file follow the netcam studio directions for importing the certificate into the Windows certificate store and copying to the Netcam Studio folder, and configuring the Netcam Studio configuration files.

Webrowsers are now much happier with my site

1 Like

Thank you very much for this excellent tutorial and sharing this with our users.

Did you do the certificate convert every 3 month by your own?

He writes:


Yes I read that but he write that he has to convert the certificate.

I will let you know when the 1st renewal occurs. I think certbot updates the installed cert, but not certain.

1 Like

Regarding the automatic renewal. There are some other problems to solve. Here’s what I did.

Each time the cert renews, you do need to convert it to a pfx, copy the pfx file to the Netcam Studio folder and also install the cert into the local store. To automate that I did this…

Download and install OpenSSL 64 bit for windows. You’ll end up with a folder that contains openssl.exe.
In this folder create convert.bat and save this in it. Modify the openssl path to wherever you installed it.

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""C:\openssl\convert.ps1""' -Verb RunAs}"

In the same folder create convert.ps1 and save this in it. Again, modify the paths as needed. I’m also assuming you are running Netcamstudio as a service.

Stop-Service -Name "NetcamStudioSvc64"
& c:\openssl\openssl.exe pkcs12 -export -in C:\Certbot\live\\fullchain.pem -inkey C:\Certbot\live\\privkey.pem -out C:\openssl\fullchain1.pfx -passout pass:
Copy-Item "C:\openssl\fullchain1.pfx" -Destination "C:\Program Files\Netcam Studio - 64-bit\fullchain1.pfx"
Import-PfxCertificate -FilePath C:\openssl\fullchain1.pfx -CertStoreLocation Cert:\LocalMachine\My
Start-Service -Name "NetcamStudioSvc64"

Modify the “Certbot Renew Task” scheduled task to run as SYSTEM for it to work properly. Also modify the Action to add a posthook parameter to run the above scripts at renewal.

-NoProfile -WindowStyle Hidden -Command "certbot renew --post-hook 'c:\openssl\convert.bat'"

1 Like

Thank you very much for information and solutions!