For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server.
There is a way to use it like a normal CSR/CA setup in manual mode.
./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com
Eventually you will get prompted to create a certain path and file with certain data:
Create a file containing just this data:
Casdfasfadsfsad........
For a standalone system the solution is simple, just use the same version of Windows a copy a good version of:
C:windowsSecurityDatabasesecedit.sdb from another computer.
Then you should be able to login again without getting the nasty message "Local policy does not permit you to log on interactively."
Of course you will probably need a way of accessing the filesystem off-line in order to get to it such as a Linux boot disc.
Some........