Automatic HTTP Certificates with Let's Encrypt
From Tech-Wiki
In order to use this, you'll need CloudFlare DNS (which is free). If you rather using HTML validation instead of DNS, you can use this.
Then you need to run this monthly via Task Scheduler with elevated privileges.
$Domain = "www.domain.com" $Email = "helpdesk@domain.com" $Token = "xxxxxxxxxxxxxxxx" $pfxfile = "c:\installs\$Domain.pfx" $password = ConvertTo-SecureString -String "abc123" -Force -AsPlainText # For SANs use: # $Domains = @("example.com", "www.example.com", "sub.example.com") # Set-PAOrder -MainDomain $Domains[0] -AltNames $Domains[1..($Domains.Count - 1)] # $cert = New-PACertificate -Domain $Domains -DnsPlugin Cloudflare -PluginArgs $pArgs try{ Import-Module -Name Posh-ACME Import-Module -Name Posh-ACME.Deploy #Identify as existing user Set-PAAccount -Contact $Email Set-PAOrder $Domain } catch{ # New installation - Run once Install-PackageProvider -Name NuGet -Force Install-Module -Name Posh-ACME -Force Install-Module -Name Posh-ACME.Deploy -Force Set-PAServer LE_PROD # (or LE_STAGE) # Identify and register New-PAAccount -AcceptTOS -Contact $Email # Request a new certificate New-PAOrder $Domain return "Installed, run this again" } $pArgs = @{ CFToken = (ConvertTo-SecureString -String $Token -AsPlainText -Force) } $cert = New-PACertificate $Domain -DnsPlugin Cloudflare -PluginArgs $pArgs # renew an existing certificate and bind it into IIS if ($cert = Submit-Renewal) { #Import Certificate into Windows Import-PfxCertificate -Password $cert.PfxPass -FilePath $cert.PfxFile -CertStoreLocation Cert:\LocalMachine\My -Exportable # Export certificate as PFX Export-PfxCertificate -Cert ("Cert:\LocalMachine\My\" + $cert.Thumbprint) -FilePath $pfxfile -Password $password # Bind new cert into IIS Get-WebBinding | Where-Object { $_.protocol -eq "https"} | ForEach-Object { $_.AddSslCertificate($cert.thumbprint, 'My') } }