Difference between revisions of "Automatic HTTP Certificates with Let's Encrypt"

Revision as of 20:50, 16 February 2025

Back to Windows Server

In order to use this, you'll need CloudFlare DNS (which is Free). If you rather using HTML validation instead of DNS, you can use this.

$Domain = "fab.oriongroup.co.nz" $Email = "helpdesk@oriongroup.co.nz" $Token = "rNNsfK-BdYBeLinS2wtb9rfA4XRtpYA2SBAlgMqN" $pfxfile = "c:\installs\certs\$Domain.pfx" $password = ConvertTo-SecureString -String "abc123" -Force -AsPlainText try{ Import-Module -Name Posh-ACME Import-Module -Name Posh-ACME.Deploy #Identify as existing user Set-PAAccount -Contact $Email Set-PAOrder $Domain } catch{ # New installation - Run once Install-PackageProvider -Name NuGet -Force Install-Module -Name Posh-ACME -Force Install-Module -Name Posh-ACME.Deploy -Force Set-PAServer LE_PROD # (or LE_STAGE) # Identify and register New-PAAccount -AcceptTOS -Contact $Email # Request a new certificate New-PAOrder $Domain return "Installed, run this again" } $pArgs = @{ CFToken = (ConvertTo-SecureString -String $Token -AsPlainText -Force) } $cert = New-PACertificate $Domain -DnsPlugin Cloudflare -PluginArgs $pArgs # renew an existing certificate and bind it into IIS if ($cert = Submit-Renewal) { #Import Certificate into Windows Import-PfxCertificate -Password $cert.PfxPass -FilePath $cert.PfxFile -CertStoreLocation Cert:\LocalMachine\My -Exportable # Export certificate as PFX Export-PfxCertificate -Cert ("Cert:\LocalMachine\My\" + $cert.Thumbprint) -FilePath $pfxfile -Password $password # Bind new cert into IIS Get-WebBinding | Where-Object { $_.protocol -eq "https"} | ForEach-Object { $_.AddSslCertificate($cert.thumbprint, 'My') } }