Difference between revisions of "Automatic HTTP Certificates with Let's Encrypt"
From Tech-Wiki
| (5 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
| − | In order to use this, you'll need CloudFlare DNS (which is | + | In order to use this, you'll need CloudFlare DNS (which is free). If you rather using HTML validation instead of DNS, you can use [https://github.com/GLubomirov/Lets-Encrypt_Automate_PowerShell this]. |
| − | <nowiki> | + | Then you need to run this monthly via Task Scheduler with elevated privileges. |
| − | $Domain = " | + | |
| + | <nowiki> | ||
| + | $Domain = "www.domain.com" | ||
$Email = "helpdesk@domain.com" | $Email = "helpdesk@domain.com" | ||
$Token = "xxxxxxxxxxxxxxxx" | $Token = "xxxxxxxxxxxxxxxx" | ||
$pfxfile = "c:\installs\$Domain.pfx" | $pfxfile = "c:\installs\$Domain.pfx" | ||
$password = ConvertTo-SecureString -String "abc123" -Force -AsPlainText | $password = ConvertTo-SecureString -String "abc123" -Force -AsPlainText | ||
| + | |||
| + | # For SANs use: | ||
| + | # $Domains = @("example.com", "www.example.com", "sub.example.com") | ||
| + | # Set-PAOrder -MainDomain $Domains[0] -AltNames $Domains[1..($Domains.Count - 1)] | ||
| + | # $cert = New-PACertificate -Domain $Domains -DnsPlugin Cloudflare -PluginArgs $pArgs | ||
try{ | try{ | ||
| Line 30: | Line 37: | ||
return "Installed, run this again" | return "Installed, run this again" | ||
} | } | ||
| − | |||
$pArgs = @{ | $pArgs = @{ | ||
| Line 49: | Line 55: | ||
$_.AddSslCertificate($cert.thumbprint, 'My') | $_.AddSslCertificate($cert.thumbprint, 'My') | ||
} | } | ||
| − | |||
} | } | ||
</nowiki> | </nowiki> | ||
Latest revision as of 19:24, 17 February 2025
In order to use this, you'll need CloudFlare DNS (which is free). If you rather using HTML validation instead of DNS, you can use this.
Then you need to run this monthly via Task Scheduler with elevated privileges.
$Domain = "www.domain.com"
$Email = "helpdesk@domain.com"
$Token = "xxxxxxxxxxxxxxxx"
$pfxfile = "c:\installs\$Domain.pfx"
$password = ConvertTo-SecureString -String "abc123" -Force -AsPlainText
# For SANs use:
# $Domains = @("example.com", "www.example.com", "sub.example.com")
# Set-PAOrder -MainDomain $Domains[0] -AltNames $Domains[1..($Domains.Count - 1)]
# $cert = New-PACertificate -Domain $Domains -DnsPlugin Cloudflare -PluginArgs $pArgs
try{
Import-Module -Name Posh-ACME
Import-Module -Name Posh-ACME.Deploy
#Identify as existing user
Set-PAAccount -Contact $Email
Set-PAOrder $Domain
} catch{
# New installation - Run once
Install-PackageProvider -Name NuGet -Force
Install-Module -Name Posh-ACME -Force
Install-Module -Name Posh-ACME.Deploy -Force
Set-PAServer LE_PROD # (or LE_STAGE)
# Identify and register
New-PAAccount -AcceptTOS -Contact $Email
# Request a new certificate
New-PAOrder $Domain
return "Installed, run this again"
}
$pArgs = @{
CFToken = (ConvertTo-SecureString -String $Token -AsPlainText -Force)
}
$cert = New-PACertificate $Domain -DnsPlugin Cloudflare -PluginArgs $pArgs
# renew an existing certificate and bind it into IIS
if ($cert = Submit-Renewal) {
#Import Certificate into Windows
Import-PfxCertificate -Password $cert.PfxPass -FilePath $cert.PfxFile -CertStoreLocation Cert:\LocalMachine\My -Exportable
# Export certificate as PFX
Export-PfxCertificate -Cert ("Cert:\LocalMachine\My\" + $cert.Thumbprint) -FilePath $pfxfile -Password $password
# Bind new cert into IIS
Get-WebBinding | Where-Object { $_.protocol -eq "https"} | ForEach-Object {
$_.AddSslCertificate($cert.thumbprint, 'My')
}
}