Created
May 15, 2018 06:22
-
-
Save Koubek/e1b0703b98df865c912dc2583984c15a to your computer and use it in GitHub Desktop.
bc-on-docker-letsencrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Invoke default behavior | |
| . (Join-Path $runPath $MyInvocation.MyCommand.Name) | |
| . (Join-Path $PSScriptHost 'Deploy-LetsEncrypt.ps1') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use Lets encrypt | |
| # This script is not perfect because it doesn't check if the certificate is being created and valid | |
| # and also it doesn't include its update once the expire date is very close. | |
| $ContactEMailForLetsEncrypt = $env:ContactEMailForLetsEncrypt | |
| $dnsAlias = $env:dnsAlias | |
| $certAlias = "certAlias" | |
| $certPassword = [GUID]::NewGuid().ToString() | |
| $certPfxFilename = "c:\ProgramData\nav-on-docker\certificate.pfx" | |
| $certPemFilename = "c:\ProgramData\nav-on-docker\certificate.pem" | |
| # $publicDnsName | |
| try { | |
| Log "Installing ACMESharp PowerShell modules" | |
| Install-Module -Name ACMESharp -AllowClobber -force -ErrorAction SilentlyContinue | |
| Install-Module -Name ACMESharp.Providers.IIS -force -ErrorAction SilentlyContinue | |
| Import-Module ACMESharp | |
| Enable-ACMEExtensionModule -ModuleName ACMESharp.Providers.IIS -ErrorAction SilentlyContinue | |
| Log "Initializing ACMEVault" | |
| Initialize-ACMEVault | |
| Log "Register Contact EMail address and accept Terms Of Service" | |
| New-ACMERegistration -Contacts "mailto:$ContactEMailForLetsEncrypt" -AcceptTos | |
| Log "Creating new dns Identifier" | |
| $dnsAlias = "dnsAlias" | |
| New-ACMEIdentifier -Dns $publicDnsName -Alias $dnsAlias | |
| Log "Performing Lets Encrypt challenge to default web site" | |
| Complete-ACMEChallenge -IdentifierRef $dnsAlias -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = 'Default Web Site' } | |
| Submit-ACMEChallenge -IdentifierRef $dnsAlias -ChallengeType http-01 | |
| sleep -s 60 | |
| Update-ACMEIdentifier -IdentifierRef $dnsAlias | |
| Log "Requesting certificate" | |
| Remove-Item -Path $certPfxFilename -Force -ErrorAction Ignore | |
| New-ACMECertificate -Generate -IdentifierRef $dnsAlias -Alias $certAlias | |
| Submit-ACMECertificate -CertificateRef $certAlias | |
| Update-ACMECertificate -CertificateRef $certAlias | |
| Get-ACMECertificate -CertificateRef $certAlias -ExportPkcs12 $certPfxFilename -CertificatePassword $certPassword | |
| Remove-Item -Path $certPemFilename -Force -ErrorAction Ignore | |
| Get-ACMECertificate -CertificateRef $certAlias -ExportKeyPEM $certPemFilename | |
| $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPfxFilename, $certPassword) | |
| $certificateThumbprint = $cert.Thumbprint | |
| Write-Host "Certificate File Thumbprint $certificateThumbprint" | |
| if (!(Get-Item Cert:\LocalMachine\my\$certificateThumbprint -ErrorAction SilentlyContinue)) { | |
| Write-Host "Import Certificate to LocalMachine\my" | |
| Import-PfxCertificate -FilePath $certPfxFilename -CertStoreLocation cert:\localMachine\my -Password (ConvertTo-SecureString -String $certPassword -AsPlainText -Force) | Out-Null | |
| } | |
| $dnsidentity = $cert.GetNameInfo("SimpleName",$false) | |
| if ($dnsidentity.StartsWith("*")) { | |
| $dnsidentity = $dnsidentity.Substring($dnsidentity.IndexOf(".")+1) | |
| } | |
| } catch { | |
| Log -color Red $_.ErrorDetails.Message | |
| Log -color Red "Reverting to Self Signed Certificate" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment