Let's Encrypt & Microsoft Exchange - Installation Script

ExchangeInstallLE.bat

"C:\Program Files\Lets Encrypt\letsencrypt.exe" --renew --baseuri "https://acme-v01.api.letsencrypt.org/"
powershell -File "C:\Program Files\Lets Encrypt\ExchangeLetsEncrypt.ps1" -CertificateImport "C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\mail.example.com-all.pfx" -ServerName exchange.example.com

ExchangeLetsEncrypt.ps1

# A script to install a Let's Encrypt certificate in Exchange server
# Hacked together by Anthony Eden (https://mediarealm.com.au/)

param (

    [Parameter(Mandatory=$TRUE, HelpMessage="store the certificate locally (c:\)")]
    [String]
    $CertificateImport,

    [Parameter(Mandatory=$TRUE, HelpMessage="Exchange Server FQDN")]
    [String]
    $ServerName
)

if ( ((get-date) - (ls $CertificateImport).LastWriteTime).minutes -gt 10){ exit }

add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010

# Find the thumbprint of this certificate
$certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certPrint.Import($CertificateImport)

Import-ExchangeCertificate -Server $ServerName -FileName $CertificateImport
Enable-ExchangeCertificate -Thumbprint $certPrint.Thumbprint -Services POP,IMAP,IIS,SMTP -Confirm

# Add the cert to the default site in IIS
$binding = Get-WebBinding -Name "Default Web Site" -Protocol "https"
$binding.AddSslCertificate($certPrint.GetCertHashString(), "my")

# Add the cert to the Exchange Backend site in IIS
$binding = Get-WebBinding -Name "Exchange Back End" -Protocol "https"
$binding.AddSslCertificate($certPrint.GetCertHashString(), "my")