gazd25/renewexchangecert.ps1

## renewexchangecert.ps1
# Add Exchange management tools snappin

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

# Create new self signed certificate to be used only during script

[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
[System.Windows.Forms.SendKeys]::SendWait("N")
Start-Sleep 1
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')

New-ExchangeCertificate -DomainName fakecert.fakecert.com

# Pop-Up Here needs to be accepted with a no, handled by sendkeys above

# Create variable for fakecert certificate of $thumbprint1, this command matches the correct cert, and then pipes only the certs thumbprint in to the
# variable using Select -ExpandProperty, no real need to edit this unless you dont like fakecert.fakecert.com :)

$thumbprint1=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "fakecert.fakecert.com" -and $_.IsSelfSigned -match "true"} | Select -ExpandProperty Thumbprint

# Enable fakecert certificate for all services using $thumbprint1 variable

[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
[System.Windows.Forms.SendKeys]::SendWait("N")
Start-Sleep 1
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')

Enable-ExchangeCertificate -Thumbprint $thumbprint1 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10

# Pop-Up Here needs to be accepted with a no, handled by sendkeys above

# Create variable for old LetsEncrypt certificate of $thumbprint2, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using
# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate.

$thumbprint2=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint

# Remove old LetsEncrypt certificate using $thumbprint2 variable

Remove-ExchangeCertificate -Thumbprint $thumbprint2 -Confirm:$false

# Import new LetsEncrypt certificate, change the path to your PFX file C:\pathtoyourpfxcert\yourpfxcert.pfx and the password in between the quotes here

Import-ExchangeCertificate -FileName "C:\pathtoyourpfxcert\yourpfxcert.pfx" -Password (ConvertTo-SecureString -String 'yourpassword' -AsPlainText -Force)

# Create variable for new LetsEncrypt certificate of thumbprint3, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using
# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate.

$thumbprint3=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint

# Enable new LetsEncrypt certificate for all services using thumbprint3 variable

[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
[System.Windows.Forms.SendKeys]::SendWait("N")
Start-Sleep 1
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')

Enable-ExchangeCertificate -Thumbprint $thumbprint3 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10

# Pop-Up Here needs to be accepted with a no, handled by sendkeys above

# Remove fakecert certificate using thumbprint1 variable now it's done it's job

Remove-ExchangeCertificate -Thumbprint $thumbprint1 -Confirm:$false
	# Add Exchange management tools snappin

	Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

	# Create new self signed certificate to be used only during script

	[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
	[System.Windows.Forms.SendKeys]::SendWait("N")
	Start-Sleep 1
	[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')

	New-ExchangeCertificate -DomainName fakecert.fakecert.com

	# Pop-Up Here needs to be accepted with a no, handled by sendkeys above

	# Create variable for fakecert certificate of $thumbprint1, this command matches the correct cert, and then pipes only the certs thumbprint in to the
	# variable using Select -ExpandProperty, no real need to edit this unless you dont like fakecert.fakecert.com :)

	$thumbprint1=Get-ExchangeCertificate \| select certificatedomains,isselfsigned,thumbprint \| where {$_.CertificateDomains -match "fakecert.fakecert.com" -and $_.IsSelfSigned -match "true"} \| Select -ExpandProperty Thumbprint

	# Enable fakecert certificate for all services using $thumbprint1 variable

	[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
	[System.Windows.Forms.SendKeys]::SendWait("N")
	Start-Sleep 1
	[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')

	Enable-ExchangeCertificate -Thumbprint $thumbprint1 -Services IIS,SMTP,IMAP,POP \| Start-Sleep 10

	# Pop-Up Here needs to be accepted with a no, handled by sendkeys above

	# Create variable for old LetsEncrypt certificate of $thumbprint2, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using
	# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate.

	$thumbprint2=Get-ExchangeCertificate \| select certificatedomains,isselfsigned,thumbprint \| where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} \| Select -ExpandProperty Thumbprint

	# Remove old LetsEncrypt certificate using $thumbprint2 variable

	Remove-ExchangeCertificate -Thumbprint $thumbprint2 -Confirm:$false

	# Import new LetsEncrypt certificate, change the path to your PFX file C:\pathtoyourpfxcert\yourpfxcert.pfx and the password in between the quotes here

	Import-ExchangeCertificate -FileName "C:\pathtoyourpfxcert\yourpfxcert.pfx" -Password (ConvertTo-SecureString -String 'yourpassword' -AsPlainText -Force)

	# Create variable for new LetsEncrypt certificate of thumbprint3, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using
	# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate.

	$thumbprint3=Get-ExchangeCertificate \| select certificatedomains,isselfsigned,thumbprint \| where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} \| Select -ExpandProperty Thumbprint

	# Enable new LetsEncrypt certificate for all services using thumbprint3 variable

	[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
	[System.Windows.Forms.SendKeys]::SendWait("N")
	Start-Sleep 1
	[System.Windows.Forms.SendKeys]::SendWait('{ENTER}')

	Enable-ExchangeCertificate -Thumbprint $thumbprint3 -Services IIS,SMTP,IMAP,POP \| Start-Sleep 10

	# Pop-Up Here needs to be accepted with a no, handled by sendkeys above

	# Remove fakecert certificate using thumbprint1 variable now it's done it's job

	Remove-ExchangeCertificate -Thumbprint $thumbprint1 -Confirm:$false