Created
June 12, 2018 07:44
-
-
Save gazd25/2b7418f27562c80ed3a12d0f379a05d8 to your computer and use it in GitHub Desktop.
Powershell Script for automating LetsEncrypt certificate renewal on Exchange 2013/2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add Exchange management tools snappin | |
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn; | |
# Create new self signed certificate to be used only during script | |
[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms") | |
[System.Windows.Forms.SendKeys]::SendWait("N") | |
Start-Sleep 1 | |
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}') | |
New-ExchangeCertificate -DomainName fakecert.fakecert.com | |
# Pop-Up Here needs to be accepted with a no, handled by sendkeys above | |
# Create variable for fakecert certificate of $thumbprint1, this command matches the correct cert, and then pipes only the certs thumbprint in to the | |
# variable using Select -ExpandProperty, no real need to edit this unless you dont like fakecert.fakecert.com :) | |
$thumbprint1=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "fakecert.fakecert.com" -and $_.IsSelfSigned -match "true"} | Select -ExpandProperty Thumbprint | |
# Enable fakecert certificate for all services using $thumbprint1 variable | |
[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms") | |
[System.Windows.Forms.SendKeys]::SendWait("N") | |
Start-Sleep 1 | |
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}') | |
Enable-ExchangeCertificate -Thumbprint $thumbprint1 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10 | |
# Pop-Up Here needs to be accepted with a no, handled by sendkeys above | |
# Create variable for old LetsEncrypt certificate of $thumbprint2, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using | |
# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate. | |
$thumbprint2=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint | |
# Remove old LetsEncrypt certificate using $thumbprint2 variable | |
Remove-ExchangeCertificate -Thumbprint $thumbprint2 -Confirm:$false | |
# Import new LetsEncrypt certificate, change the path to your PFX file C:\pathtoyourpfxcert\yourpfxcert.pfx and the password in between the quotes here | |
Import-ExchangeCertificate -FileName "C:\pathtoyourpfxcert\yourpfxcert.pfx" -Password (ConvertTo-SecureString -String 'yourpassword' -AsPlainText -Force) | |
# Create variable for new LetsEncrypt certificate of thumbprint3, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using | |
# Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate. | |
$thumbprint3=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint | |
# Enable new LetsEncrypt certificate for all services using thumbprint3 variable | |
[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms") | |
[System.Windows.Forms.SendKeys]::SendWait("N") | |
Start-Sleep 1 | |
[System.Windows.Forms.SendKeys]::SendWait('{ENTER}') | |
Enable-ExchangeCertificate -Thumbprint $thumbprint3 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10 | |
# Pop-Up Here needs to be accepted with a no, handled by sendkeys above | |
# Remove fakecert certificate using thumbprint1 variable now it's done it's job | |
Remove-ExchangeCertificate -Thumbprint $thumbprint1 -Confirm:$false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment