Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1
$domain = ""
$certificiatePassword = "abcd1234"
$email = ""
$vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid()
mkdir $vault
cd $vault
Initialize-ACMEVault -BaseURI
New-ACMERegistration -Contacts mailto:$email
Update-ACMERegistration -AcceptTOS
New-ACMEIdentifier -Dns $domain -Alias dns1
New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt
# NOTE: I've chosen manual here, automated options are available:
Get-ACMEIdentifier -Ref dns1
$completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider
$challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer
$key = $challengeAnswer.Key
Write-Host ""
Write-Host "Create folder structure on $domain like so:"
Write-Host "$domain/$key"
Write-Host "Put an index.html file in that location that contains:"
Write-Host $challengeAnswer.Value
# Follow manual steps before proceeding #
# TODO: automate this, there are automated options available #
# See - #
$challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01
While ($challenge.Status -eq "pending") {
Start-Sleep -m 500 # wait half a second before trying
Write-Host "Status is still 'pending', waiting for it to change..."
$challenge = Update-ACMEIdentifier -Ref dns1
If($challenge.Status -eq "valid") {
New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate
# NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP
# New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem
$certificateInfo = Submit-ACMECertificate -Ref cert1
While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) {
Start-Sleep -m 500 # wait half a second before trying
Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..."
$certificateInfo = Update-ACMECertificate -Ref cert1
Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword
Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now"
} Else {
$message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status
Write-Host $message

This comment has been minimized.

Copy link

@GLubomirov GLubomirov commented Dec 1, 2017

Awesome! Here's a PS Script completely automating the Certificate Request and IIS Site Binding. It works for Renewals also.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment