Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1 | |
$domain = "mydomain.com" | |
$certificiatePassword = "abcd1234" | |
$email = "letsencrypt@mydomain.com" | |
$vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid() | |
mkdir $vault | |
cd $vault | |
Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/ | |
New-ACMERegistration -Contacts mailto:$email | |
Update-ACMERegistration -AcceptTOS | |
New-ACMEIdentifier -Dns $domain -Alias dns1 | |
New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt | |
# NOTE: I've chosen manual here, automated options are available: | |
# https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers | |
Get-ACMEIdentifier -Ref dns1 | |
$completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider | |
$challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer | |
$key = $challengeAnswer.Key | |
Write-Host "" | |
Write-Host "Create folder structure on $domain like so:" | |
Write-Host "$domain/$key" | |
Write-Host "Put an index.html file in that location that contains:" | |
Write-Host $challengeAnswer.Value | |
#==================================================================================# | |
# Follow manual steps before proceeding # | |
# TODO: automate this, there are automated options available # | |
# See - https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers # | |
#==================================================================================# | |
$challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01 | |
While ($challenge.Status -eq "pending") { | |
Start-Sleep -m 500 # wait half a second before trying | |
Write-Host "Status is still 'pending', waiting for it to change..." | |
$challenge = Update-ACMEIdentifier -Ref dns1 | |
} | |
If($challenge.Status -eq "valid") { | |
New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate | |
# NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP | |
# New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem | |
$certificateInfo = Submit-ACMECertificate -Ref cert1 | |
While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) { | |
Start-Sleep -m 500 # wait half a second before trying | |
Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..." | |
$certificateInfo = Update-ACMECertificate -Ref cert1 | |
} | |
Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword | |
Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now" | |
} Else { | |
$message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status | |
Write-Host $message | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Awesome! Here's a PS Script completely automating the Certificate Request and IIS Site Binding. It works for Renewals also.
https://github.com/GLubomirov/Lets-Encrypt_Automate_PowerShell