More info: https://cultiv.nl/blog/lets-encrypt-on-windows/

## LetsEncrypt.ps1
Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1
$domain = "mydomain.com"
$certificiatePassword = "abcd1234"
$email = "letsencrypt@mydomain.com"
$vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid()
mkdir $vault
cd $vault

Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/
New-ACMERegistration -Contacts mailto:$email
Update-ACMERegistration -AcceptTOS

New-ACMEIdentifier -Dns $domain -Alias dns1
New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt
# NOTE: I've chosen manual here, automated options are available:
# https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers

Get-ACMEIdentifier -Ref dns1
$completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider
$challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer
$key = $challengeAnswer.Key
Write-Host ""
Write-Host "Create folder structure on $domain like so:"
Write-Host "$domain/$key"
Write-Host "Put an index.html file in that location that contains:"
Write-Host $challengeAnswer.Value

#==================================================================================#
# Follow manual steps before proceeding                                            #
# TODO: automate this, there are automated options available                       #
# See - https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers #
#==================================================================================#

$challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01
While ($challenge.Status -eq "pending") {
    Start-Sleep -m 500 # wait half a second before trying
    Write-Host "Status is still 'pending', waiting for it to change..."
    $challenge = Update-ACMEIdentifier -Ref dns1
}

If($challenge.Status -eq "valid") {
    New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate
    # NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP
    # New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem
    $certificateInfo = Submit-ACMECertificate -Ref cert1

    While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) {
        Start-Sleep -m 500 # wait half a second before trying
        Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..."
        $certificateInfo = Update-ACMECertificate -Ref cert1
    }

    Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword

    Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now"
} Else {
    $message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status
    Write-Host $message
}
	Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1
	$domain = "mydomain.com"
	$certificiatePassword = "abcd1234"
	$email = "letsencrypt@mydomain.com"
	$vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid()
	mkdir $vault
	cd $vault

	Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/
	New-ACMERegistration -Contacts mailto:$email
	Update-ACMERegistration -AcceptTOS

	New-ACMEIdentifier -Dns $domain -Alias dns1
	New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt
	# NOTE: I've chosen manual here, automated options are available:
	# https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers

	Get-ACMEIdentifier -Ref dns1
	$completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider
	$challengeAnswer = ($completedChallenge.Challenges \| Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer
	$key = $challengeAnswer.Key
	Write-Host ""
	Write-Host "Create folder structure on $domain like so:"
	Write-Host "$domain/$key"
	Write-Host "Put an index.html file in that location that contains:"
	Write-Host $challengeAnswer.Value

	#==================================================================================#
	# Follow manual steps before proceeding #
	# TODO: automate this, there are automated options available #
	# See - https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers #
	#==================================================================================#

	$challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01
	While ($challenge.Status -eq "pending") {
	Start-Sleep -m 500 # wait half a second before trying
	Write-Host "Status is still 'pending', waiting for it to change..."
	$challenge = Update-ACMEIdentifier -Ref dns1
	}

	If($challenge.Status -eq "valid") {
	New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate
	# NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP
	# New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem
	$certificateInfo = Submit-ACMECertificate -Ref cert1

	While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) {
	Start-Sleep -m 500 # wait half a second before trying
	Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..."
	$certificateInfo = Update-ACMECertificate -Ref cert1
	}

	Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword

	Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now"
	} Else {
	$message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status
	Write-Host $message
	}