Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1
$domain = "mydomain.com"
$certificiatePassword = "abcd1234"
$email = "letsencrypt@mydomain.com"
$vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid()
mkdir $vault
cd $vault
Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/
New-ACMERegistration -Contacts mailto:$email
Update-ACMERegistration -AcceptTOS
New-ACMEIdentifier -Dns $domain -Alias dns1
New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt
# NOTE: I've chosen manual here, automated options are available:
# https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers
Get-ACMEIdentifier -Ref dns1
$completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider
$challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer
$key = $challengeAnswer.Key
Write-Host ""
Write-Host "Create folder structure on $domain like so:"
Write-Host "$domain/$key"
Write-Host "Put an index.html file in that location that contains:"
Write-Host $challengeAnswer.Value
#==================================================================================#
# Follow manual steps before proceeding #
# TODO: automate this, there are automated options available #
# See - https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers #
#==================================================================================#
$challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01
While ($challenge.Status -eq "pending") {
Start-Sleep -m 500 # wait half a second before trying
Write-Host "Status is still 'pending', waiting for it to change..."
$challenge = Update-ACMEIdentifier -Ref dns1
}
If($challenge.Status -eq "valid") {
New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate
# NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP
# New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem
$certificateInfo = Submit-ACMECertificate -Ref cert1
While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) {
Start-Sleep -m 500 # wait half a second before trying
Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..."
$certificateInfo = Update-ACMECertificate -Ref cert1
}
Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword
Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now"
} Else {
$message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status
Write-Host $message
}
@GLubomirov

This comment has been minimized.

Copy link

GLubomirov commented Dec 1, 2017

Awesome! Here's a PS Script completely automating the Certificate Request and IIS Site Binding. It works for Renewals also.
https://github.com/GLubomirov/Lets-Encrypt_Automate_PowerShell

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.