/LetsEncrypt.ps1
Last active Jan 2, 2019
| Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1 | |
| $domain = "mydomain.com" | |
| $certificiatePassword = "abcd1234" | |
| $email = "letsencrypt@mydomain.com" | |
| $vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid() | |
| mkdir $vault | |
| cd $vault | |
| Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/ | |
| New-ACMERegistration -Contacts mailto:$email | |
| Update-ACMERegistration -AcceptTOS | |
| New-ACMEIdentifier -Dns $domain -Alias dns1 | |
| New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt | |
| # NOTE: I've chosen manual here, automated options are available: | |
| # https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers | |
| Get-ACMEIdentifier -Ref dns1 | |
| $completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider | |
| $challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer | |
| $key = $challengeAnswer.Key | |
| Write-Host "" | |
| Write-Host "Create folder structure on $domain like so:" | |
| Write-Host "$domain/$key" | |
| Write-Host "Put an index.html file in that location that contains:" | |
| Write-Host $challengeAnswer.Value | |
| #==================================================================================# | |
| # Follow manual steps before proceeding # | |
| # TODO: automate this, there are automated options available # | |
| # See - https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers # | |
| #==================================================================================# | |
| $challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01 | |
| While ($challenge.Status -eq "pending") { | |
| Start-Sleep -m 500 # wait half a second before trying | |
| Write-Host "Status is still 'pending', waiting for it to change..." | |
| $challenge = Update-ACMEIdentifier -Ref dns1 | |
| } | |
| If($challenge.Status -eq "valid") { | |
| New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate | |
| # NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP | |
| # New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem | |
| $certificateInfo = Submit-ACMECertificate -Ref cert1 | |
| While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) { | |
| Start-Sleep -m 500 # wait half a second before trying | |
| Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..." | |
| $certificateInfo = Update-ACMECertificate -Ref cert1 | |
| } | |
| Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword | |
| Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now" | |
| } Else { | |
| $message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status | |
| Write-Host $message | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
GLubomirov commentedDec 1, 2017
Awesome! Here's a PS Script completely automating the Certificate Request and IIS Site Binding. It works for Renewals also.
https://github.com/GLubomirov/Lets-Encrypt_Automate_PowerShell