README.md

Installation

Page Installation:

Save the LetsEncrypt.xml file to the C:\ProgramData\UniversalAutomation\Repository\pages folder

Script Installation:

Create a New Script called New-LetsEncryptCertificate.ps1. Copy the contents of the ps1 script here into that file and save it.

NOTE: You'll need to update the section around the mailing of the certifcate in the $mailProps hashtable starting on line 47 to be pertinent to your environment.

Variable

You'll need a CloudflareToken Secret variable, with the value being the API Key token for your Cloudflare account. You can set this up by logging into Universal and navigating to Platform > Variables in the left-hand navigation menu.

Information on setting that up can be found here

You'll likely need to restart your PowerShellUniversal service to pick up the changes.

LetsEncrypt.xml

<?xml version="1.0" encoding="utf-8"?>
<Page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" Name="LetsEncrypt" Description="Front End for SSL Cert generation based on Let's Encrypt" Authenticated="false" ShowInNavigation="true" ShowNavigation="true">
  <Components>
    <Form Id="6594b4c1-92a7-4190-831c-88d36efd5530" Title="Certificate Details" Description="Enter Details for the certificate here" SuccessTitle="Certificate Generated!" SuccessDescription="You'll receive an email with your Certificate within 2 minutes." RefreshComponents="true">
      <Target Name="New-LetsEncryptCertificate.ps1" Type="script">
        <Fields>
          <Field Name="CertificateDnsName" Tooltip="Enter the Subject of the certificate you wish to generate. Supports Wildcard" Value="example.foo.org" Type="textbox" Required="false" />
          <Field Name="PFXPassphrase" Tooltip="This is the password on the certificate used to import it on other systems. DO NOT LOSE THIS ONCE YOU SET IT HERE" Type="textbox" Required="false" />
          <Field Name="ContactEmail" Tooltip="Email addresses for the contact on the certificate. Used to receive " Type="textbox" Required="false" />
        </Fields>
      </Target>
    </Form>
  </Components>
  <Layout>
    <Lg>
      <LayoutItem Id="6594b4c1-92a7-4190-831c-88d36efd5530" X="1" Y="0" W="17" H="17" />
    </Lg>
  </Layout>
  <AccessControls>All</AccessControls>
</Page>

New-LetsEncryptCertificate.ps1

[CmdletBinding()]
Param(
    [Parameter(Mandatory)]
    [String]
    $CertificateDnsName,

    [Parameter(Mandatory)]
    [String]
    $PFXPassphrase,

    [Parameter(Mandatory)]
    [String]
    $ContactEmail
)

process {

    if(-not (Test-Path 'C:\logs')){
        $null = New-Item 'C:\logs' -ItemType Directory
    }
    
    Start-Transcript C:\logs\Encrypt.log
    Import-Module Posh-Acme

        $RecordName = $($CertificateDnsName.Split('.')[0])

    $secToken = $CloudflareToken | ConvertTo-SecureString -AsPlainText -Force
    $pArgs = @{ 
        CFToken = $secToken
        TxtValue = $CertificateDnsName
        RecordName = $RecordName
    }

    $Certificate = New-PACertificate $CertificateDnsName -Plugin Cloudflare -PluginArgs $pArgs -PFXPass $PFXPassphrase -Contact $ContactEmail -AcceptTOS

    $tempPath = Join-Path $env:TEMP $((New-Guid).Guid)

    $null = New-Item $tempPath -ItemType Directory

    $CertificatePath = Split-Path -Parent ($Certificate).PFXFile

    $CertificateArchive = Join-Path $tempPath 'cert.zip'

    $null = Compress-Archive $CertificatePath -DestinationPath $CertificateArchive

    #This is setup using Papercut as a local SMTP server. Change the details here to match your environment
    $mailProps = @{
        SmtpServer = 'localhost'
        To = $ContactEmail
        From = 'certbot@example.org'
        Subject = "Your Let's Encrypt Certificate Is Here!"
        Body = 'Please find your certificate attached to this email'
        BodyAsHtml = $true
        Attachments = $CertificateArchive
    }

    Send-MailMessage @mailProps
    Stop-Transcript

    Remove-Item $tempPath -Recurse -Force
}