-
-
Save ITSecMedia/acea1ed65f1fa27a8124d29673780ed5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module -Name D:\Temp\ACME-posh\ACMEPowerShell.psd1 | |
| $domain = "mydomain.com" | |
| $certificiatePassword = "abcd1234" | |
| $email = "[email protected]" | |
| $vault = "D:\Vault\{0}\{1}" -f $domain, [guid]::NewGuid() | |
| mkdir $vault | |
| cd $vault | |
| Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/ | |
| New-ACMERegistration -Contacts mailto:$email | |
| Update-ACMERegistration -AcceptTOS | |
| New-ACMEIdentifier -Dns $domain -Alias dns1 | |
| New-ACMEProviderConfig -WebServerProvider Manual -Alias manualHttpProvider -FilePath $vault\answer.txt | |
| # NOTE: I've chosen manual here, automated options are available: | |
| # https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers | |
| Get-ACMEIdentifier -Ref dns1 | |
| $completedChallenge = Complete-ACMEChallenge -Ref dns1 -Challenge http-01 -ProviderConfig manualHttpProvider | |
| $challengeAnswer = ($completedChallenge.Challenges | Where-Object { $_.Type -eq "http-01" }).ChallengeAnswer | |
| $key = $challengeAnswer.Key | |
| Write-Host "" | |
| Write-Host "Create folder structure on $domain like so:" | |
| Write-Host "$domain/$key" | |
| Write-Host "Put an index.html file in that location that contains:" | |
| Write-Host $challengeAnswer.Value | |
| #==================================================================================# | |
| # Follow manual steps before proceeding # | |
| # TODO: automate this, there are automated options available # | |
| # See - https://github.com/ebekker/ACMESharp/wiki/Example-Usage#defining-providers # | |
| #==================================================================================# | |
| $challenge = Submit-ACMEChallenge -Ref dns1 -Challenge http-01 | |
| While ($challenge.Status -eq "pending") { | |
| Start-Sleep -m 500 # wait half a second before trying | |
| Write-Host "Status is still 'pending', waiting for it to change..." | |
| $challenge = Update-ACMEIdentifier -Ref dns1 | |
| } | |
| If($challenge.Status -eq "valid") { | |
| New-ACMECertificate -Identifier dns1 -Alias cert1 -Generate | |
| # NOTE: If you have existing keys you can use them as well, this is good to do if you want to use HPKP | |
| # New-ACMECertificate -Identifier dns1 -Alias cert1 -KeyPemFile path\to\key.pem -CsrPemFile path\to\csr.pem | |
| $certificateInfo = Submit-ACMECertificate -Ref cert1 | |
| While([string]::IsNullOrEmpty($certificateInfo.IssuerSerialNumber)) { | |
| Start-Sleep -m 500 # wait half a second before trying | |
| Write-Host "IssuerSerialNumber is not set yet, waiting for it to be populated..." | |
| $certificateInfo = Update-ACMECertificate -Ref cert1 | |
| } | |
| Get-ACMECertificate -Ref cert1 -ExportPkcs12 cert1-all.pfx -CertificatePassword $certificiatePassword | |
| Write-Host "All done, there's a cert1-all.pfx file in $vault with password $certificiatePassword for you to use now" | |
| } Else { | |
| $message = "Status is '{0}', can't continue as it is not 'valid'." -f $challenge.Status | |
| Write-Host $message | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment