Let's Encrypt & Microsoft Remote Desktop (Windows Server 2016) - Installation Script

RDS_INSTALL.bat

@echo off
"C:\Program Files\letsencrypt-win-simple\letsencrypt.exe" --renew --baseuri "https://acme-v01.api.letsencrypt.org/"

REM run powershell script, bypassing security warnings for 3rd-party script
powershell -ExecutionPolicy bypass -File "C:\Program Files\letsencrypt-win-simple\RDS_INSTALL_CERT.ps1"

RDS_INSTALL_CERT.ps1

# import Let's Encrypt PFX cert for domain (must first be installed with https://github.com/Lone-Coder/letsencrypt-win-simple)
Import-PfxCertificate -CertStoreLocation "cert:\LocalMachine\My" -FilePath "C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\fishtalk.kuhlbarra.com-all.pfx"

# get a reference to the config instance
$tsgs = gwmi -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'"

# grab the thumbprint of the first SSL cert in the computer store
$thumb = (gci -path "cert:/LocalMachine/My" | select -first 1).Thumbprint

# set the new thumbprint value
swmi -path $tsgs.__path -argument @{SSLCertificateSHA1Hash="$thumb"}

$path = (gwmi -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
swmi -Path $path -argument @{SSLCertificateSHA1Hash="$thumb"}