Exchange 2016 Let's Encrypt Setup
-
Defiantly was a good project started by Mozilla, Cisco and others. Helped and stopped companies taking advantage and charging stupid prices on wildcard certs as well.
-
@dbeato said in Exchange 2016 Let's Encrypt Setup:
Download the Latest Release of win-acme from here
https://github.com/PKISharp/win-acme/releasesExtract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).
Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from
FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
to
FileName = $StorePath
Modify the C:\letsencrypt\scripts\PSScript.bat file to thispowershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3Then run the following to get the lets encrypt setup
letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"Then your SSL in your Exchange should change to the Let's encrypt one.
NOTE:See the source for the Import to Exchange SSL fix below:
Thank you for posting these instructions. I just ran this on a 2013 server and everything worked for the most part. The only issue I ran into is that the certificate only generated 1 of the 2 names on the certificate.
"--manualhost mail.domain.com,autodiscover.domain.com" included the first domain but not the autodiscover domain as a subject alternative name. Any idea what I am missing?
Thanks
-
I figured it out. I added single quotes at the beginning and end of the domain list.
-
@syko24 said in Exchange 2016 Let's Encrypt Setup:
I figured it out. I added single quotes at the beginning and end of the domain list.
Awesome! If anything I will change my guide if I find it causing issues.
-
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
It is working on my version 1.9.12.1
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
-
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
-
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.
Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.
-
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.
Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.
Except couldn't launch
wacs.exe. It crashed everytime.
Switched back to 1.9 and it all worked.Also has nothing to do with his instructions being bad by pointing to "Latest"
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.
Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.
Except couldn't launch
wacs.exe. It crashed everytime.
Switched back to 1.9 and it all worked.LOL - yet they just closed the case on the 1.9 thread because they claimed it worked.
-
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.
Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.
I see... https://github.com/PKISharp/win-acme/releases bah me
-
Attempting this on Server 2008R2 running Exchange 2010, right now.
It is attempting to install the cert in Exchange atm.. the cert was created successfully.
Taking a long ass time.. but this is an old slow server scheduled to be decommissions by this time next year.
-
Going with fail, I bet due to powershell 2.0
-
Maybe not total fail? OWA shows the new cert.
-
EMC shows it is assigned to all services and the schedule task is there.
Calling this a win.
