Exchange 2016 Let's Encrypt Setup
-
Download the Latest Release of win-acme from here
https://github.com/PKISharp/win-acme/releasesExtract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).
Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from
FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
to
FileName = $StorePath
Modify the C:\letsencrypt\scripts\PSScript.bat file to thispowershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3Then run the following to get the lets encrypt setup
letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"Then your SSL in your Exchange should change to the Let's encrypt one.
NOTE:See the source for the Import to Exchange SSL fix below:
-
Why would I want to use this when I already have an SSL cert on Exchange?
-
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
-
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
And plus is automated.
-
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..
-
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..
What part of Let's Encrypt have you never heard of?
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..
What part of Let's Encrypt have you never heard of?
I've literally never heard of it before now, hehe...
-
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..
What part of Let's Encrypt have you never heard of?
I've literally never heard of it before now, hehe...
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..
What part of Let's Encrypt have you never heard of?
I've literally never heard of it before now, hehe...
I'm reading up on it now..
-
@dave247 said in Exchange 2016 Let's Encrypt Setup:
@Dashrender said in Exchange 2016 Let's Encrypt Setup:
@dave247 said in Exchange 2016 Let's Encrypt Setup:
Why would I want to use this when I already have an SSL cert on Exchange?
Because when it's time to renew, you can renew for free.
How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..
No catch, it's not something that really costs money to provide. The EFF, one of the most important non-profits in all of technology, has been providing certs for free for quite some time now. SSL Certs are definitely something that you'd expect to be free, it just took a bit for the market to iron itself out.
-
Defiantly was a good project started by Mozilla, Cisco and others. Helped and stopped companies taking advantage and charging stupid prices on wildcard certs as well.
-
@dbeato said in Exchange 2016 Let's Encrypt Setup:
Download the Latest Release of win-acme from here
https://github.com/PKISharp/win-acme/releasesExtract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).
Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from
FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
to
FileName = $StorePath
Modify the C:\letsencrypt\scripts\PSScript.bat file to thispowershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3Then run the following to get the lets encrypt setup
letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"Then your SSL in your Exchange should change to the Let's encrypt one.
NOTE:See the source for the Import to Exchange SSL fix below:
Thank you for posting these instructions. I just ran this on a 2013 server and everything worked for the most part. The only issue I ran into is that the certificate only generated 1 of the 2 names on the certificate.
"--manualhost mail.domain.com,autodiscover.domain.com" included the first domain but not the autodiscover domain as a subject alternative name. Any idea what I am missing?
Thanks
-
I figured it out. I added single quotes at the beginning and end of the domain list.
-
@syko24 said in Exchange 2016 Let's Encrypt Setup:
I figured it out. I added single quotes at the beginning and end of the domain list.
Awesome! If anything I will change my guide if I find it causing issues.
-
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
It is working on my version 1.9.12.1
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
-
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
-
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
-
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
@dbeato said in Exchange 2016 Let's Encrypt Setup:
@JaredBusch said in Exchange 2016 Let's Encrypt Setup:
Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.
it has changed.
But I know what you mean, they actually finally fixed that issue.
No you apparently have no idea WTF i just said..
You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.
No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.
