ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Exchange 2016 Let's Encrypt Setup

    IT Discussion
    lets encrypt microsoft exchange ssl certificates exchange 2016 win-acme
    7
    28
    9131
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dbeato
      dbeato last edited by dbeato

      Download the Latest Release of win-acme from here
      https://github.com/PKISharp/win-acme/releases

      Extract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).

      0_1540938373066_f78fb187-77e9-499c-a2dc-110d536dc911-image.png

      Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from

      FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
      to
      FileName = $StorePath
      Modify the C:\letsencrypt\scripts\PSScript.bat file to this

      powershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3
      

      Then run the following to get the lets encrypt setup

      letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"
      

      Then your SSL in your Exchange should change to the Let's encrypt one.

      NOTE:See the source for the Import to Exchange SSL fix below:

      https://github.com/PKISharp/win-acme/issues/832

      syko24 1 Reply Last reply Reply Quote 1
      • dave247
        dave247 last edited by dave247

        Why would I want to use this when I already have an SSL cert on Exchange?

        Dashrender 1 Reply Last reply Reply Quote 0
        • Dashrender
          Dashrender @dave247 last edited by

          @dave247 said in Exchange 2016 Let's Encrypt Setup:

          Why would I want to use this when I already have an SSL cert on Exchange?

          Because when it's time to renew, you can renew for free.

          dbeato dave247 2 Replies Last reply Reply Quote 1
          • dbeato
            dbeato @Dashrender last edited by

            @Dashrender said in Exchange 2016 Let's Encrypt Setup:

            @dave247 said in Exchange 2016 Let's Encrypt Setup:

            Why would I want to use this when I already have an SSL cert on Exchange?

            Because when it's time to renew, you can renew for free.

            And plus is automated.

            1 Reply Last reply Reply Quote 1
            • dave247
              dave247 @Dashrender last edited by

              @Dashrender said in Exchange 2016 Let's Encrypt Setup:

              @dave247 said in Exchange 2016 Let's Encrypt Setup:

              Why would I want to use this when I already have an SSL cert on Exchange?

              Because when it's time to renew, you can renew for free.

              How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

              JaredBusch scottalanmiller 2 Replies Last reply Reply Quote 0
              • JaredBusch
                JaredBusch @dave247 last edited by

                @dave247 said in Exchange 2016 Let's Encrypt Setup:

                @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                @dave247 said in Exchange 2016 Let's Encrypt Setup:

                Why would I want to use this when I already have an SSL cert on Exchange?

                Because when it's time to renew, you can renew for free.

                How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

                What part of Let's Encrypt have you never heard of?

                dave247 1 Reply Last reply Reply Quote 4
                • dave247
                  dave247 @JaredBusch last edited by

                  @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                  @dave247 said in Exchange 2016 Let's Encrypt Setup:

                  @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                  @dave247 said in Exchange 2016 Let's Encrypt Setup:

                  Why would I want to use this when I already have an SSL cert on Exchange?

                  Because when it's time to renew, you can renew for free.

                  How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

                  What part of Let's Encrypt have you never heard of?

                  I've literally never heard of it before now, hehe...

                  JaredBusch 1 Reply Last reply Reply Quote 0
                  • JaredBusch
                    JaredBusch @dave247 last edited by

                    @dave247 said in Exchange 2016 Let's Encrypt Setup:

                    @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                    @dave247 said in Exchange 2016 Let's Encrypt Setup:

                    @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                    @dave247 said in Exchange 2016 Let's Encrypt Setup:

                    Why would I want to use this when I already have an SSL cert on Exchange?

                    Because when it's time to renew, you can renew for free.

                    How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

                    What part of Let's Encrypt have you never heard of?

                    I've literally never heard of it before now, hehe...

                    0_1540940919137_eb142db1-8e9a-4733-8a13-2b34a5ffcea1-image.png

                    dave247 1 Reply Last reply Reply Quote 1
                    • dave247
                      dave247 @JaredBusch last edited by

                      @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                      @dave247 said in Exchange 2016 Let's Encrypt Setup:

                      @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                      @dave247 said in Exchange 2016 Let's Encrypt Setup:

                      @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                      @dave247 said in Exchange 2016 Let's Encrypt Setup:

                      Why would I want to use this when I already have an SSL cert on Exchange?

                      Because when it's time to renew, you can renew for free.

                      How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

                      What part of Let's Encrypt have you never heard of?

                      I've literally never heard of it before now, hehe...

                      0_1540940919137_eb142db1-8e9a-4733-8a13-2b34a5ffcea1-image.png

                      I'm reading up on it now..

                      1 Reply Last reply Reply Quote 0
                      • scottalanmiller
                        scottalanmiller @dave247 last edited by

                        @dave247 said in Exchange 2016 Let's Encrypt Setup:

                        @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                        @dave247 said in Exchange 2016 Let's Encrypt Setup:

                        Why would I want to use this when I already have an SSL cert on Exchange?

                        Because when it's time to renew, you can renew for free.

                        How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

                        No catch, it's not something that really costs money to provide. The EFF, one of the most important non-profits in all of technology, has been providing certs for free for quite some time now. SSL Certs are definitely something that you'd expect to be free, it just took a bit for the market to iron itself out.

                        1 Reply Last reply Reply Quote 2
                        • StuartJordan
                          StuartJordan last edited by

                          Defiantly was a good project started by Mozilla, Cisco and others. Helped and stopped companies taking advantage and charging stupid prices on wildcard certs as well.

                          1 Reply Last reply Reply Quote 1
                          • syko24
                            syko24 @dbeato last edited by syko24

                            @dbeato said in Exchange 2016 Let's Encrypt Setup:

                            Download the Latest Release of win-acme from here
                            https://github.com/PKISharp/win-acme/releases

                            Extract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).

                            0_1540938373066_f78fb187-77e9-499c-a2dc-110d536dc911-image.png

                            Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from

                            FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
                            to
                            FileName = $StorePath
                            Modify the C:\letsencrypt\scripts\PSScript.bat file to this

                            powershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3
                            

                            Then run the following to get the lets encrypt setup

                            letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"
                            

                            Then your SSL in your Exchange should change to the Let's encrypt one.

                            NOTE:See the source for the Import to Exchange SSL fix below:

                            https://github.com/PKISharp/win-acme/issues/832

                            Thank you for posting these instructions. I just ran this on a 2013 server and everything worked for the most part. The only issue I ran into is that the certificate only generated 1 of the 2 names on the certificate.

                            "--manualhost mail.domain.com,autodiscover.domain.com" included the first domain but not the autodiscover domain as a subject alternative name. Any idea what I am missing?

                            Thanks

                            1 Reply Last reply Reply Quote 1
                            • syko24
                              syko24 last edited by

                              I figured it out. I added single quotes at the beginning and end of the domain list.

                              dbeato 1 Reply Last reply Reply Quote 1
                              • dbeato
                                dbeato @syko24 last edited by

                                @syko24 said in Exchange 2016 Let's Encrypt Setup:

                                I figured it out. I added single quotes at the beginning and end of the domain list.

                                Awesome! If anything I will change my guide if I find it causing issues.

                                1 Reply Last reply Reply Quote 0
                                • JaredBusch
                                  JaredBusch last edited by JaredBusch

                                  Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                  it has changed.

                                  https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                  dbeato 2 Replies Last reply Reply Quote 1
                                  • dbeato
                                    dbeato @JaredBusch last edited by

                                    @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                    Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                    it has changed.

                                    https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                    It is working on my version 1.9.12.1
                                    91023ff4-011b-4a70-9aec-22b1dbc6ebd8-image.png

                                    1 Reply Last reply Reply Quote 0
                                    • dbeato
                                      dbeato @JaredBusch last edited by

                                      @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                      Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                      it has changed.

                                      https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                      But I know what you mean, they actually finally fixed that issue.

                                      JaredBusch 1 Reply Last reply Reply Quote 0
                                      • JaredBusch
                                        JaredBusch @dbeato last edited by

                                        @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                        @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                        Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                        it has changed.

                                        https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                        But I know what you mean, they actually finally fixed that issue.

                                        No you apparently have no idea WTF i just said..

                                        dbeato 1 Reply Last reply Reply Quote 0
                                        • dbeato
                                          dbeato @JaredBusch last edited by

                                          @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                          @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                          @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                          Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                          it has changed.

                                          https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                          But I know what you mean, they actually finally fixed that issue.

                                          No you apparently have no idea WTF i just said..

                                          You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                                          JaredBusch 1 Reply Last reply Reply Quote 0
                                          • JaredBusch
                                            JaredBusch @dbeato last edited by

                                            @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                            @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                            @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                            @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                            Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                            it has changed.

                                            https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                            But I know what you mean, they actually finally fixed that issue.

                                            No you apparently have no idea WTF i just said..

                                            You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                                            No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.

                                            Dashrender 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post