ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Exchange 2016 Let's Encrypt Setup

    Scheduled Pinned Locked Moved IT Discussion
    lets encryptmicrosoft exchangessl certificatesexchange 2016win-acme
    28 Posts 7 Posters 13.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @dave247
      last edited by

      @dave247 said in Exchange 2016 Let's Encrypt Setup:

      @Dashrender said in Exchange 2016 Let's Encrypt Setup:

      @dave247 said in Exchange 2016 Let's Encrypt Setup:

      Why would I want to use this when I already have an SSL cert on Exchange?

      Because when it's time to renew, you can renew for free.

      How is it free? Is there a public CA? I don't get what the catch is. I currently use a DigiCert certificate..

      No catch, it's not something that really costs money to provide. The EFF, one of the most important non-profits in all of technology, has been providing certs for free for quite some time now. SSL Certs are definitely something that you'd expect to be free, it just took a bit for the market to iron itself out.

      1 Reply Last reply Reply Quote 2
      • CloudKnightC
        CloudKnight
        last edited by

        Defiantly was a good project started by Mozilla, Cisco and others. Helped and stopped companies taking advantage and charging stupid prices on wildcard certs as well.

        1 Reply Last reply Reply Quote 1
        • syko24S
          syko24 @dbeato
          last edited by syko24

          @dbeato said in Exchange 2016 Let's Encrypt Setup:

          Download the Latest Release of win-acme from here
          https://github.com/PKISharp/win-acme/releases

          Extract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).

          0_1540938373066_f78fb187-77e9-499c-a2dc-110d536dc911-image.png

          Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from

          FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
          to
          FileName = $StorePath
          Modify the C:\letsencrypt\scripts\PSScript.bat file to this

          powershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3
          

          Then run the following to get the lets encrypt setup

          letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"
          

          Then your SSL in your Exchange should change to the Let's encrypt one.

          NOTE:See the source for the Import to Exchange SSL fix below:

          https://github.com/PKISharp/win-acme/issues/832

          Thank you for posting these instructions. I just ran this on a 2013 server and everything worked for the most part. The only issue I ran into is that the certificate only generated 1 of the 2 names on the certificate.

          "--manualhost mail.domain.com,autodiscover.domain.com" included the first domain but not the autodiscover domain as a subject alternative name. Any idea what I am missing?

          Thanks

          1 Reply Last reply Reply Quote 1
          • syko24S
            syko24
            last edited by

            I figured it out. I added single quotes at the beginning and end of the domain list.

            dbeatoD 1 Reply Last reply Reply Quote 1
            • dbeatoD
              dbeato @syko24
              last edited by

              @syko24 said in Exchange 2016 Let's Encrypt Setup:

              I figured it out. I added single quotes at the beginning and end of the domain list.

              Awesome! If anything I will change my guide if I find it causing issues.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by JaredBusch

                Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                it has changed.

                https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                dbeatoD 2 Replies Last reply Reply Quote 1
                • dbeatoD
                  dbeato @JaredBusch
                  last edited by

                  @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                  Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                  it has changed.

                  https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                  It is working on my version 1.9.12.1
                  91023ff4-011b-4a70-9aec-22b1dbc6ebd8-image.png

                  1 Reply Last reply Reply Quote 0
                  • dbeatoD
                    dbeato @JaredBusch
                    last edited by

                    @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                    Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                    it has changed.

                    https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                    But I know what you mean, they actually finally fixed that issue.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @dbeato
                      last edited by

                      @dbeato said in Exchange 2016 Let's Encrypt Setup:

                      @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                      Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                      it has changed.

                      https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                      But I know what you mean, they actually finally fixed that issue.

                      No you apparently have no idea WTF i just said..

                      dbeatoD 1 Reply Last reply Reply Quote 0
                      • dbeatoD
                        dbeato @JaredBusch
                        last edited by

                        @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                        @dbeato said in Exchange 2016 Let's Encrypt Setup:

                        @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                        Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                        it has changed.

                        https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                        But I know what you mean, they actually finally fixed that issue.

                        No you apparently have no idea WTF i just said..

                        You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @dbeato
                          last edited by

                          @dbeato said in Exchange 2016 Let's Encrypt Setup:

                          @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                          @dbeato said in Exchange 2016 Let's Encrypt Setup:

                          @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                          Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                          it has changed.

                          https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                          But I know what you mean, they actually finally fixed that issue.

                          No you apparently have no idea WTF i just said..

                          You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                          No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @JaredBusch
                            last edited by

                            @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                            @dbeato said in Exchange 2016 Let's Encrypt Setup:

                            @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                            @dbeato said in Exchange 2016 Let's Encrypt Setup:

                            @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                            Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                            it has changed.

                            https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                            But I know what you mean, they actually finally fixed that issue.

                            No you apparently have no idea WTF i just said..

                            You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                            No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.

                            Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.

                            JaredBuschJ dbeatoD 2 Replies Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @Dashrender
                              last edited by JaredBusch

                              @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                              @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                              @dbeato said in Exchange 2016 Let's Encrypt Setup:

                              @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                              @dbeato said in Exchange 2016 Let's Encrypt Setup:

                              @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                              Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                              it has changed.

                              https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                              But I know what you mean, they actually finally fixed that issue.

                              No you apparently have no idea WTF i just said..

                              You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                              No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.

                              Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.

                              Except couldn't launch wacs.exe. It crashed everytime.
                              Switched back to 1.9 and it all worked.

                              Also has nothing to do with his instructions being bad by pointing to "Latest"

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @JaredBusch
                                last edited by

                                @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                                @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                it has changed.

                                https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                But I know what you mean, they actually finally fixed that issue.

                                No you apparently have no idea WTF i just said..

                                You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                                No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.

                                Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.

                                Except couldn't launch wacs.exe. It crashed everytime.
                                Switched back to 1.9 and it all worked.

                                LOL - yet they just closed the case on the 1.9 thread because they claimed it worked.

                                1 Reply Last reply Reply Quote 0
                                • dbeatoD
                                  dbeato @Dashrender
                                  last edited by

                                  @Dashrender said in Exchange 2016 Let's Encrypt Setup:

                                  @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                  @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                  @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                  @dbeato said in Exchange 2016 Let's Encrypt Setup:

                                  @JaredBusch said in Exchange 2016 Let's Encrypt Setup:

                                  Note, this ONLY works with 1.9.12.2 The "current' version at the link in the OP is for the beta 2.0.0 version.

                                  it has changed.

                                  https://github.com/PKISharp/win-acme/releases/tag/v1.9.12.2

                                  But I know what you mean, they actually finally fixed that issue.

                                  No you apparently have no idea WTF i just said..

                                  You said, it only works with 1.9.12.2. that is a very broad statement (What only works on this version? ). Figuring out what you stated on the broad statement, based on the only context I could figure out, was that https://github.com/PKISharp/win-acme/issues/832 has been solved on that version.

                                  No. I very clearly stated that your link in the OP now points to 2.0.0 (BETA). And that this process does not work with that.

                                  Yeah - the process shouldn't be needed anymore, because 2.0 apparently includes it.

                                  I see... https://github.com/PKISharp/win-acme/releases bah me

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch
                                    last edited by

                                    Attempting this on Server 2008R2 running Exchange 2010, right now.

                                    It is attempting to install the cert in Exchange atm.. the cert was created successfully.

                                    Taking a long ass time.. but this is an old slow server scheduled to be decommissions by this time next year.

                                    89b3ee79-9fa0-46af-8107-bd8bff7ca31d-image.png

                                    1 Reply Last reply Reply Quote 1
                                    • JaredBuschJ
                                      JaredBusch
                                      last edited by

                                      Going with fail, I bet due to powershell 2.0
                                      917fc9b9-19f6-4e74-82b8-e915481f0aa7-image.png

                                      1 Reply Last reply Reply Quote 1
                                      • JaredBuschJ
                                        JaredBusch
                                        last edited by

                                        Maybe not total fail? OWA shows the new cert.

                                        92c4c485-fc5e-4e20-ae79-f8e29f7cfe35-image.png

                                        1 Reply Last reply Reply Quote 1
                                        • JaredBuschJ
                                          JaredBusch
                                          last edited by

                                          EMC shows it is assigned to all services and the schedule task is there.

                                          Calling this a win.

                                          1 Reply Last reply Reply Quote 1
                                          • 1
                                          • 2
                                          • 2 / 2
                                          • First post
                                            Last post