@dbeato said in Exchange 2016 Let's Encrypt Setup:
Download the Latest Release of win-acme from here
https://github.com/PKISharp/win-acme/releases
Extract the Zip file to the C:\letsencrypt folder (You can change this to your own folder).

Modify the C:\letsencrypt\scripts\ImportExchange.ps1 line 94 from
FileName = (Join-Path -Path $StorePath -ChildPath "$TargetHost.pfx")
to
FileName = $StorePath
Modify the C:\letsencrypt\scripts\PSScript.bat file to this
powershell.exe -ExecutionPolicy Bypass -File ./Scripts/ImportExchange.ps1 %2 IIS,SMTP,IMAP,POP 1 %1 %3
Then run the following to get the lets encrypt setup
letsencrypt.exe --plugin manual --manualhost mail.domain.com,autodiscover.domain.com,webmail.domain.com,autodiscover.domain2.com --validation selfhosting --installation iis,manual --installationsiteid 1 --script "./Scripts/PSScript.bat" --scriptparameters "{0} {5} C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\mail.domain.com-all.pfx"
Then your SSL in your Exchange should change to the Let's encrypt one.
NOTE:See the source for the Import to Exchange SSL fix below:
https://github.com/PKISharp/win-acme/issues/832
Thank you for posting these instructions. I just ran this on a 2013 server and everything worked for the most part. The only issue I ran into is that the certificate only generated 1 of the 2 names on the certificate.
"--manualhost mail.domain.com,autodiscover.domain.com" included the first domain but not the autodiscover domain as a subject alternative name. Any idea what I am missing?
Thanks