About the author
Let's Encrypt™ is a SSL certificate issuing authority that started around Jun 2015. It went into beta sometime around the last quarter of 2015, and I joined, getting a SSL certificate for this site.
When it was announced that Let's Encrypt only issue SSL certificates that have a lifetime of 3 months, I decided to get an application that can renew my SSL certificate automatically. This turned out to be lets-encrypt-win-simple which has since been renamed to be called "A Simple ACME Client for Windows".
Back then, I also wrote a PowerShell script which automatically binds the renewed SSL certificate. The PowerShell script follows:
# Imports a PFX with passwordfunction Import-PfxCertificate {param([String]$certPath,[String]$certRootStore = "CurrentUser",[String]$certStore = "My",$pfxPass = $null) $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 if ($pfxPass -eq $null) {$pfxPass = read-host "Enter the pfx password" -assecurestring} $pfx.import($certPath,$pfxPass,“Exportable,PersistKeySet”) $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore) $store.open("MaxAllowed") $store.add($pfx) $store.close()}# Imports a PFX without passwordfunction Import-509Certificate { param([String]$certPath,[String]$certRootStore,[String]$certStore)$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2$pfx.import($certPath)$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)$store.open("MaxAllowed")$store.add($pfx)$store.close()}$dir = "C:\Users\SSLCertificateDirectory" #Path of SSL certificate directory$filespec = "*.pfx"# Gets the certificate where the LastWriteTime is after yesterday, and put its name into $Name$Name = (Get-ChildItem "$dir\$filespec" | where-object LastWriteTime -gt (get-date).AddDays(-1)).Name# Skip if $Name is emptyIf ($Name -ne "") { $PFXName=-join($dir, "\", $Name) # Import cert into Local Computer\Personal\Certificates, not necessary to import, as it's imported by letsencrypt automatically Import-509Certificate $PFXName "LocalMachine" "My" $certhash=(Get-ChildItem Cert:\LocalMachine\My\ | select Subject,NotBefore,NotAfter,Thumbprint | where-object Subject -Like "*chuacw.ath.cx*" | where-object NotBefore -gt (get-date).AddDays(-1)).Thumbprint # Write-Host $certhash #Bind the certificate to the site... BlogName is the name of the site to bind to. (Get-WebBinding -Name BlogName -Port 443 -Protocol "https").AddSslCertificate($certhash, "my")}
The PowerShell script has since been reduced to:
$certhash=(Get-ChildItem Cert:\LocalMachine\My\ | select Subject,NotBefore,NotAfter,Thumbprint | where-object {$_.Subject -Like "*chuacw.ath.cx*" -and $_.NotBefore -gt (get-date).AddDays(-1)}).Thumbprint #Bind the certificate to the site... (Get-WebBinding -Name BlogName -Port 443 -Protocol "https").AddSslCertificate($certhash, "my")