Generate Wildcard SSL Certificate from Let’s Encrtpt with Posh-ACME

Steps to generate wildcard SSL certificate from Let’s Encrypt with Posh-ACME for my lab

  1. Get the API Key & Secret Key from DNS Made Easy to update the TXT record automatically

  1. Install Posh-ACME
Install-Module -Name Posh-ACME
  1. Prepare the API & Secret Key obtained
#Prepare the SecretKey & API Key for DNS Made Easy
$SecreatKey = "XXXXXXXXXXXXXXXXXXXXXXXx"
$APIKey = "XXXXXXXXXXXXXXXXXXXXX"

# On Windows, prompt for the SecureString secret
$DmeSecret = $SecreatKey | ConvertTo-SecureString -AsPlainText -Force
$DmeParams = @{ DMEKey=$APIKey; DMESecret=$DmeSecret }
  1. Request wildcard SSL Certificate from Let’s Encrypt (It will take estimated 5 minute to complete)
# Request the cert
New-PACertificate *.unibytez.com -AcceptTOS -DnsPlugin DMEasy -PluginArgs $dmeParams -Contact kwyong@aventistech.com -PfxPass "P@ssw0rd!@#$"
    Please review the Terms of Service here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

    Subject           NotAfter              KeyLength Thumbprint                               AllSANs         
    -------           --------              --------- ----------                               -------         
    CN=*.unibytez.com 18/11/2019 6:48:05 PM 2048      A7C5F60CCFC41BA4279F7E5F3BE018D944B2E350 {*.unibytez.com}
  1. Go to %LOCALAPPDATA%\Posh-ACME to verify the SSL Certificate are generated successfully

  1. Renewal – Only can test and verify after the SSL Cert is expired (After 90 Days)
Submit-Renewal 
    WARNING: Order for *.unibytez.com is not recommended for renewal yet. Use -Force to override.

Reference Links
* PowerShell-Posh-ACME
* https://www.powershellgallery.com/packages/Posh-ACME/2.2.0/Content/DnsPlugins%5CDMEasy.ps1
* https://github.com/rmbolger/Posh-ACME/blob/master/Tutorial.md

Leave a Comment