Steps to generate wildcard SSL certificate from Let’s Encrypt with Posh-ACME
Refer to How to generate SSL Cert with Certbot in Debian to generate the SSL Cert manually
Install Posh-ACME PowerShell Module prior continue the section below
Install-Module -Name Posh-ACME
Posh-ACME with DNSMadeEasy Plugins
Get the API Key & Secret Key from DnsMadeEasy
Prepare the API & Secret Key obtained
#Prepare the SecretKey & API Key for DNS Made Easy
$SecreatKey = "XXXXXXXXXXXXXXXXXXXXXXXx"
$APIKey = "XXXXXXXXXXXXXXXXXXXXX"
# On Windows, prompt for the SecureString secret
$DmeSecret = $SecreatKey | ConvertTo-SecureString -AsPlainText -Force
$DmeParams = @{ DMEKey=$APIKey; DMESecret=$DmeSecret }
Request SSL Certificate from Let’s Encrypt with DMeasy DNS Plugin
# Request the cert
New-PACertificate *.unibytez.com -AcceptTOS -DnsPlugin DMEasy -PluginArgs $dmeParams -Contact [email protected] -PfxPass "P@ssw0rd!@#$"
Please review the Terms of Service here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Subject NotAfter KeyLength Thumbprint AllSANs
------- -------- --------- ---------- -------
CN=*.unibytez.com 18/11/2019 6:48:05 PM 2048 A7C5F60CCFC41BA4279F7E5F3BE018D944B2E350 {*.unibytez.com}
Posh-ACME with Cloudflare DNS Plugins
Login to Cloudflare portal and go to API Tokens
Create a New API Token with
- Permissions – Zone – DNS – Edit
- Permissions – Zone – Zone – Read
- Zone Resources – Include – All Zones
Click Create Token
Copy the Cloudflare API Token
Generate a Wildcard SSL Certificate from Let’s Encrypted with the PowerShell script below
#Coovert the API Token to Secure String
$Token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxU" | ConvertTo-SecureString -AsPlainText -Force
$pArgs = @{ CFToken = $Token }
New-PACertificate *.aventislab.com -AcceptTOS -DnsPlugin Cloudflare -PluginArgs $pArgs -Contact [email protected] -PfxPass "XXXXXXXXXXXXxx"
Subject NotAfter KeyLength Thumbprint AllSANs
------- -------- --------- ---------- -------
CN=aventislab.com 6/2/2020 12:14:41 PM 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxx {aventislab.com}
Verification
Verify the SSL Certificate are created in C:\Users\Administrator\AppData\Local\Posh-ACME\acme-v02.api.letsencrypt.org
Get-ChildItem $env:LOCALAPPDATA\Posh-ACME\acme-v02.api.letsencrypt.org\79673667\!.aventislab.com
Directory: C:\Users\Administrator\AppData\Local\Posh-ACME\acme-v02.api.letsencrypt.org\79673667\!.aventislab.com
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/4/2020 1:14 PM 1907 cert.cer
-a---- 3/4/2020 1:14 PM 1700 cert.key
-a---- 3/4/2020 1:14 PM 3116 cert.pfx
-a---- 3/4/2020 1:14 PM 1647 chain.cer
-a---- 3/4/2020 1:14 PM 3555 fullchain.cer
-a---- 3/4/2020 1:14 PM 4414 fullchain.pfx
-a---- 3/4/2020 1:14 PM 2364 order.json
-a---- 3/4/2020 1:14 PM 1082 request.csr