< Back
Install-CertificateAutomation
Post
NAME Install-CertificateAutomation
SYNOPSIS
Uses Posh-ACME to request a Let's Encrypt certificate and configure Mobile Server to use it
SYNTAX
Install-CertificateAutomation [-Domain] <String> [[-Contact] <String>] [[-DnsPlugin] <String>] [[-PluginArgs]
<Hashtable>] [[-ScriptDirectory] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Uses Posh-ACME to request a Let's Encrypt certificate and configure Mobile Server to use it, then
creates a Scheduled Task to run daily, and execute a renewal script which will handle certificate
renewal when the certificate becomes eligible for renewal - typically 60 days after issue.
When the certificate is renewed, it will be installed into the Windows certificate store and the
old certificate will be removed from the certificate store. The Milestone XProtect Mobile Server
service will be restarted so that it automatically uses the renewed certificates going forward.
PARAMETERS
-Domain <String>
The domain for which you will request a Let's Encrypt certificate. See Get-Help New-PACertificate for more
info.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Contact <String>
The email address associated with this domain for the purpose of renewal notifications. See Get-Help
New-PACertificate for more info.
Required? false
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DnsPlugin <String>
The DnsPlugin to use for handling DNS challenges. See Get-Help New-PACertificate for more info.
Required? false
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PluginArgs <Hashtable>
A hashtable with the necessary parameters for the chosen DnsPlugin. See Get-Help New-PACertificate for more
info.
Required? false
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ScriptDirectory <String>
The path where the renew-certificate.ps1 script will be saved, and the log.txt file will be written to.
A scheduled task named Posh-ACME Certificate Renewal will be created to run the renew-certificate.ps1 script
daily,
and this script will append information to log.txt in the same path.
Required? false
Position? 6
Default value C:\\scripts
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$InstallParams = @{
Domain = test.example.com
Contact = admin@example.com
DnsPlugin = Dynu
PluginArgs = @{DynuClientID='xxxx';DynuSecret='xxxx'}
ScriptDirectory = "C:\\scripts"
}
Install-CertificateAutomation @InstallParams
Requests a Let's Encrypt certificate for test.example.com, uses Dynu DNS to handle the ACME-protocol DNS challenge,
binds the certificate to the Mobile Server's HTTPS port using 'netsh http add|update sslcert', restarts the Mobile
Server service, creates a .PS1 certificate renewal script in C:\\scripts\\ and a scheduled task to call this script
daily at 2AM, logging the result to C:\\scripts\\log.txt.
RELATED LINKS
SYNOPSIS
Uses Posh-ACME to request a Let's Encrypt certificate and configure Mobile Server to use it
SYNTAX
Install-CertificateAutomation [-Domain] <String> [[-Contact] <String>] [[-DnsPlugin] <String>] [[-PluginArgs]
<Hashtable>] [[-ScriptDirectory] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Uses Posh-ACME to request a Let's Encrypt certificate and configure Mobile Server to use it, then
creates a Scheduled Task to run daily, and execute a renewal script which will handle certificate
renewal when the certificate becomes eligible for renewal - typically 60 days after issue.
When the certificate is renewed, it will be installed into the Windows certificate store and the
old certificate will be removed from the certificate store. The Milestone XProtect Mobile Server
service will be restarted so that it automatically uses the renewed certificates going forward.
PARAMETERS
-Domain <String>
The domain for which you will request a Let's Encrypt certificate. See Get-Help New-PACertificate for more
info.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Contact <String>
The email address associated with this domain for the purpose of renewal notifications. See Get-Help
New-PACertificate for more info.
Required? false
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DnsPlugin <String>
The DnsPlugin to use for handling DNS challenges. See Get-Help New-PACertificate for more info.
Required? false
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PluginArgs <Hashtable>
A hashtable with the necessary parameters for the chosen DnsPlugin. See Get-Help New-PACertificate for more
info.
Required? false
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ScriptDirectory <String>
The path where the renew-certificate.ps1 script will be saved, and the log.txt file will be written to.
A scheduled task named Posh-ACME Certificate Renewal will be created to run the renew-certificate.ps1 script
daily,
and this script will append information to log.txt in the same path.
Required? false
Position? 6
Default value C:\\scripts
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$InstallParams = @{
Domain = test.example.com
Contact = admin@example.com
DnsPlugin = Dynu
PluginArgs = @{DynuClientID='xxxx';DynuSecret='xxxx'}
ScriptDirectory = "C:\\scripts"
}
Install-CertificateAutomation @InstallParams
Requests a Let's Encrypt certificate for test.example.com, uses Dynu DNS to handle the ACME-protocol DNS challenge,
binds the certificate to the Mobile Server's HTTPS port using 'netsh http add|update sslcert', restarts the Mobile
Server service, creates a .PS1 certificate renewal script in C:\\scripts\\ and a scheduled task to call this script
daily at 2AM, logging the result to C:\\scripts\\log.txt.
RELATED LINKS