Setting up a Lets Encrypt Certificate on Windows Server 2016 Core

I wanted to use Lets Encrypt to create certificates for my home server. Once created I've exported a .pfx file so that I can reuse the certificate in third party services.

Install IIS and Web Application Development Windows Feature

PS C:\> Install-WindowsFeature -Name Web-Server
PS C:\> Install-WindowsFeature -Name Web-App-Dev -IncludeAllSubFeature 

Add Domain Binding to Default Web Site

PS C:\> New-WebBinding -Name "Default Web Site" -IPAddress "*" -Port 80 -HostHeader newsite.ljdp.co.uk

Setup Certify

  • Install Certify.
  • Create Certificate using Certify.UI.Exe.

Get Certificate Thumbprint

PS C:\> GET-PSPROVIDER
PS C:\> GET-PSDRIVE
PS C:\> SET-LOCATION CERT: ; DIR
PS Cert:\> SET-LOCATION LOCALMACHINE ; DIR
PS Cert:\LOCALMACHINE> SET-LOCATION MY ; DIR

Configure RDP to use Certificate

  • Replace {{THUMBPRINT}} with thumbprint from previous step.
PS C:\> $path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
PS C:\> Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="{{THUMBPRINT}}"}

Export Certificate

PS C:\> $mypwd = ConvertTo-SecureString -String "Gfj422m;dfwfw" -Force -AsPlainText
PS C:\> Get-ChildItem -Path cert:\localMachine\my\88D4R80945EBDA2DFC64143350BF47B47B3AE728 | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd

References

Install IIS or any Role and Feature
Working with Certificates in Powershell
Configure custom SSL Certificate for RDP on Windows Server
Export PFX Certificate

Author image
IT guy trying to break the IT stereotype, whilst being addicted to IT stereotypical things.