A PowerShell module and ACME client to create publicly trusted SSL/TLS certificates from an ACME capable certificate authority such as Let’s Encrypt.
安装 Posh-ACME
1
2
3
4
5
|
# install for all users (requires elevated privs)
Install-Module -Name Posh-ACME -Scope AllUsers
# install for current user
Install-Module -Name Posh-ACME -Scope CurrentUser
|
配合 Cloudflare 插件申请泛域名证书
首先可以使用 Get-PAPlugin 指令获取插件的参数信息
1
2
3
4
5
6
7
8
9
10
11
12
|
➜ ~ Get-PAPlugin Cloudflare -Params
Set Name: Bearer (Default)
Parameter Type IsMandatory
--------- ---- -----------
CFToken SecureString True
...
|
这里我们使用 Bearer 认证方式。
1
2
3
4
5
6
7
|
$pArgs = @{
CFToken = (Read-Host 'API Token' -AsSecureString)
}
# 申请证书
New-PACertificate 'example.com','*.example.com' -CertKeyLength 'ec-256' -AcceptTOS -Plugin Cloudflare -PluginArgs $pArgs
# 安装证书
Get-PACertificate 'example.com' | Install-PACertificate
|
续期证书并更新 IIS 网站绑定证书
新建一个 powershell 脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Submit-Renewal -AllOrders | ForEach-Object {
$cert = $_
Install-PACertificate $cert
$h = $cert.Subject
if ('example.com' -in $cert.AllSANs) {
$thumbprint = $cert.Thumbprint
$appid = "{$([System.Guid]::NewGuid())}"
$addr = "0.0.0.0:443"
netsh http delete sslcert ipport=$addr
netsh http add sslcert ipport=$addr certhash=$thumbprint appid=$appid
}
# 创建符号链接,方便第三方程序引用
Remove-Item -Path "$env:AppData\Certs\$h.*"
New-Item -Path "$env:AppData\Certs\$h.key" -ItemType SymbolicLink -Target $cert.KeyFile
New-Item -Path "$env:AppData\Certs\$h.cer" -ItemType SymbolicLink -Target $cert.FullChainFile
# Restart-Service -Name SunshineService
}
|
创建计划任务定期执行
创建一个 vbs 脚本
1
2
3
4
5
6
|
Set shell = CreateObject("WScript.Shell")
prog = "powershell.exe -Nologo path\to\renewal.ps1"
shell.Run prog, 0, True
Set shell = Nothing
|
新建计划任务,设置 Action 为 Start a program:
C:\Windows\System32\wscript.exe path\to\renewal.vbs