Install ACMESharp as per here.
Follow the installation steps from the getting started guide before using the instructions below.
Run the following command to install the module:
Install-Module ACMESharp.Providers.CloudFlare
Now, enable the module:
Import-Module ACMESharp
Enable-ACMEExtensionModule ACMESharp.Providers.CloudFlare
This is used for associating your request with a domain that you own. The alias is used in the subsequent steps to identify the domain you wish to process at that step.
New-ACMEIdentifier -Dns myhost.mydomain.com -Alias dns1
This will connect to CloudFlare using your API key and the domain name specified to create the relevant TXT record. Note the DomainName
should be the domain you see in your CloudFlare console and not the hostname or any subdomains you may have created. The AuthKey is specifically your CloudFlare Account API Key.
Complete-ACMEChallenge dns1 -ChallengeType dns-01 -Handler CloudFlare -HandlerParameters @{DomainName="mydomain.com";EmailAddress="myemail@mydomain.com";AuthKey="LONGCOMPLICATEDKEY"}
You will want to wait between 1 to 5 minutes for the DNS entry to propogate in order for LE to validate the request. Then you run the following:
Submit-ACMEChallenge dns1 -ChallengeType dns-01
Once the below command no longer shows a state of pending
you can proceed to run the command following this one.
(Update-ACMEIdentifier dns1 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
This will generate the certificate request to be submitted to Let's Encrypt.
New-ACMECertificate dns1 -Generate -Alias cert1
This will submit the previously generated request.
Submit-ACMECertificate cert1
This will complete the issuance of the certificate and grab the certificate materials.
Update-ACMECertificate cert1
This will remove the TXT record created earlier (if you watch on the CloudFlare console it will require a page refresh to pick up the removal via API).
Complete-ACMEChallenge dns2 -CleanUp -ChallengeType dns-01 -Handler CloudFlare -HandlerParameters @{DomainName="mydomain.com";EmailAddress="myemail@mydomain.com";AuthKey="LONGCOMPLICATEDKEY"}
We're on Windows-let's export the certificate as a Pkcs12 to use with IIS!
Get-ACMECertificate cert1 -ExportPkcs12 "\path\to\myhost.pfx" -CertificatePassword 'MYSECUREPASSWORD'