Skip to content

Instantly share code, notes, and snippets.

@troyfontaine

troyfontaine/README.md

Last active October 5, 2018 19:21
Show Gist options
  • Save troyfontaine/025ae9070c78024a779fed7328a09b9b to your computer and use it in GitHub Desktop.
Save troyfontaine/025ae9070c78024a779fed7328a09b9b to your computer and use it in GitHub Desktop.
Download ZIP
ACMESharp Cloudflare Script Steps Outline
Raw
README.md

How to Manually Generate a Certificate using ACMESharp and CloudFlare DNS Integration

Install ACMESharp as per here.

Follow the installation steps from the getting started guide before using the instructions below.

Install Cloudflare Module

Run the following command to install the module:

Install-Module ACMESharp.Providers.CloudFlare

Enable CloudFlare Module

Now, enable the module:

Import-Module ACMESharp
Enable-ACMEExtensionModule ACMESharp.Providers.CloudFlare

Generate Domain Identifier

This is used for associating your request with a domain that you own. The alias is used in the subsequent steps to identify the domain you wish to process at that step.

New-ACMEIdentifier -Dns myhost.mydomain.com -Alias dns1

Using the CloudFlare Module - Generate the TXT Record for Validating Domain Ownership

This will connect to CloudFlare using your API key and the domain name specified to create the relevant TXT record. Note the DomainName should be the domain you see in your CloudFlare console and not the hostname or any subdomains you may have created. The AuthKey is specifically your CloudFlare Account API Key.

Complete-ACMEChallenge dns1 -ChallengeType dns-01 -Handler CloudFlare -HandlerParameters @{DomainName="mydomain.com";EmailAddress="myemail@mydomain.com";AuthKey="LONGCOMPLICATEDKEY"}

Submit a request to verify the DNS entry to LE

You will want to wait between 1 to 5 minutes for the DNS entry to propogate in order for LE to validate the request. Then you run the following:

Submit-ACMEChallenge dns1 -ChallengeType dns-01

Check on the status of the request

Once the below command no longer shows a state of pending you can proceed to run the command following this one.

(Update-ACMEIdentifier dns1 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}

Generate the certificate creation request

This will generate the certificate request to be submitted to Let's Encrypt.

New-ACMECertificate dns1 -Generate -Alias cert1

Submit the request to receive the certificate

This will submit the previously generated request.

Submit-ACMECertificate cert1

Complete the issuance of the certificate

This will complete the issuance of the certificate and grab the certificate materials.

Update-ACMECertificate cert1

Clean up the DNS provider's TXT record

This will remove the TXT record created earlier (if you watch on the CloudFlare console it will require a page refresh to pick up the removal via API).

Complete-ACMEChallenge dns2 -CleanUp -ChallengeType dns-01 -Handler CloudFlare -HandlerParameters @{DomainName="mydomain.com";EmailAddress="myemail@mydomain.com";AuthKey="LONGCOMPLICATEDKEY"}

Generate PKCS12

We're on Windows-let's export the certificate as a Pkcs12 to use with IIS!

Get-ACMECertificate cert1 -ExportPkcs12 "\path\to\myhost.pfx" -CertificatePassword 'MYSECUREPASSWORD'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment