-
-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pull cert into local certificate store using FQDN and Subsequent renew #541
Comments
Where did you see in the documentation that The solution you've got in your task for cleaning up old certs should work just fine.
Don't use
Obtaining the DNS name for a machine is tricky because it's not guaranteed that the DNS name matches what the computer thinks its own name is. But for domain joined Windows systems, I think your code should generally work. On non-domain joined machines, it may only return a short hostname rather than an FQDN. It also doesn't work on Linux if that matters to you. |
Hey, thank you for the clarification. I think I misunderstood an error message referencing -force then :) I am aware that the solution works only for domain joined windows devices, I figured that limitation was easier to handle than the DC one as all servers we used are domain joined, but not all are DCs.
|
Submit-Renewal has a The cert doesn't technically need to be in the cert store to use the functions in Posh-ACME.Deploy. And they'll also add it for you if necessary. But yes, you can use those functions to deploy the resulting cert in the services they support. |
Hey, getting back to the -Force discussion on New-PACertificate:
I traced it down to "New-PACertificate.ps1", can you help me to understand the warning better? For me overwrite means replace the old one. |
|
Hey,
first thank you so much for your help, I explored how to get the FQDN of the windows machine to make your script from the active domain LE certificate blog article work also on non DC hosts. First things first, I wanted to add the script below in case others might need it.
Two questions came up:
thanks for helping on my experiment.
Fabian
Script to obtain SSL certificate from let's encrypt using posh-acme for AD joined computers for the personal cert store
Renewal
The text was updated successfully, but these errors were encountered: