I can now announce that the current version of the Certificate Assistant for Let's Encrypüt now also supports Exchange 2010 and Server 2008 R2. I have updated the download again and there are now 3 versions of the script included:
The following operating systems are now supported:
- Windows Server 2008 R2
- Windows Server 2012 R2
- Windows Server 2016
I have tested the script with the latest Exchange versions:
- Exchange 2016 CU8
- Exchange 2013 CU 19
- Exchange 2010 SP3 UR 19
The Exchange 2010 version of the script requires the Windows Management Framework 4 and .NET Framework 4.5.2. These two components must be installed before the script can be executed. The download links for the prerequisites can be found in the "Exchange 2010" folder in the README.txt file of the archive.
One more small note at this point:
Public CAs such as Let's Encrypt cannot and must not issue certificates for "private" FQDNs. FQDNs such as "srv1.domain.local" or "exchange.domain.intern" can therefore not be included on a public certificate. By default, the script tries to determine the required FQDNs for the certificate from the virtual directories of the Exchange Server (InternalURL and ExternalURL). In order for the certificate to be issued by Let's Encrypt, the Exchange server must be accessible from the Internet under all configured FQDNs. If this is not the case, the automatic determination can be switched off in the script and own FQDNs can be defined.
I have not been able to test the script with Small Business Server 2011.
I have updated the download link accordingly:
The task for renewing the certificate must be created manually. Here is the example for Server 2008 R2:
For example, every 2 months could be selected as a trigger, leaving enough time for manual intervention if something goes wrong:
As usual, enter the path to the PowerShell as the action and the path to the script as the argument:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
If there are problems or errors with the script, please send me the complete log file by e-mail. I am happy to try to help, but can only do so with the complete log. Therefore, please do not shorten the log file or remove parts of it.