Using rmbolger's amazing posh-acme I deployed an SSL cert from let's encrypt into the personal certificate store of a Server 2022 VM following this guide.
I did some custom modifications to the script and I am rather happy with it, but I seem to be unable to make that certificate work with other Server 2022 services than LDAP. I would like to extend the current approach to also cover ADFS and certificates for terminal servers.
This script I wrote uses posh-acme to deploy the certificates on the server in the personal store. For the record I pasted the code below. Services like RDP or Federated Sign-In don't seem to pick it up though.
# Cloud Flare requires a simple API token, but we need to secure the string to keep it safe
$token = ConvertTo-SecureString 'thatisactuallysecret' -AsPlainText -Force
$pArgs = @{CFToken=$token}
# The ActiveDirectory PowerShell module is installed by default on DCs
$dc = Get-ADDomainController $env:COMPUTERNAME
$certNames = @($dc.HostName, $dc.Domain)
# This is optional, but usually a good idea.
$notifyEmail = '[email protected]'
$certParams = @{
Domain = $certNames
DnsPlugin = 'Cloudflare'
PluginArgs = $pArgs
AcceptTOS = $true
Install = $true
Contact = $notifyEmail # optional
Verbose = $true # optional
}
New-PACertificate @certParams