I needed 2 subdomain certificates from Lets Encrypt. I had looked at some tools and found ACMESharp (https://pkisharp.github.io/ACMESharp-docs/Quick-Start, https://github.com/ebekker/ACMESharp/wiki/Quick-Start) the best. To get the certificate, the ACMEVault has to be set up once and the tool has to be installed as PowerShell module before:
Install-Module -Name ACMESharp -AllowClobber Import-Module ACMESharp Initialize-ACMEVault
Then you can execute the following lines to generate a certificate. The following instructions use „dns1“ as placeholder for the subdomain:
New-ACMERegistration -Contacts mailto:info@thomas-zuehlke.de -AcceptTos New-ACMEIdentifier -Dns service1.thomas-zuehlke.de -Alias dns1 Complete-ACMEChallenge dns1 -ChallengeType dns-01 -Handler manual Update-ACMEIdentifier dns1 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"} # Perform proof, that you are the domain owner Submit-ACMEChallenge dns1 -ChallengeType dns-01 # re-check with Update-ACMEIdentifier for status change New-ACMECertificate dns1 -Generate -Alias cert1 Submit-ACMECertificate cert1 Update-ACMECertificate -CertificateRef cert1 Get-ACMECertificate cert1 -ExportPkcs12 "c:\kubernetes\cert1.pfx"
To prove that you are the owner of the domain, a TXT record must be created after line 4. This must be filled with the values of the output from line 4. If the TXT record has been created, the submit is made with the challenge (line 6). You must now wait until the submit has been processed and checked. To do this, line 4 can be executed again and again and you must wait until the output contains the status: valid.
Afterwards you can process with line 8 and download the certificate.
3 Pingbacks