Let’s Encrypt your Exchange Server (in German)

Security is good. Using HTTPS whenever feasible is therefore good. Historically, SSL certificates are absurdly expensive (for level of effort involved for the issuer.) Then Let’s Encrypt happened, and all was right in the world. Well, almost…If you run a Linux-based OS, using LE (Let’s Encrypt) is pretty simple for almost all common web servers. For Windows, things are improving for IIS, but for Exchange server (email), it takes a bit more work. Certificates are used in multiple locations for exchange, and in many cases, a single cert will need to be used for both the internal and external host names. This is possible, using the SAN (Subject Alternative Name) field of the certificate, but presents some challenges:

  1. LE will not issue a certificate for a domain that it cannot resolve and verify (for very good security reasons)
  2. The usual scripts that can register the cert for IIS will not update Exchange server

Imagine then, my delight, when I found a powershell script that not only handles the initial certificate request, but also the renewals! There was only one small catch: the script, provided by the amazing Franky on his website is written in German. Sure the powershell cmdlets are in English, but all the status messages and error messages are in German. Google Translate to the rescue!

After translating both the script and the comments on the Franky’s page, I am able to present, in English the script for Exchange server 2016 and Let’s Encrypt (republished with permission):

Enjoy, and if you have questions/improvements, please let Franky know here. He also has versions that work for older versions of Exchange server.