# Add Exchange management tools snappin Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn; # Create new self signed certificate to be used only during script [void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms") [System.Windows.Forms.SendKeys]::SendWait("N") Start-Sleep 1 [System.Windows.Forms.SendKeys]::SendWait('{ENTER}') New-ExchangeCertificate -DomainName fakecert.fakecert.com # Pop-Up Here needs to be accepted with a no, handled by sendkeys above # Create variable for fakecert certificate of $thumbprint1, this command matches the correct cert, and then pipes only the certs thumbprint in to the # variable using Select -ExpandProperty, no real need to edit this unless you dont like fakecert.fakecert.com :) $thumbprint1=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "fakecert.fakecert.com" -and $_.IsSelfSigned -match "true"} | Select -ExpandProperty Thumbprint # Enable fakecert certificate for all services using $thumbprint1 variable [void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms") [System.Windows.Forms.SendKeys]::SendWait("N") Start-Sleep 1 [System.Windows.Forms.SendKeys]::SendWait('{ENTER}') Enable-ExchangeCertificate -Thumbprint $thumbprint1 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10 # Pop-Up Here needs to be accepted with a no, handled by sendkeys above # Create variable for old LetsEncrypt certificate of $thumbprint2, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using # Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate. $thumbprint2=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint # Remove old LetsEncrypt certificate using $thumbprint2 variable Remove-ExchangeCertificate -Thumbprint $thumbprint2 -Confirm:$false # Import new LetsEncrypt certificate, change the path to your PFX file C:\pathtoyourpfxcert\yourpfxcert.pfx and the password in between the quotes here Import-ExchangeCertificate -FileName "C:\pathtoyourpfxcert\yourpfxcert.pfx" -Password (ConvertTo-SecureString -String 'yourpassword' -AsPlainText -Force) # Create variable for new LetsEncrypt certificate of thumbprint3, this command matches the correct cert, and then pipes only the certs thumbprint in to the variable using # Select -ExpandProperty, to use in your environment change the yourdomain.com property to a value that matches one of the SAN's in your letsencrypt certificate. $thumbprint3=Get-ExchangeCertificate | select certificatedomains,isselfsigned,thumbprint | where {$_.CertificateDomains -match "yourdomain.com" -and $_.IsSelfSigned -match "false"} | Select -ExpandProperty Thumbprint # Enable new LetsEncrypt certificate for all services using thumbprint3 variable [void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms") [System.Windows.Forms.SendKeys]::SendWait("N") Start-Sleep 1 [System.Windows.Forms.SendKeys]::SendWait('{ENTER}') Enable-ExchangeCertificate -Thumbprint $thumbprint3 -Services IIS,SMTP,IMAP,POP | Start-Sleep 10 # Pop-Up Here needs to be accepted with a no, handled by sendkeys above # Remove fakecert certificate using thumbprint1 variable now it's done it's job Remove-ExchangeCertificate -Thumbprint $thumbprint1 -Confirm:$false