Automatic wildcart certificate for Windows Domain machines auto-enrollment

Hi, I am sorry for noob question (CERTs totally new to me) but :
Is there a way LetsEncrypt could be configured in my Windows domain infrasturcture so it will automatically "renew wildcart certificate" Currently I need manually to replace 1x a year free Certificate which is set on Domain controller, and distributed to all domain machines through GPO (curent solution, we can change it) ....
I am looking for something more automatic, not to touch this CERTs every year again and again....it is very frustrating to me.
If it is possible and not super easy, to speed up the thing I could pay anybody skilled to implement this (remote screen sharing) I have access to whole infrasturcture, DNS, AD, etc, just dont know what to do.
If easy, I can give it a try, just need some instructions.
I appreciate any help.
Thank you folks

2 Likes

There's nothing I'm aware of already built to do what you're looking to do. Windows' native auto-enrollment uses Windows-specific protocols and not ACME. However, there are many tools that with a bit of custom scripting could get you most of the way there. It also doesn't seem like you should need a wildcard cert for anything you're doing.

Here's a blog post I wrote a while back on how to use Let's Encrypt certs with AD domain controllers using PowerShell and my Posh-ACME module.

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.