Automating Certificate Imports on Microsoft Systems - Certificate Imported but Not Applied

When I use the powershell command Import-PFXCertificate to import my renewed LE cert into IIS, it adds it as a new cert rather than replacing the current cert. Does anyone know a way around this? I’m basically looking to 100% automate the process of bringing my renewed LE cert into IIS every 3 months rather than having to do the manual steps I have to do at this point, i.e. import then delete the old cert then tell whatever IIS applications (Exchange etc) to use the new cert.

I don’t need the renewing component as I do that in a Linux machine, and all the Windows apps listed in LE seem to about renewing certs, meaning they don’t fit my use case. I just need the importing/overwriting/replace current cert component. Does anyone know how to automate just that portion or am I going to be stuck with manually updating IIS every 3 months?

This is so easy to do with Apache, Dehydrated, and a cron job in Linux and so insanely annoying to do in IIS!

hi @mobamoba

You should really use a Windows Library to do this.

You are missing an important point. Importing a certificate (thumbprint xx:xx:xx) is not the same as applying it to a service.

If you want to for example apply a certificate to an IIS site you have to use the the thumpbrint.

Lets say you have a binding for domain and two certificates for that domain (yy:yyy:yy) IIS will not start using (xx:xx:xx) until you tell it to


Also review this article which shows some of the automation you can do: Using Let's Encrypt to secure Windows Remote Desktop connections


Thanks your links ultimately pointed me in the right direction. This guy made a script and, towards the bottom of it, is the automation component for importing into IIS and binding to all https sites. Here’s the link in case anyone else is looking for something simliar:

You might take a look at:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.