Hi all & @NetoMeter
Have successfully implemented the ACME script https://www.netometer.com/video/tutorials/How-to-Install-LetsEncrypt-Certificate-in-Exchange-Server/ to change the self-signed certificate on our exchange 2016 to a LE cert and the certicate is showing fine and our email clients (browser, apps & mobile devices) accessing this fine even after the switch over was done between the certificates without having to reconfigure clients.
The problem I am having is when testing the task scheduler Part 4 the auto-renewal process does not populate a new certificate into exchange.
After attempting this a 3-4 times and doing it via Powershell in administrator mode, I am seeing errors about the directory/certificate missing during re-generation in the folder structure.
The specific error that PS throws up is “New-ACMEIdentifier : An item with the same key has already been added” followed by later on with “Submit-ACMEChallenge : challenge has not been decoded”.
The acme_$date.log files is been generated everytime the script is run over a period of days when I attempting this.
All the names have a valid registration status in the log…
From what I see, the .well-known folder been created into C:\inetpub\wwwroot.well-known - when I run the script and in IIS.
Where am I going wrong here?
[UPDATE] Have seen this post ACMESharp Submit-ACMECertificate Commandlet Failing and if I am understanding this correctly, the exisitng certicate is cached in the vault for 60days so will have to wait for this to expire or issue a new validation which am not sure how to edit this step to achive this with ACME…