Check if a valid certificate already exists for the domain
Write-Host "Checking if a valid certificate exists for the domain: $domain..."
$existingCert = Get-PACertificate -List | Where-Object { $_.MainDomain -eq $domain }
if ($existingCert) {
# A valid certificate exists; export it to the specified paths
Write-Host "A valid certificate already exists. Downloading the certificate..."
Copy-Item -Path $existingCert.FullChainPem -Destination $certPath -Force
Copy-Item -Path $existingCert.PrivateKeyPem -Destination $privateKeyPath -Force
Write-Host "Certificate files have been saved:"
Write-Host "Certificate Path: $certPath"
Write-Host "Private Key Path: $privateKeyPath"
} else {
# No valid certificate exists; request a new one
Write-Host "No valid certificate found. Requesting a new certificate..."
$certArgs = @{
Contact = @($email) # Pass the email as an array (since Contact can be an array)
AcceptTOS = $true # Accept the terms of service
}
$cert = New-PACertificate -Domain $domain @certArgs
# Export the new certificate to the specified paths
Write-Host "Exporting new certificate to specified paths..."
Copy-Item -Path $cert.FullChainPem -Destination $certPath -Force
Copy-Item -Path $cert.PrivateKeyPem -Destination $privateKeyPath -Force
Write-Host "Certificate files have been saved:"
Write-Host "Certificate Path: $certPath"
Write-Host "Private Key Path: $privateKeyPath"
Please put three backticks (```) above and below any configuration file you've pasted in your post for better readability, thank you!
Also:
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I’m on mobile right now and can’t go into a whole lot of detail. The Finishing Up section on the Custom Challenge Validation guide should put you on the right track though.
The Complete-PAOrder function returned an object that has all the paths to the cert files. The same object would be returned by Get-PACertificate. Pipe the output to Format-List to see everything that’s not shown in the default output format.
