forked from dellock6/veeam-powershell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathletsencrypt-cloudconnect.ps1
142 lines (99 loc) · 4.38 KB
/
letsencrypt-cloudconnect.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
##
## Let's Encrypt for Veeam Cloud Connect
##
## Version 2.0
##
## Author Luca Dell'Oca
##
### INITIALIZATION ###
# This script uses Powershell Gallery if you have at least Powershell 5.0.
# This script has been developed with ACMESharp 0.9.1.326
Set-ExecutionPolicy unrestricted
# Load ACMESharp module
function Load-Module ($m) {
# If module is imported say that and do nothing
if (Get-Module | Where-Object {$_.Name -eq $m}) {
write-host "Module $m is already imported."
}
else {
# If module is not imported, but available on disk then import
if (Get-Module -ListAvailable | Where-Object {$_.Name -eq $m}) {
Import-Module $m -Verbose
}
else {
# If module is not imported, not available on disk, but is in online gallery then install and import
if (Find-Module -Name $m | Where-Object {$_.Name -eq $m}) {
Install-Module -Name $m -Force -Verbose -Scope CurrentUser
Import-Module $m -Verbose
}
else {
# If module is not imported, not available and not in online gallery then abort
write-host "Module $m not imported, not available and not in online gallery, exiting."
EXIT 1
}
}
}
}
Load-Module "ACMESharp"
# Change to the Vault folder. Create it if it doesn't exist
$path = "C:\ProgramData\ACMESharp\sysVault"
If(!(test-path $path))
{
New-Item -ItemType Directory -Force -Path $path
}
cd C:\ProgramData\ACMESharp\sysVault
### VARIABLES ###
# alias for the ACME request.
# As long as you don't run more than one request per day, this is correct.
# Otherwise, plan to add also hours and minutes to make your requests unique.
$alias = "vcc-$(get-date -format yyyyMMdd)"
# Let's Encrypt certificates expire after 90 days, so you will have many of them in the local
# certificate store after some time. It's easier to identify them if we give them a unique name.
# We use the date here to do so.
$certname = "vcc-$(get-date -format yyyyMMdd)"
# Give a name to the PFX file on disk, based on the certificate name
$pfxfile = "C:\ProgramData\ACMESharp\sysVault\$certname.pfx"
# Store the certificates into the Local Store of the Local Machine account
$certPath = "\localMachine\my"
# Configure the FQDN that the certificate needs to be binded to
$domain = "cc.virtualtothecore.com"
# Give a friendly name to the certificate so that it can be identified in the certificate store
$friendlyname = "letsencrypt-$(get-date -format yyyyMMdd)"
### PART 1: UPDATE THE IDENTIFIER ###
New-ACMEIdentifier -Dns $domain -Alias $alias
Complete-ACMEChallenge $alias -ChallengeType dns-01 -Handler manual
(Update-ACMEIdentifier $alias -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"} > challenge.txt
$RRtext = Select-String challenge.txt -Pattern "RR " -CaseSensitive | select Line | Out-String
# Here we grab the new TXT DNS Record and output in a message box.
# In this way we have all the time to go and edit the DNS server before
# we continue with the script.
# add the required .NET assembly for the MessageBox
Add-Type -AssemblyName System.Windows.Forms
$msgBoxInput = [System.Windows.Forms.MessageBox]::Show($RRtext,'Update your DNS with this TXT record, Use CTRL+C to get the text','OK','Information')
switch ($msgBoxInput) {
'OK' {
Submit-ACMEChallenge $alias -ChallengeType dns-01
Update-ACMEIdentifier $alias
### PART 2: UPDATE THE CERTIFICATE ###
# Generate a new certificate
New-ACMECertificate ${alias} -Generate -Alias $certname
# Submit the certificate request
Submit-ACMECertificate $certname
# Wait until the certificate is available (has a serial number) before moving on
# as API work in async mode so the cert may not be immediately released.
$serialnumber = $null
$serialnumber = $(update-AcmeCertificate $certname).SerialNumber
# Export the new Certificate to a PFX file
Get-ACMECertificate $certname -ExportPkcs12 $pfxfile
# Import Certificate into Certificate Store
Import-PfxCertificate -CertStoreLocation cert:\localMachine\my -Exportable -FilePath $pfxfile
### PART 3: INSTALL THE CERTIFICATE INTO VEEAM CLOUD CONNECT
asnp VeeamPSSnapin
Connect-VBRServer -Server localhost
$certificate = Get-VBRCloudGatewayCertificate -FromStore | Where {$_.SerialNumber -eq $serialnumber}
Add-VBRCloudGatewayCertificate -Certificate $certificate
Disconnect-VBRServer
}
}
Return
### SCRIPT END ###