####################

### SCRIPT START ###

####################

### INITIALIZATION ###

# This command loads the ACMESharp module at each execution.

# The script works only if you already installed the Powershell plugin.

# If not, go and run

# install-Module ACMESharp

# in the Powershell console.

# This uses Powershell Gallery if you have at least Powershell 5.0.

# If you want to update ACMESharp to the latest version, run:

# update-module ACMESharp

# NOTE: this script has been developed with ACMESharp 0.9.1.326

Set-ExecutionPolicy unrestricted

# Load ACMESharp module

import -module ACMESharp

# Change to the Vault folder

cd C : \ ProgramData \ ACMESharp \ sysVault

### VARIABLES ###

# alias for the ACME request.

# As long as you don't run more than one request per day, this is correct.

# Otherwise, plan to add also hours and minutes to make your requests unique.

$alias = "vcc-$(get-date -format yyyyMMdd)"

# Let's Encrypt certificates expire after 90 days, so you will have many of them in the local

# certificate store after some time. It's easier to identify them if we give them a unique name.

# We use the date here to do so.

$certname = "vcc-$(get-date -format yyyyMMdd)"

# Give a name to the PFX file on disk, based on the certificate name

$pfxfile = "C:\ProgramData\ACMESharp\sysVault\$certname.pfx"

# Store the certificates into the Local Store of the Local Machine account

$certPath = "\localMachine\my"

# Configure the FQDN that the certificate needs to be binded to

$domain = "cc.virtualtothecore.com"

# Give a friendly name to the certificate so that it can be identified in the certificate store

$friendlyname = "letsencrypt-$(get-date -format yyyyMMdd)"

### PART 1: UPDATE THE IDENTIFIER ###

New-ACMEIdentifier -Dns $domain -Alias $alias

Complete-ACMEChallenge $alias -ChallengeType dns -01 -Handler manual

( Update-ACMEIdentifier $alias -ChallengeType dns -01 ) . Challenges | Where-Object { $_ . Type -eq "dns-01" } & gt ; challenge . txt

$RRtext = Select-String challenge . txt -Pattern "RR " -CaseSensitive | select Line | Out-String

# Here we grab the new TXT DNS Record and output in a message box.

# In this way we have all the time to go and edit the DNS server before

# we continue with the script.

# add the required .NET assembly for the MessageBox

Add-Type -AssemblyName System . Windows . Forms

$msgBoxInput = [ System . Windows . Forms . MessageBox ] :: Show ( $RRtext , 'Update your DNS with this TXT record, Use CTRL+C to get the text' , 'OK' , 'Information' )

switch ( $msgBoxInput ) {

'OK' {

Submit-ACMEChallenge $alias -ChallengeType dns -01

Update-ACMEIdentifier $alias

### PART 2: UPDATE THE CERTIFICATE ###

# Generate a new certificate

New-ACMECertificate $ { alias } -Generate -Alias $certname

# Submit the certificate request

Submit-ACMECertificate $certname

# Wait until the certificate is available (has a serial number) before moving on

# as API work in async mode so the cert may not be immediately released.

$serialnumber = $null

$serialnumber = $ ( update -AcmeCertificate $certname ) . SerialNumber

# Export the new Certificate to a PFX file

Get-ACMECertificate $certname -ExportPkcs12 $pfxfile

# Import Certificate into Certificate Store

Import-PfxCertificate -CertStoreLocation cert : \ localMachine \ my -Exportable -FilePath $pfxfile

### PART 3: INSTALL THE CERTIFICATE INTO VEEAM CLOUD CONNECT

asnp VeeamPSSnapin

Connect-VBRServer -Server localhost

$certificate = Get-VBRCloudGatewayCertificate -FromStore | Where { $_ . SerialNumber -eq $serialnumber }

Add-VBRCloudGatewayCertificate -Certificate $certificate

Disconnect-VBRServer

}

}

Return