Hi,

I do it the following way.

I use win-acme (used to be letsencrypt winsimple) which sets a scheduled task to check the certs daily and updated when needed.


Make sure that the certs are saved in the my cache.

Create the following powershell script

# Start Export
Get-ChildItem -Path 'Cert:\localmachine\my' |
Where-Object { $_.hasPrivateKey } | Where-Object {$_.Subject -imatch "CN=mail.mymail.com"} |
Foreach-Object {&certutil.exe @('-exportpfx', '-f', '-p', 'yourpassword',$_.Thumbprint,"c:\smartermail\certs\mail.mymail.com.pfx")}
# End Export

This searches for the correct CN and then exports to a folder of your choice


I then call the following batch file from a scheduled task

# Start of Scheduled Job Batch file
powershell.exe -executionpolicy remotesigned -File "c:\Smartermail\Scripts\ExportCert - mymail.ps1"
# End of Scheduled Job Batch file

Then just assign the pfx file you have saved under the Port binding of SM using the password you set on the export.

This is the easiest way i have found so far, it even deploys and exports the certificates and auto renews
https://certifytheweb.com/

@Neil Harvey

"'Then just assign the pfx file you have saved under the Port binding of SM using the password you set on the export.""

Isn't there a way to do the assignment automatically as the Let's Encrypt Certs renew every 60 days (with Certify the Web) as they expire every 90 days?

I use the following on an batch file to generate the .pfx file

Reference : https://www.smartertools.com/blog/2017/08/14-secure-smartermail-with-lets-encrypt

Hello @steve,

   Thanks for the scripts. But when I ran it, the powershell returned: Test failed: Cannot find the certificate and private key to use for decryption with error code 0x8009200c(l CRYPT_E_NO_DECRYPT_CERT ).  

   Thanks again!!