Anyone Have Browser based Remote Sessions working with Lets Encrypt/Win-ACME certificates

[BCoole]

We Use AADJ Devices and our internal servics use public signed certs - not much in the way of traditional internal CA infrastructure nor the desire to set it up. 

 

We have WIN-ACME requesting publicly signed certs using the DNS-01 challenge and have configured the certificates to be exportable and to auto update in the site bindings for IIS. Cookie cutter cert management, works well for the base site, no problems there.

 

The problem is that as far as I can tell this can't/wont update the cert for the remote session gateway. 

 

In Section 9 of the remote session launcher guide there are a few lines of Powershell to update the gateway cert *after* a cert has been exported with a password, however there isn't anyhting 'clean and easy' like the gateway install script that exports it and sets up the gateway in the first place. 

 

Has anyone run into this before and/or made a script to auto export and update the  gateway cert?

 

Alternatively, as a brute force approach, is there any problems that would occur from simply re-triggering the install-gateway-internal.ps1 script after the cert is renewed?

I could probably easily cut out sections like redownloading OPENJDK, but im not sure how 'healthy' re-running the install.bat file would be to a production instance and I'm not familiar enough with powershell to reverse engineer the cert export from IIS and update in the gateway service myself. 

 

Hoping someone else has already run into this one.