- Download win-acme
To start, open an elevated command prompt and change the working directory to where the win-acme client is installed, run wacs.exe. You will be presented with an interactive menu.
There is no “simple” menu for setting up the certificate for Exchange, so at this point, enter M to create a new certificate with full options.

Choose to create a new certificate with full options.

Choose to create a new certificate will full options.
Next, you will be asked to select how the list of host names will be included in the certificate to be requested. Enter 2 to choose the option for manual input.

Select the option to manually input the host names
Select to manually input the host names
You are prompted for the list of host names. Enter multiple host names separated with a comma. In this example, the host names used are mail.psh-lab.gq,webmail.psh-lab.gq,autodiscover.psh-lab.gq
The first host name in the order will be chosen as the main certificate name by default.

Specify the host names to include in the SAN certificate
The next prompt shows you the suggested friendly name for the certificate (this is not the same as the certificate name), press Enter to accept the default.

Accept the default friendly name
The list of available methods to verify the ownership of the domains you added for the SAN certificate. Enter 2 to choose the option to use the [http-01] recommended verification method.

Choose the recommended ownership verification method
Choose the type of encryption key to be used for the certificate signing request. The default option is RSA key and it is also recommended. Enter 2 to choose RSA key.

Select RSA key for the certificate signing request
There is more that one way to store the requested certificate. But, in this example, the Windows Certificate Store will be selected. Enter 3 and press Enter.
When asked if you want to add another way to store the certificate, enter 3 again to skip and press Enter.

Choose the Windows Certificate Store only
Next, you will be asked to choose one or more actions to perform after the certificate is installed in the Windows Certificate Store. Choose options 1 to create or update the HTTPS bindings and 1 to select the Default Web Site.

Select options to update the https IIS binding for the Default Web Site