Do you run your own self-hosted ConnectWise ScreenConnect server on Windows? If so, you may have wished to be able to stop manually renewing TLS certificates, and ConnectWise refused to add automation. I've documented how to provision LetsEncrypt certificates for ScreenConnect and automatically renew them, for free!

If you'd like the full README file and small script to plug in with the directions, you can go directly to the folder in my GitHub repository, or you can continue reading part of the README I've copied here to ensure it's a good fit for your situation before jumping over.

Context and Background​

When using a self-hosted ConnectWise ScreenConnect server, if you don't want to manually renew the TLS/SSL certificates annually, you must set up TLS certificates using LetsEncrypt. This is a feature that ConnectWise has rejected including, but the application does not use IIS directly, so the certificate that's used must be manually bound to the application initially and after renewal. This script is designed for Windows and is NOT relevant for Linux or macOS, where older versions of ScreenConnect ran and where there is more documentation available online for automating this process (and ConnectWise doesn't support SSO on any servers except Windows, which is important for some people).

Introduction and Overview​

There were too many possible options, libraries, and methods to try but no simple process with a very straightforward installation script that was tested for use on modern Windows versions with the default ScreenConnect web server configuration that didn't involve proxies or third parties like CloudFlare, so I assembled this process that requires the very well-written, easy-to-use, and frequently updated win-acme tool and a tiny script to install the certificate. Hopefully this provides the push to stop renewing certificates manually for ScreenConnect!

What this is not​

This process assumes you already have an operational ScreenConnect installation on your own self-hosted server, and that it's already configured with a valid TLS certificate, perhaps issued by RapidSSL or any other certificate authority where you buy certificates and manually retrieve and install them, but that you'd like to switch to using LetsEncrypt certificates instead.

This process assumes you are having LetsEncrypt configured for TLS, are using the built-in web server and not proxying the web server through a third party like CloudFlare or yourself using nginx or Caddy, so it doesn't walk you through that process. It also assumes you have locked down the TLS settings yourself and validated it using a service like Qualys SSLLabs in order to ensure only modern and secure TLS configurations are used.

Thanks to Jonathan Crowe, the Director of Community at NinjaOne, for inviting me to be a part of one of the Like a Ninja streams that they host on the NinjaOne YouTube channel every couple of weeks. This stream was on October 9th, 2024 and was a conversation with that Jonathan hosted with Mark Giordano, a Technical Product Manager at NinjaOne and former customer and community member (also known as AiVenom), and me around how to determine the Return on Investment, or ROI, of scripting and automation.

While programmers and technicians are usually somewhat easy to convince about why automating things is worth investing time and effort into, it's not always easy to convince business leadership that automation is worth it, because the business wins aren't always as obvious when automation is approached from a technical perspective.

The video is about an hour long. Here it is, following the official stream description:

Does it feel like the time you spend on scripting and related training is going unappreciated? Or, worse yet, like you'll never get approval for that in the first place? Effective use of scripting can be a game-changer for IT admins, but unfortunately management doesn't always view it as a priority, and it's rare when the value of it is clearly communicated to all the stakeholders involved.

Join us for tips on how you can better highlight the business value of scripting, and get increased buy-in and support for it as a critical time investment.

Thanks to Jonathan Crowe, the Director of Community at NinjaOne, for inviting me to be a part of one of the Like a Ninja streams that they host on the NinjaOne YouTube channel every couple of weeks. This stream was on February 28th, 2024 and was a conversation with that Jonathan hosted to let me demonstrate how to write PowerShell scripts using an existing script I've published as an example to walk through.

The video is about an hour long. Here it is, following the official stream description:

Join NinjaOne star David Szpunar as we go over how to write PowerShell scripts like a ninja!

The video is somewhat fast-paced and does assume some beginner knowledge of PowerShell, focusing on the structure of building the structure of a script into a usable whole with various parameters and functions.

Setting Up VS Code and Git Like a Ninja​

If you enjoyed that video, a month later on March 26th, 2024, NinjaOne community member and PowerShell programmer extraordinaire Mikey O'Toole led a follow-up video stream called How to set up VS Code and Git Repo Like a Ninja that helps get you further down the programming rabbit hole with information on how to set up an environment more conducive to writing and debugging PowerShell on your own machine, as well as tracking changes and sharing code using Git and a centralized source such as GitHub or one of the alternative services.

Welcome​

I'm the CEO of a US-based IT services company (Managed Services Provider, or MSP), and I like technology (and people! People are great, I love people! We use technology to serve them, but I have a soft spot for the tech like a true geek!). While I have a long history with and interest in technology and programming and security, I've spent my free time relaxing by playing with PowerShell lately, and have had fun sharing them with peers to help the community.