{"id":9464,"date":"2026-03-04T09:38:04","date_gmt":"2026-03-04T09:38:04","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=9464"},"modified":"2026-05-24T22:33:50","modified_gmt":"2026-05-24T22:33:50","slug":"certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings","title":{"rendered":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings"},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code class=\"\"># ==============================================================================\n# Update-SQLServerCertificate.ps1\n#\n# Post-Renewal Task script for Certify The Web \/ Let's Encrypt\n#\n# What it does:\n#   1. Pulls certificate details from the Certify $result object\n#   2. Auto-discovers ALL SQL Server instances via the registry\n#   3. For each instance:\n#      a. Writes the thumbprint as REG_SZ to:\n#           HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\\n#             &lt;InstanceKey>\\MSSQLServer\\SuperSocketNetLib\\Certificate\n#         (confirmed from live SSCM export \u2014 this is exactly where SSCM reads it)\n#      b. Grants Read on the private key to the SQL service account\n#      c. Stops the SQL Agent service (if running) before restarting SQL Server\n#      d. Restarts the SQL Server service (only if StartMode = Auto)\n#      e. Restarts the SQL Agent service (only if it was running and StartMode = Auto)\n#   4. Writes a timestamped audit log\n#\n# Usage in Certify The Web:\n#   Managed Certificate > Deployment > Add Deployment Task > Run PowerShell Script\n#   Script: C:\\Scripts\\Update-SQLServerCertificate.ps1\n#\n# KEY REGISTRY FACT (confirmed from live SSCM export):\n#   Certificate thumbprint lives at:\n#     HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\&lt;InstanceKey>\\\n#       MSSQLServer\\SuperSocketNetLib\\Certificate\n#   NOT under the \\Ssl subkey \u2014 that path does not exist in a default installation.\n#   Thumbprint must be lowercase, no spaces, no leading\/trailing characters.\n#\n# SQL AGENT NOTE:\n#   SQL Agent is a dependent service of SQL Server. If SQL Server is restarted\n#   without stopping Agent first, SCM may throw errors. This script:\n#     - Stops Agent before restarting SQL Server (if Agent was running)\n#     - Restarts Agent after SQL Server is back up (only if it was running before)\n#   Agent service names:\n#     Default instance : SQLSERVERAGENT\n#     Named instance   : SQLAgent$&lt;InstanceName>\n# ==============================================================================\n\nparam($result)\n\n# --- OPTIONAL CONFIGURATION ---------------------------------------------------\n$LogFile     = \"C:\\Logs\\SQLCertRenewal.log\"\n$SkipRestart = $false          # Set $true to test without bouncing SQL services\n# ------------------------------------------------------------------------------\n\n\n# ==============================================================================\n# LOGGING\n# ==============================================================================\n\nfunction Write-Log {\n    param([string]$Message, [string]$Level = \"INFO\")\n    $timestamp = Get-Date -Format \"yyyy-MM-dd HH:mm:ss\"\n    $entry = \"[$timestamp] [$Level] $Message\"\n    Write-Host $entry\n    $logDir = Split-Path $LogFile -Parent\n    if (-not (Test-Path $logDir)) { New-Item -ItemType Directory -Path $logDir -Force | Out-Null }\n    Add-Content -LiteralPath $LogFile -Value $entry\n}\n\n\n# ==============================================================================\n# STEP 0 \u2014 Validate Certify $result object\n# ==============================================================================\n\nWrite-Log \"============================================================\"\nWrite-Log \"SQL Server Certificate Renewal Script Started\"\n\n\n$RawThumbprint = $result.ManagedItem.CertificateThumbprintHash\n$PfxPath       = $result.ManagedItem.CertificatePath\n$PrimaryDomain = $result.ManagedItem.RequestConfig.PrimaryDomain\n\nif (-not $RawThumbprint) {\n    Write-Log \"ERROR: CertificateThumbprintHash is empty. Cannot proceed.\" -Level \"ERROR\"\n    exit 1\n}\n\n# Sanitise the thumbprint:\n#   - Strip everything that is not a hex character (removes spaces, dashes,\n#     hidden Unicode, zero-width spaces, BOM characters etc.)\n#   - Force lowercase \u2014 confirmed from live SSCM registry export:\n#     SSCM writes the thumbprint as lowercase, SQL Server loads it correctly.\n$NewThumbprint = ($RawThumbprint -replace '[^a-fA-F0-9]', '').ToLower()\n\nWrite-Log \"Certify Renewal Successful\"\nWrite-Log \"Primary Domain  : $PrimaryDomain\"\nWrite-Log \"PFX Path        : $PfxPath\"\nWrite-Log \"Raw Thumbprint  : $RawThumbprint\"\nWrite-Log \"Clean Thumbprint: $NewThumbprint  (lowercase, no spaces)\"\nWrite-Log \"Previous Thumb  : $($result.ManagedItem.CertificatePreviousThumbprintHash)\"\n\n# Load the cert from LocalMachine\\My \u2014 the store comparison is case-insensitive\n$cert = Get-ChildItem -Path \"Cert:\\LocalMachine\\My\" |\n        Where-Object { $_.Thumbprint -ieq $NewThumbprint } |\n        Select-Object -First 1\n\nif (-not $cert) {\n    Write-Log \"ERROR: Certificate '$NewThumbprint' not found in LocalMachine\\My store.\" -Level \"ERROR\"\n    exit 1\n}\n\nWrite-Log \"Certificate found: Subject=$($cert.Subject) | Expires=$($cert.NotAfter)\"\n\n# Inform if SAN cert \u2014 these work fine in SQL Server but may not show in SSCM dropdown\n$san = $cert.Extensions | Where-Object { $_.Oid.FriendlyName -eq \"Subject Alternative Name\" }\nif ($san) {\n    Write-Log \"INFO: Certificate has Subject Alternative Names (SAN). SQL Server will use it correctly via registry, but it may not appear in the SSCM certificate dropdown \u2014 this is expected.\" -Level \"INFO\"\n}\n\n\n# ==============================================================================\n# STEP 1 \u2014 Discover SQL instances via registry (authoritative source)\n# ==============================================================================\n\nWrite-Log \"------------------------------------------------------------\"\nWrite-Log \"Discovering SQL Server instances...\"\n\n$regInstanceRoot = \"HKLM:\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\Instance Names\\SQL\"\n\nif (-not (Test-Path $regInstanceRoot)) {\n    Write-Log \"ERROR: Registry path not found: $regInstanceRoot\" -Level \"ERROR\"\n    Write-Log \"ERROR: No SQL Server instances found on this machine.\" -Level \"ERROR\"\n    exit 1\n}\n\n# Each value under Instance Names\\SQL is: InstanceName -> InstanceKey\n# e.g.  MSSQLSERVER  -> MSSQL15.MSSQLSERVER\n#       CASEMANAGER  -> MSSQL15.CASEMANAGER\n$instanceMap = @{}\n$regProps = Get-ItemProperty -Path $regInstanceRoot\n$regProps.PSObject.Properties |\n    Where-Object { $_.Name -notmatch \"^PS\" } |\n    ForEach-Object { $instanceMap[$_.Name] = $_.Value }\n\nif ($instanceMap.Count -eq 0) {\n    Write-Log \"ERROR: No SQL Server instances found in registry.\" -Level \"ERROR\"\n    exit 1\n}\n\nWrite-Log \"Instances discovered ($($instanceMap.Count)): $($instanceMap.Keys -join ', ')\"\nforeach ($kv in $instanceMap.GetEnumerator()) {\n    Write-Log \"  $($kv.Key) -> $($kv.Value)\"\n}\n\n\n# ==============================================================================\n# HELPERS\n# ==============================================================================\n\nfunction Get-SqlServiceInfo {\n    param([string]$InstanceName)\n    # Default instance service name is MSSQLSERVER; named instances are MSSQL$&lt;name>\n    # Default agent service name is SQLSERVERAGENT; named instances are SQLAgent$&lt;name>\n    $serviceName = if ($InstanceName -eq \"MSSQLSERVER\") { \"MSSQLSERVER\" } else { \"MSSQL`$$InstanceName\" }\n    $agentName   = if ($InstanceName -eq \"MSSQLSERVER\") { \"SQLSERVERAGENT\" } else { \"SQLAgent`$$InstanceName\" }\n\n    $svc      = Get-WmiObject -Class Win32_Service -Filter \"Name='$serviceName'\" -ErrorAction SilentlyContinue\n    $agentSvc = Get-WmiObject -Class Win32_Service -Filter \"Name='$agentName'\"   -ErrorAction SilentlyContinue\n\n    if ($svc) {\n        Write-Log \"  Service   : $serviceName  |  Account : $($svc.StartName)  |  StartMode : $($svc.StartMode)\"\n        if ($agentSvc) {\n            Write-Log \"  Agent     : $agentName  |  StartMode : $($agentSvc.StartMode)  |  State : $($agentSvc.State)\"\n        } else {\n            Write-Log \"  Agent     : $agentName not found (may not be installed)\" -Level \"WARN\"\n        }\n        return @{\n            ServiceName    = $serviceName\n            ServiceAccount = $svc.StartName\n            StartMode      = $svc.StartMode     # \"Auto\", \"Manual\", \"Disabled\"\n            AgentName      = $agentName\n            AgentStartMode = $agentSvc?.StartMode\n            AgentRunning   = ($agentSvc?.State -eq \"Running\")\n        }\n    }\n    Write-Log \"  WARNING: Service '$serviceName' not found in SCM.\" -Level \"WARN\"\n    return $null\n}\n\n\nfunction Get-SqlNetLibRegPath {\n    &lt;#\n    .SYNOPSIS\n        Returns the SuperSocketNetLib registry key path for a SQL instance.\n        This is where SSCM reads and writes the Certificate thumbprint value.\n\n    .NOTES\n        Correct path (confirmed from live SSCM registry export):\n          HKLM\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\&lt;InstanceKey>\\\n            MSSQLServer\\SuperSocketNetLib\n\n        The Certificate value sits DIRECTLY under SuperSocketNetLib.\n        There is NO \\Ssl subkey in a default SQL Server installation.\n    #>\n    param([string]$InstanceKey)\n    $path = \"HKLM:\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\$InstanceKey\\MSSQLServer\\SuperSocketNetLib\"\n    if (Test-Path $path) {\n        Write-Log \"  Registry  : $path\"\n        return $path\n    }\n    Write-Log \"  WARNING: Registry path not found: $path\" -Level \"WARN\"\n    return $null\n}\n\n\nfunction Grant-PrivateKeyPermission {\n    param(\n        [System.Security.Cryptography.X509Certificates.X509Certificate2]$Cert,\n        [string]$ServiceAccount\n    )\n    Write-Log \"  Granting private key Read to: $ServiceAccount\"\n\n    # Try CNG key first (used by modern Let's Encrypt certs)\n    try {\n        $rsaKey = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($Cert)\n        if ($rsaKey -is [System.Security.Cryptography.RSACng]) {\n            $keyName = $rsaKey.Key.UniqueName\n            $keyFile = @(\n                \"$env:ProgramData\\Microsoft\\Crypto\\Keys\\$keyName\",\n                \"$env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyName\"\n            ) | Where-Object { Test-Path $_ } | Select-Object -First 1\n\n            if (-not $keyFile) { throw \"CNG key file not found for UniqueName: $keyName\" }\n            Write-Log \"  CNG key file : $keyFile\"\n            $acl  = Get-Acl -Path $keyFile\n            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($ServiceAccount, \"Read\", \"Allow\")\n            $acl.AddAccessRule($rule)\n            Set-Acl -Path $keyFile -AclObject $acl\n            Write-Log \"  CNG permission granted.\"\n            return\n        }\n    } catch {\n        Write-Log \"  CNG key attempt failed, trying CAPI: $_\" -Level \"WARN\"\n    }\n\n    # Fallback: CAPI key (legacy)\n    try {\n        $keyContainer = $Cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName\n        $keyPath      = \"$env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyContainer\"\n        if (-not (Test-Path $keyPath)) { throw \"CAPI key file not found: $keyPath\" }\n        Write-Log \"  CAPI key file: $keyPath\"\n        $acl  = Get-Acl -Path $keyPath\n        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($ServiceAccount, \"Read\", \"Allow\")\n        $acl.AddAccessRule($rule)\n        Set-Acl -Path $keyPath -AclObject $acl\n        Write-Log \"  CAPI permission granted.\"\n    } catch {\n        throw \"Could not grant private key permission (tried CNG and CAPI): $_\"\n    }\n}\n\n\nfunction Restart-SqlService {\n    # Handles stop\/start\/verify for a single service with logging\n    param(\n        [string]$ServiceName,\n        [string]$Label = \"SQL Server\"\n    )\n    Write-Log \"  Stopping $Label : $ServiceName\"\n    Stop-Service -Name $ServiceName -Force -ErrorAction Stop\n    Start-Sleep -Seconds 3\n\n    Write-Log \"  Starting $Label : $ServiceName\"\n    Start-Service -Name $ServiceName -ErrorAction Stop\n    Start-Sleep -Seconds 5\n\n    $status = (Get-Service -Name $ServiceName).Status\n    if ($status -ne \"Running\") {\n        throw \"$Label did not reach Running state after restart. Status: $status\"\n    }\n    Write-Log \"  $Label running.\" -Level \"OK\"\n}\n\n\n# ==============================================================================\n# STEP 2 \u2014 Process each SQL instance\n# ==============================================================================\n\n$successCount = 0\n$failCount    = 0\n\nforeach ($instanceName in $instanceMap.Keys) {\n\n    $instanceKey = $instanceMap[$instanceName]\n\n    Write-Log \"------------------------------------------------------------\"\n    Write-Log \"Processing instance : $instanceName  (key: $instanceKey)\"\n\n    try {\n\n        # ---- Service info -------------------------------------------------------\n        $svcInfo = Get-SqlServiceInfo -InstanceName $instanceName\n        if (-not $svcInfo) {\n            Write-Log \"  Skipping \u2014 service not found in SCM.\" -Level \"WARN\"\n            $failCount++\n            continue\n        }\n\n        # ---- Registry path ------------------------------------------------------\n        # Path: ...\\&lt;InstanceKey>\\MSSQLServer\\SuperSocketNetLib\n        # Value: Certificate  (directly under SuperSocketNetLib \u2014 NOT under \\Ssl)\n        $regPath = Get-SqlNetLibRegPath -InstanceKey $instanceKey\n        if (-not $regPath) {\n            Write-Log \"  Skipping \u2014 SuperSocketNetLib registry path not found.\" -Level \"WARN\"\n            $failCount++\n            continue\n        }\n\n        $oldThumb = (Get-ItemProperty -Path $regPath -Name \"Certificate\" -ErrorAction SilentlyContinue).Certificate\n        Write-Log \"  Current thumbprint : '$oldThumb'\"\n        Write-Log \"  New thumbprint     : '$NewThumbprint'\"\n\n        # ---- Write thumbprint to registry as REG_SZ -----------------------------\n        Set-ItemProperty -Path $regPath -Name \"Certificate\" -Value $NewThumbprint -ErrorAction Stop\n        Write-Log \"  Registry write: done\"\n\n        # Confirm what is now in the registry\n        $writtenThumb = (Get-ItemProperty -Path $regPath -Name \"Certificate\" -ErrorAction SilentlyContinue).Certificate\n        Write-Log \"  Verified registry : '$writtenThumb'\"\n\n        if ($writtenThumb -ne $NewThumbprint) {\n            throw \"Registry verify failed \u2014 expected '$NewThumbprint' but found '$writtenThumb'\"\n        }\n\n        # ---- Private key permission ---------------------------------------------\n        Grant-PrivateKeyPermission -Cert $cert -ServiceAccount $svcInfo.ServiceAccount\n\n        # ---- Service restart (Auto-start services only) -------------------------\n        if ($SkipRestart) {\n            Write-Log \"  SkipRestart=true \u2014 skipping all service restarts.\" -Level \"WARN\"\n        } elseif ($svcInfo.StartMode -ne \"Auto\") {\n            Write-Log \"  Skipping restart \u2014 SQL StartMode is '$($svcInfo.StartMode)' (only Auto services are restarted).\" -Level \"WARN\"\n        } else {\n            # Stop Agent first if running \u2014 it is a dependent service of SQL Server\n            # and stopping SQL Server without stopping Agent first can cause SCM errors\n            if ($svcInfo.AgentRunning) {\n                Write-Log \"  SQL Agent is running \u2014 stopping before SQL Server restart...\"\n                Stop-Service -Name $svcInfo.AgentName -Force -ErrorAction SilentlyContinue\n                Start-Sleep -Seconds 3\n                Write-Log \"  SQL Agent stopped.\"\n            }\n\n            # Restart SQL Server\n            Restart-SqlService -ServiceName $svcInfo.ServiceName -Label \"SQL Server\"\n\n            # Restart Agent only if it was running before \u2014 don't start an agent\n            # that was intentionally stopped or is set to Manual\/Disabled\n            if ($svcInfo.AgentRunning -and $svcInfo.AgentStartMode -eq \"Auto\") {\n                Restart-SqlService -ServiceName $svcInfo.AgentName -Label \"SQL Agent\"\n            } elseif ($svcInfo.AgentRunning) {\n                Write-Log \"  SQL Agent was running but StartMode is '$($svcInfo.AgentStartMode)' \u2014 not restarting.\" -Level \"WARN\"\n            } else {\n                Write-Log \"  SQL Agent was not running before restart \u2014 skipping agent start.\"\n            }\n        }\n\n        Write-Log \"  Instance '$instanceName' complete.\" -Level \"OK\"\n        $successCount++\n\n    } catch {\n        Write-Log \"  ERROR processing '$instanceName': $_\" -Level \"ERROR\"\n\n        # Pull recent SQL errors from Application event log to aid diagnosis\n        try {\n            $events = Get-EventLog -LogName Application -Source \"MSSQL*\" -Newest 3 -ErrorAction SilentlyContinue |\n                      Where-Object { $_.EntryType -eq \"Error\" }\n            if ($events) {\n                Write-Log \"  Recent SQL Application event errors:\" -Level \"ERROR\"\n                $events | ForEach-Object {\n                    Write-Log \"    [$($_.TimeGenerated)] $($_.Message.Split(\"`n\")[0])\" -Level \"ERROR\"\n                }\n            }\n        } catch { }\n\n        $failCount++\n    }\n}\n\n\n# ==============================================================================\n# SUMMARY\n# ==============================================================================\n\nWrite-Log \"------------------------------------------------------------\"\nWrite-Log \"Summary      : Success=$successCount | Failed=$failCount\"\nWrite-Log \"Thumbprint   : $NewThumbprint\"\nWrite-Log \"Cert expiry  : $($cert.NotAfter)\"\nWrite-Log \"============================================================\"\n\nexit $(if ($failCount -gt 0) { 1 } else { 0 })<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9464","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let&#039;s Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"paris\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Welcome to Pariswells.com |\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com\" \/>\n\t\t<meta property=\"og:description\" content=\"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let&#039;s Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-03-04T09:38:04+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-05-24T22:33:50+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com\" \/>\n\t\t<meta name=\"twitter:description\" content=\"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let&#039;s Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#article\",\"name\":\"Certify the Web \\\\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com\",\"headline\":\"Certify the Web \\\\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings\",\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"},\"datePublished\":\"2026-03-04T09:38:04+00:00\",\"dateModified\":\"2026-05-24T22:33:50+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#webpage\"},\"articleSection\":\"Research\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#listItem\",\"name\":\"Certify the Web \\\\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#listItem\",\"position\":3,\"name\":\"Certify the Web \\\\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\",\"name\":\"Welcome to Pariswells.com\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris\",\"name\":\"paris\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"paris\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#webpage\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings\",\"name\":\"Certify the Web \\\\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com\",\"description\":\"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \\\/ Let's Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"datePublished\":\"2026-03-04T09:38:04+00:00\",\"dateModified\":\"2026-05-24T22:33:50+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\",\"name\":\"Welcome to Pariswells.com\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com","description":"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let's Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #","canonical_url":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#article","name":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com","headline":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings","author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"},"datePublished":"2026-03-04T09:38:04+00:00","dateModified":"2026-05-24T22:33:50+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#webpage"},"isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#webpage"},"articleSection":"Research"},{"@type":"BreadcrumbList","@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/pariswells.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","position":2,"name":"Research","item":"https:\/\/pariswells.com\/blog\/category\/research","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#listItem","name":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings"},"previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#listItem","position":3,"name":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings","previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}}]},{"@type":"Organization","@id":"https:\/\/pariswells.com\/blog\/#organization","name":"Welcome to Pariswells.com","url":"https:\/\/pariswells.com\/blog\/"},{"@type":"Person","@id":"https:\/\/pariswells.com\/blog\/author\/paris#author","url":"https:\/\/pariswells.com\/blog\/author\/paris","name":"paris","image":{"@type":"ImageObject","@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g","width":96,"height":96,"caption":"paris"}},{"@type":"WebPage","@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#webpage","url":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings","name":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com","description":"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let's Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings#breadcrumblist"},"author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"creator":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"datePublished":"2026-03-04T09:38:04+00:00","dateModified":"2026-05-24T22:33:50+00:00"},{"@type":"WebSite","@id":"https:\/\/pariswells.com\/blog\/#website","url":"https:\/\/pariswells.com\/blog\/","name":"Welcome to Pariswells.com","inLanguage":"en-US","publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Welcome to Pariswells.com |","og:type":"article","og:title":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com","og:description":"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let's Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #","og:url":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings","article:published_time":"2026-03-04T09:38:04+00:00","article:modified_time":"2026-05-24T22:33:50+00:00","twitter:card":"summary","twitter:title":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings | Welcome to Pariswells.com","twitter:description":"# ============================================================================== # Update-SQLServerCertificate.ps1 # # Post-Renewal Task script for Certify The Web \/ Let's Encrypt # # What it does: # 1. Pulls certificate details from the Certify $result object # 2. Auto-discovers ALL SQL Server instances via the registry # 3. For each instance: # a. Writes the thumbprint as REG_SZ to: #"},"aioseo_meta_data":{"post_id":"9464","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"schemas":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2026-03-04 09:35:39","updated":"2026-05-24 22:33:50","primary_term":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\/category\/research\" title=\"Research\">Research<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tCertify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/pariswells.com\/blog"},{"label":"Research","link":"https:\/\/pariswells.com\/blog\/category\/research"},{"label":"Certify the Web \\ Lets Encrypt Powershell to Update Certificate on SQL Server Bindings","link":"https:\/\/pariswells.com\/blog\/research\/certify-the-web-lets-encrypt-powershell-to-update-certificate-on-sql-server-bindings"}],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=9464"}],"version-history":[{"count":2,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9464\/revisions"}],"predecessor-version":[{"id":9693,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/9464\/revisions\/9693"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=9464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=9464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=9464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}