@scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.
Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?
One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.
Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process.
It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one.
Got it thanks. Looks like a bit of a learning curve then. :)
It's not bad. I find learning the LE pieces easier than learning to do it the old fashioned way :) And with LE it is "learn once and ignore", rather than "learn once, forget, do again in a year or two all over again."