I scripted LetsEncrypt renewals through DNS validation for any webservers that hog port 80 on which HTTP validation won't work.
It's the first time I'm making a little tool that uses several scripts, first time I'm doing REST calls to an API and lots of first-times in powershell code. The flow is essentially:
It's probably a terrible design. I'm sure I'll look back at it in a couple years and cringe. I should have just made a local ADCS. There's lots of things I should have done, but for now it solved an issue, I'm proud of the end result and I learned a lot along the way.