I understand what you’re saying, and thanks for writing out that script, might be the way we end up doing it. As you mention, the ‘proper’ way (unless I’m misunderstanding) wont work because it’ll be missing the $result value that the renewal process spits out. So you agree that making a powershell script that writes to JSON via an automatic post deployment task? Then use the scheduled task to do the second part during off hours so users dont get booted off during the certificate import process. Unless we were able to schedule the entire certificate renewal process, that is…