We need to replace the expiring wildcard certificate on 300 Windows servers. Ranging from 2003 to 2012r2. Most of the servers are a member of the root domain. The others are workgroup DMZ servers. I have some scripts that allow me to copy the pfx file then install it not the store but I have not found a way to add the new certificate to existing iis bindings remotely. I don't want to have to re create the bindings since they are many sites and bindings on most servers and some use non standard ports. We do not use certificate services but we could implement if this would help. What are my options here to make this an easier process than touching 300 servers?