====== Information ======

  * Let's Encrypt ((https://letsencrypt.org))
  * Certbot ((https://certbot.eff.org))
  * [[Information:Realm of Espionage]]

===== Prerequisites =====

  * [[windows;11_ltsc|Windows 11 (24H2)]]
  * [[servers;windows;nginx_php_php-cgi|nginx]]

====== Install ======

===== Python =====

  * https://www.python.org/downloads/windows/
  * Last tested: ''python-3.13.2-amd64.exe''

  * Install ''pip''

===== Certbot =====

****

  "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install "certbot"

==== Update ====

****

  "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install --upgrade "certbot"

====== Settings ======

  MKDIR "%SystemDrive%\www\certbot"

  notepad "%SystemDrive%\www\certbot\cli-custom.ini"

<code>
verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

##########
#CHANGEME#
##########

email = espionage724@x

##########
#CHANGEME#
##########

no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = true

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz

# End</code>

====== Obtain Certs Test ======

  "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80"

  "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run

  "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)"

====== Scripts ======

  * :!: 2025/03/15: TODO: Certbot needs admin for symlinks; possibly needs different scripting ((new certs filenames add #; tar archives, remove it, pull-in new certs; test with --test-certs)), and updated for temp firewall rule

  MKDIR "%SystemDrive%\www\scripts\certbot"

  explorer "%SystemDrive%\www\scripts\certbot"

===== Renewal =====

  notepad "%SystemDrive%\www\scripts\certbot\Renewal.bat"

<code>
:: Stop nginx
CALL "%SystemDrive%\www\scripts\nginx\Stop.bat"

:: Renew Certs
"%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet

:: Start nginx
CALL "%SystemDrive%\www\scripts\nginx\Start.bat"

:: End</code>

  "%SystemDrive%\www\scripts\certbot\Renewal.bat"

===== Update =====

  notepad "%SystemDrive%\www\scripts\certbot\Update.bat"

<code>
:: Update pip
"%LocalAppData%\Programs\Python\Python313\python.exe" -m "pip" install --upgrade "pip" --quiet

:: Update Certbot
"%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install --upgrade "certbot" --quiet

:: End</code>

  "%SystemDrive%\www\scripts\certbot\Update.bat"

====== Shortcuts ======

===== Desktop =====

  * Right-click Desktop -> New -> Shortcut

==== Renewal ====

  "%SystemDrive%\www\scripts\certbot\Renewal.bat"

  Certbot Renewal