| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| servers:windows:nginx:lets_encrypt [2025/02/16 14:38] – Sean Rhone | servers:windows:nginx:lets_encrypt [2025/06/14 21:10] (current) – Sean Rhone |
|---|
| ===== Prerequisites ===== | ===== Prerequisites ===== |
| |
| * [[windows;11_ltsc|Windows 11]] | * [[windows;11_ltsc_server|Windows 11 (24H2)]] |
| * [[servers;windows;nginx_php_php-cgi|nginx]] ((Certbot doesn't necessarily require nginx; if not using nginx then [[servers;windows;nginx_php_php-cgi#firewall|port 443/tcp]] likely needs to be opened)) | * [[servers;windows;nginx_php_php-cgi|nginx]] |
| |
| ====== Install ====== | ====== Install ====== |
| |
| * https://www.python.org/downloads/windows/ | * https://www.python.org/downloads/windows/ |
| * Last tested: ''python-3.13.2-amd64.exe'' | * Last tested: ''python-3.13.4-amd64.exe'' |
| |
| * Install ''pip'' | * Install ''pip'' |
| MKDIR "%SystemDrive%\www\certbot" | MKDIR "%SystemDrive%\www\certbot" |
| |
| notepad "%SystemDrive%\www\certbot\cli-custom.ini" | "notepad.exe" "%SystemDrive%\www\certbot\cli-custom.ini" |
| |
| <code> | <code> |
| hsts = true | hsts = true |
| uir = true | uir = true |
| staple-ocsp = true | staple-ocsp = false |
| |
| domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz | domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz |
| ====== Obtain Certs Test ====== | ====== Obtain Certs Test ====== |
| |
| **** | "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" |
| |
| "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run | "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run |
| | |
| | "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" |
| |
| ====== Scripts ====== | ====== Scripts ====== |
| | |
| | * :!: 2025/03/15: TODO: Certbot needs admin for symlinks; possibly needs different scripting ((new certs filenames add #; tar archives, remove it, pull-in new certs; test with --test-certs)), and updated for temp firewall rule |
| |
| MKDIR "%SystemDrive%\www\scripts\certbot" | MKDIR "%SystemDrive%\www\scripts\certbot" |
| explorer "%SystemDrive%\www\scripts\certbot" | explorer "%SystemDrive%\www\scripts\certbot" |
| |
| ===== Cert Renewal ===== | ===== Renewal ===== |
| |
| notepad "%SystemDrive%\www\scripts\certbot\Renewal.bat" | notepad "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| "%SystemDrive%\www\scripts\certbot\Renewal.bat" | "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| |
| ===== Certbot Update ===== | ==== Test Renewal ==== |
| | |
| | "notepad.exe" "%SystemDrive%\www\scripts\certbot\Renewal-test.bat" |
| | |
| | <code> |
| | :: Stop nginx |
| | CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" |
| | |
| | :: Renew Certs |
| | "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" |
| | "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet |
| | "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" |
| | |
| | "explorer.exe" "%SystemDrive%\Certbot\archive\realmofespionage.xyz" |
| | |
| | "explorer.exe" "%SystemDrive%\www\certbot\certs" |
| | |
| | "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf" |
| | |
| | :: End</code> |
| | |
| | "%SystemDrive%\www\scripts\certbot\Renewal-test.bat" |
| | |
| | ===== Update ===== |
| |
| notepad "%SystemDrive%\www\scripts\certbot\Update.bat" | notepad "%SystemDrive%\www\scripts\certbot\Update.bat" |
