User Tools

Site Tools


servers:windows:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
servers:windows:nginx:lets_encrypt [2025/02/25 19:27] – [Prerequisites] Sean Rhoneservers:windows:nginx:lets_encrypt [2025/06/14 21:10] (current) Sean Rhone
Line 7: Line 7:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[windows;11_ltsc|Windows 11 (24H2)]] +  * [[windows;11_ltsc_server|Windows 11 (24H2)]] 
-  * [[servers;windows;nginx_php_php-cgi|nginx]] ((Certbot doesn't necessarily require nginx; if not using nginx then [[servers;windows;nginx_php_php-cgi#firewall|port 443/tcp]] likely needs to be opened))+  * [[servers;windows;nginx_php_php-cgi|nginx]]
  
 ====== Install ====== ====== Install ======
Line 15: Line 15:
  
   * https://www.python.org/downloads/windows/   * https://www.python.org/downloads/windows/
-  * Last tested: ''python-3.13.2-amd64.exe''+  * Last tested: ''python-3.13.4-amd64.exe''
  
   * Install ''pip''   * Install ''pip''
Line 35: Line 35:
   MKDIR "%SystemDrive%\www\certbot"   MKDIR "%SystemDrive%\www\certbot"
  
-  notepad "%SystemDrive%\www\certbot\cli-custom.ini"+  "notepad.exe" "%SystemDrive%\www\certbot\cli-custom.ini"
  
 <code> <code>
Line 61: Line 61:
 hsts = true hsts = true
 uir = true uir = true
-staple-ocsp = true+staple-ocsp = false
  
 domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz
Line 69: Line 69:
 ====== Obtain Certs Test ====== ====== Obtain Certs Test ======
  
-****+  "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80"
  
   "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run   "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run
 +
 +  "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)"
  
 ====== Scripts ====== ====== Scripts ======
 +
 +  * :!: 2025/03/15: TODO: Certbot needs admin for symlinks; possibly needs different scripting ((new certs filenames add #; tar archives, remove it, pull-in new certs; test with --test-certs)), and updated for temp firewall rule
  
   MKDIR "%SystemDrive%\www\scripts\certbot"   MKDIR "%SystemDrive%\www\scripts\certbot"
Line 96: Line 100:
  
   "%SystemDrive%\www\scripts\certbot\Renewal.bat"   "%SystemDrive%\www\scripts\certbot\Renewal.bat"
 +
 +==== Test Renewal ====
 +
 +  "notepad.exe" "%SystemDrive%\www\scripts\certbot\Renewal-test.bat"
 +
 +<code>
 +:: Stop nginx
 +CALL "%SystemDrive%\www\scripts\nginx\Stop.bat"
 +
 +:: Renew Certs
 +"netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80"
 +"%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet
 +"netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)"
 +
 +"explorer.exe" "%SystemDrive%\Certbot\archive\realmofespionage.xyz"
 +
 +"explorer.exe" "%SystemDrive%\www\certbot\certs"
 +
 +"notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf"
 +
 +:: End</code>
 +
 +  "%SystemDrive%\www\scripts\certbot\Renewal-test.bat"
  
 ===== Update ===== ===== Update =====
/srv/www/wiki/data/attic/servers/windows/nginx/lets_encrypt.1740529634.txt.gz · Last modified: by Sean Rhone