| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| servers:windows:nginx:lets_encrypt [2025/08/05 21:53] – [Test Renewal] Sean Rhone | servers:windows:nginx:lets_encrypt [2025/10/07 01:08] (current) – [Python] Sean Rhone |
|---|
| ===== Prerequisites ===== | ===== Prerequisites ===== |
| |
| * [[windows:10|Windows 10 (21H2)]] | * [[windows;11_ltsc_server|Windows 11 (24H2)]] |
| * [[servers;windows;nginx_php_php-cgi|nginx]] | * [[servers;windows;nginx_php_php-cgi|nginx]] |
| |
| |
| * https://www.python.org/downloads/windows/ | * https://www.python.org/downloads/windows/ |
| * Last tested: ''python-3.13.5-amd64.exe'' | * Last tested: ''python-3.13.7-amd64.exe'' |
| |
| * Install ''pip'' | * Install ''pip'' ((nothing else (admin, PATH, etc) is required and can be unchecked)) |
| |
| ===== Certbot ===== | ===== Certbot ===== |
| |
| "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install "certbot" | "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install "certbot" |
| |
| ==== Update ==== | |
| |
| **** | |
| |
| "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install --upgrade "certbot" | |
| |
| ====== Settings ====== | ====== Settings ====== |
| agree-tos = true | agree-tos = true |
| |
| ########## | ################################################## |
| #CHANGEME# | |
| ########## | |
| email = espionage724@x | email = espionage724@x |
| | ################################################## |
| ########## | |
| #CHANGEME# | |
| ########## | |
| |
| no-eff-email = true | no-eff-email = true |
| staple-ocsp = false | staple-ocsp = false |
| |
| domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz | domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz |
| |
| # End</code> | # End</code> |
| |
| ====== Obtain Certs Test ====== | ====== Obtain Certs Test ====== |
| | |
| | * :!: Admin Command Prompt |
| |
| "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" | "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" |
| |
| ====== Scripts ====== | ====== Scripts ====== |
| |
| * :!: 2025/03/15: TODO: Certbot needs admin for symlinks; possibly needs different scripting ((new certs filenames add #; tar archives, remove it, pull-in new certs; test with --test-certs)), and updated for temp firewall rule | |
| |
| MKDIR "%SystemDrive%\www\scripts\certbot" | MKDIR "%SystemDrive%\www\scripts\certbot" |
| |
| explorer "%SystemDrive%\www\scripts\certbot" | "explorer.exe" "%SystemDrive%\www\scripts\certbot" |
| |
| ===== Renewal ===== | ===== Renewal ===== |
| |
| notepad "%SystemDrive%\www\scripts\certbot\Renewal.bat" | "notepad.exe" "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| |
| <code> | <code> |
| | @echo off |
| | |
| | :: Update Certbot |
| | CALL "%SystemDrive%\www\scripts\certbot\Update.bat" |
| | |
| :: Stop nginx | :: Stop nginx |
| CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" | CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" |
| |
| :: Renew Certs | :: Renew Certs |
| "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet | sudo --disable-input "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" |
| |
| :: Start nginx | sudo --disable-input "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet |
| CALL "%SystemDrive%\www\scripts\nginx\Start.bat" | |
| |
| :: End</code> | sudo --disable-input "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" |
| | |
| "%SystemDrive%\www\scripts\certbot\Renewal.bat" | |
| | |
| ==== Test Renewal ==== | |
| | |
| * 2025/08/05: Works fine | |
| | |
| "notepad.exe" "%SystemDrive%\www\scripts\certbot\Renewal-test.bat" | |
| | |
| <code> | |
| :: Stop nginx | |
| CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" | |
| | |
| :: Renew Certs | |
| "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" | |
| "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet | |
| "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" | |
| |
| | :: Copy/Update Certs |
| "explorer.exe" "%SystemDrive%\Certbot\archive\realmofespionage.xyz" | "explorer.exe" "%SystemDrive%\Certbot\archive\realmofespionage.xyz" |
| |
| "explorer.exe" "%SystemDrive%\www\certbot\certs" | "explorer.exe" "%SystemDrive%\www\certbot\certs" |
| |
| "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf" | "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf" |
| | |
| | :: Start nginx |
| | CALL "%SystemDrive%\www\scripts\nginx\Start.bat" |
| |
| :: End</code> | :: End</code> |
| |
| "%SystemDrive%\www\scripts\certbot\Renewal-test.bat" | "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| |
| ===== Update ===== | ===== Update ===== |
| |
| notepad "%SystemDrive%\www\scripts\certbot\Update.bat" | "notepad.exe" "%SystemDrive%\www\scripts\certbot\Update.bat" |
| |
| <code> | <code> |
| | @echo off |
| | |
| :: Update pip | :: Update pip |
| "%LocalAppData%\Programs\Python\Python313\python.exe" -m "pip" install --upgrade "pip" --quiet | "%LocalAppData%\Programs\Python\Python313\python.exe" -m "pip" install --upgrade "pip" --quiet |
| |
| ===== Desktop ===== | ===== Desktop ===== |
| |
| * Right-click Desktop -> New -> Shortcut | |
| |
| ==== Renewal ==== | ==== Renewal ==== |
