| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| servers:windows:nginx:lets_encrypt [2025/10/02 17:24] – [Test Renewal] Sean Rhone | servers:windows:nginx:lets_encrypt [2025/12/14 16:32] (current) – [Python] Sean Rhone |
|---|
| ===== Prerequisites ===== | ===== Prerequisites ===== |
| |
| * [[windows;11_ltsc_server|Windows 11 (24H2)]] | * [[windows;10|Windows 10 (21H2)]] |
| * [[servers;windows;nginx_php_php-cgi|nginx]] | * [[servers;windows;nginx_php_php-cgi|nginx]] |
| |
| |
| * https://www.python.org/downloads/windows/ | * https://www.python.org/downloads/windows/ |
| * Last tested: ''python-3.13.7-amd64.exe'' | * https://www.python.org/ftp/python/3.14.2/python-3.14.2-amd64.exe |
| | * Last tested: ''python-3.14.2-amd64.exe'' |
| |
| * Install ''pip'' | * Install ''pip'' ((nothing else (admin, PATH, etc) is required and can be unchecked)) |
| |
| ===== Certbot ===== | ===== Certbot ===== |
| **** | **** |
| |
| "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install "certbot" | "%LocalAppData%\Programs\Python\Python314\Scripts\pip.exe" install "certbot" |
| | |
| ==== Update ==== | |
| | |
| **** | |
| | |
| "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install --upgrade "certbot" | |
| |
| ====== Settings ====== | ====== Settings ====== |
| |
| <code> | <code> |
| verbose = true | verbose = "true" |
| text = true | text = "true" |
| non-interactive = true | non-interactive = "true" |
| standalone = true | standalone = "true" |
| force-renewal = true | force-renewal = "true" |
| agree-tos = true | agree-tos = "true" |
| |
| ################################################## | ################################################## |
| ################################################## | ################################################## |
| |
| no-eff-email = true | no-eff-email = "true" |
| |
| rsa-key-size = 4096 | rsa-key-size = "4096" |
| redirect = true | redirect = "true" |
| hsts = true | hsts = "true" |
| uir = true | uir = "true" |
| staple-ocsp = false | staple-ocsp = "false" |
| |
| domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz | domains = "realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz" |
| |
| # End</code> | # End</code> |
| ====== Obtain Certs Test ====== | ====== Obtain Certs Test ====== |
| |
| * :!: Admin Command Prompt | "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python314\python.exe" protocol="tcp" localport="80" |
| |
| "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" | "%LocalAppData%\Programs\Python\Python314\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run |
| | |
| "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --dry-run | |
| |
| "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" | "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" |
| |
| ====== Scripts ====== | ====== Scripts ====== |
| |
| * :!: 2025/03/15: TODO: Certbot needs admin for symlinks; possibly needs different scripting ((new certs filenames add #; tar archives, remove it, pull-in new certs; test with --test-certs)), and updated for temp firewall rule | |
| |
| MKDIR "%SystemDrive%\www\scripts\certbot" | MKDIR "%SystemDrive%\www\scripts\certbot" |
| |
| explorer "%SystemDrive%\www\scripts\certbot" | "explorer.exe" "%SystemDrive%\www\scripts\certbot" |
| |
| ===== Renewal ===== | ===== Renewal ===== |
| |
| notepad "%SystemDrive%\www\scripts\certbot\Renewal.bat" | "notepad.exe" "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| |
| <code> | <code> |
| :: Stop nginx | @echo off |
| CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" | |
| |
| :: Renew Certs | CALL "%SystemDrive%\www\scripts\certbot\Update.bat" |
| "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet | |
| |
| :: Start nginx | |
| CALL "%SystemDrive%\www\scripts\nginx\Start.bat" | |
| |
| :: End</code> | |
| |
| "%SystemDrive%\www\scripts\certbot\Renewal.bat" | |
| |
| ==== Test Renewal ==== | |
| |
| * 2025/10/02: Works fine | |
| * TODO: ''sudo'' enable | |
| |
| "notepad.exe" "%SystemDrive%\www\scripts\certbot\Renewal-test.bat" | |
| |
| <code> | |
| :: Stop nginx | |
| CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" | CALL "%SystemDrive%\www\scripts\nginx\Stop.bat" |
| |
| :: Renew Certs | "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python314\python.exe" protocol="tcp" localport="80" |
| sudo --disable-input "netsh.exe" advfirewall firewall add rule name="Certbot (Standalone)" dir="in" action="allow" program="%LocalAppData%\Programs\Python\Python313\python.exe" protocol="tcp" localport="80" | "%LocalAppData%\Programs\Python\Python314\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet |
| | "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" |
| sudo --disable-input "%LocalAppData%\Programs\Python\Python313\Scripts\certbot.exe" "certonly" --config "%SystemDrive%\www\certbot\cli-custom.ini" --quiet | |
| | |
| sudo --disable-input "netsh.exe" advfirewall firewall delete rule name="Certbot (Standalone)" | |
| | |
| :: Copy/Update Certs | |
| "explorer.exe" "%SystemDrive%\Certbot\archive\realmofespionage.xyz" | |
| "explorer.exe" "%SystemDrive%\www\certbot\certs" | |
| | |
| "notepad.exe" "%SystemDrive%\www\nginx\conf.d\ssl.conf" | |
| |
| :: Start nginx | |
| CALL "%SystemDrive%\www\scripts\nginx\Start.bat" | CALL "%SystemDrive%\www\scripts\nginx\Start.bat" |
| |
| :: End</code> | :: End</code> |
| |
| "%SystemDrive%\www\scripts\certbot\Renewal-test.bat" | "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| |
| ===== Update ===== | ===== Update ===== |
| |
| notepad "%SystemDrive%\www\scripts\certbot\Update.bat" | "notepad.exe" "%SystemDrive%\www\scripts\certbot\Update.bat" |
| |
| <code> | <code> |
| :: Update pip | @echo off |
| "%LocalAppData%\Programs\Python\Python313\python.exe" -m "pip" install --upgrade "pip" --quiet | |
| |
| :: Update Certbot | "%LocalAppData%\Programs\Python\Python314\python.exe" -m "pip" install --upgrade "pip" --quiet |
| "%LocalAppData%\Programs\Python\Python313\Scripts\pip.exe" install --upgrade "certbot" --quiet | |
| | "%LocalAppData%\Programs\Python\Python314\Scripts\pip.exe" install --upgrade "certbot" --quiet |
| |
| :: End</code> | :: End</code> |
| "%SystemDrive%\www\scripts\certbot\Update.bat" | "%SystemDrive%\www\scripts\certbot\Update.bat" |
| |
| ====== Shortcuts ====== | ====== Task Scheduler ====== |
| |
| ===== Desktop ===== | **** |
| |
| * Right-click Desktop -> New -> Shortcut | taskschd.msc |
| |
| ==== Renewal ==== | ===== Renewal ===== |
| |
| "%SystemDrive%\www\scripts\certbot\Renewal.bat" | * Weekly -> Recur every ''1'' weeks on ''Sunday'' |
| | * ''7:00:00 AM'' |
| |
| Certbot Renewal | Certbot Renewal |
| | |
| | "%SystemDrive%\www\scripts\certbot\Renewal.bat" |
| |
