Apache2.4 on Windows - i search a auto renew script

Help
1

how can i auto renew the letsEncrypt-pem files on Apache2.4 / Windows

ThanX for informations :slight_smile:

What i did since now:

1, Download der setup-files from https://certbot.eff.org/lets-encrypt/windows-apache

2, Installed as Admin

3, CMD as Admin

4, shut down Webserver

5, C:\WINDOWS\system32> certbot certonly –standalone Domain www.wavi.at

6, ..this creates in folder Certbot live / www.wavi.at / the pem files

7, Apache:

8, httpd.conf -> LoadModule ssl_module modules/mod_ssl.so

9, httpd-ssl.conf ->

SSLCertificateFile "C:\Certbot\live\www.wavi.at\cert.pem"

SSLCertificateKeyFile "C:\Certbot\live\www.wavi.at\privkey.pem"

10 Starting Webserver .. everything is OK

1 Like
2

Welcome to the Let's Encrypt Community, Erich :slightly_smiling_face:

Try running the following and let us know what happens:
certbot --cert-name www.wavi.at --apache -d "www.wavi.at,wavi.at"

1 Like
3

If the command above works correctly, you should be setup for autorenewal. You can then easily test your renewal with:
certbot renew --cert-name www.wavi.at

1 Like
4

Hello @erich.wanker and @griffin
My take on the OP is asking for auto renew information. Cert is already in place and valid until January 5, 2021.

As far as the auto renew question...

The Certbot installation on your system comes with a pre-installed Scheduled Task that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running the command

C:\WINDOWS\system32> certbot renew --dry-run

Test automatic renewal

Hope this helps

2 Likes
5

@Rip

Appreciate the thought, but @erich.wanker set himself up for disaster by using --standalone without specifying hooks to stop and start apache. Adding those hooks would still be not be good because it would unnecessarily complicate the process.

1 Like
6

@erich.wanker

The command I had you run with --apache will acquire another new certificate for you. The reason I had you run that command was to update the renewal configuration for your certificate so that you don't run into trouble with --standalone. @Rip made a good point about testing your renewal.

Use the following command if you want to test your renewal:
certbot renew --cert-name www.wavi.at --dry-run

Use the following command if you want to manually renew (without hurting your autorenewal):
certbot renew --cert-name www.wavi.at

1 Like
7

You are correct OP has manually stopped and restarted the webserver.

So this approach would certainly fall short of a fully automated solution.

2 Likes
8

I'm just amazed that Erich managed to go this more complicated route right at the beginning and succeed. Most who are new to certbot would not have had the foresight to actually stop apache and many if not most would forget to start apache afterwards. Bravo for @erich.wanker for a thorough beginning!

2 Likes
9

@erich.wanker

I also noticed a couple of issues with your redirects. You want to redirect only to www.wavi.at using 301 redirects not 302 redirects.

Screenshot_20201020-115422_Samsung Internet

Screenshot_20201020-115520_Samsung Internet

1 Like
10

Complete Certificate History

1 Like
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.