Certbot Configuration

I’m posting here, because there doesn’t seem to be any other appropriate category.
I actually want ‘Help’; however the help I need is unrelated to any domains.
It seems presumptious to post a ‘Feature request’; perhaps the feature already exists, but I can’t find it.
I’m told if I’ve a problem with ‘certbot’, to ask for ‘Help’; ‘Client dev’ isn’t the right place!
So, here goes: I’m baffled that I apparently have to tell certbot every time I run it, where its configuration file is (certbot -c cli.ini etc etc). Is there no way to make certbot read that file when it runs, as a matter of course?
Help, please! TIA.

1 Like

Hi @AdrianK_IT

see https://certbot.eff.org/docs/using.html#configuration-file

By default, the following locations are searched:

  • /etc/letsencrypt/cli.ini
  • $XDG_CONFIG_HOME/letsencrypt/cli.ini (or ~/.config/letsencrypt/cli.ini if $XDG_CONFIG_HOME is not set).

If your cli.ini is in /etc/letsencrypt, it should be used.

PS: That’s a question about using a client / creating a certificate. So #help is the correct place, ,that’s not a #site-feedback

2 Likes

a. I was providing some site feedback - pointing out that the forum is a procrustean bed, forcing people asking for ‘Help’ to provide reams of details that may be irrelevant to the help required.
b. Can I configure certbot to search in non-default locations, please?
c. What would be the equivalent default locations on a Windows system, please? My Certbot install in in N:\apps\Certbot.

I think that’s probably the purpose of C:\Certbot\cli.ini. You can nominate a different logs, configuration and work directory using that file.

Good question!

I think you should probably ask about this on the Certbot issue tracker as well. cli.ini being loaded from XDG_CONFIG_HOME but not from somewhere equivalent on Windows seems like an oversight. Certbot for Windows is pretty new so it’s good to direct feedback and stumbling points like this to the developers.

And this is a reason why you should have posted your question in the Help section initially, including the questionnaire: then we’d already know you’re using Windows in stead of *nix. The questionnaire exists to prevent the Community volunteers to spend unnecessary time and effort to explore the exact circumstances around the question, which would have been presented in the questionnaire.

Thanks, @_az, for providing the clue to the solution to my problem (tho’ I must point out that, logically, it cannot be the case that (one of) the purposes of cli.ini is to tell you where to find cli.ini!).

For others who may have this issue (since the Windows installer does permit installation to non-standard locations), you need to edit the ‘WINDOWS_DEFAULT_FOLDERS’ section in the file (Drive:\pathto)Certbot\pkgs\certbot\compat\misc.py.

Mine now looks like this:

WINDOWS_DEFAULT_FOLDERS = {
    'config': 'N:\\apps\\Certbot',
    'work': 'N:\\apps\\Certbot\\lib',
    'logs': 'N:\\apps\\Certbot\\log',
}

so I no longer need to quote -c cli.ini on every launch of certbot, and other settings in my cli.ini file are being observed.

Thanks again for you help; much appreciated.

This modification is probably removed when certbot is updated.

May I respectfully point out to you, that nowhere in the ‘Help’ questionnaire are you asked, what OS are you running certbot on!

So even if I had completed all the irrelevant questions required to get help (why does the forum assume people asking for help already have even a domain, let alone a Let’sEncrypt certificate for it, for example?!) this fact may not have emerged.

Of course, if I had just been able to make a simple request for help, I would probably have told the forum that I’m trying to run certbot on a Windows system in certonly, manual, dns challenge mode.

Where that certificate might be deployed is not relevant!

Why is it, that when newbies come up with some constructive criticism of the way a forum operates, it’s always brushed off, as if they are still wet behind the ears?

There is a problem with your ‘Help’ section, and the forum needs to thinks about it!

PS My inside leg measurement is 33".

And I’ll re-instate it!

Well, perhaps not this question literally, but it does ask the following:

The operating system my web server runs on is (include version):

I admit this can be a different system than where certbot runs, but it does ask for an OS :wink:

Perhaps the questionnaire needs to be augmented to include the OS of the client separately of the webserver. However, I think it doesn’t occur that often and would make the questionnaire longer/too elaborate.

You’re right, which is why on Linux, Certbot also searches in multiple well-known locations on the system for the file. There should be an equivalent behavior for Windows, it’s just that there isn’t. I’ve filed an issue for that now.

As pointed out already, modifying the paths in the source code is going to get wiped out any time you update the program.