Has anyone worked at building a Windows Docker Container with the Windows version of Certbot? Any pointers or references would be most appreciated
This is kinda pointless from where I’m standing.
There are ACME clients that run natively on windows (probably even certbot).
And I’m quite confident the certbot docker container runs fine on a windows host.
I can’t quite figure out if that is just meant as rude or as an all-knowing answer so I am not really sure how to reply here
I’m just trying to understand what you’re trying to achieve, so I can understand your needs and your question.
Releasing a script that inspects a Windows Application Proxy configuration and generates certificates using cerbot via a Windows docker container so that I can run it on Windows Server 2016 would be very helpful to me. I have the local infrastructure for docker and so testing and updates to the script are easy to deploy
Does this work for you? https://hub.docker.com/r/certbot/certbot/
You have alternatives, though: there are acme clients – certbot alternatives – that run natively on window, maybe some are in powershell already.
Those images are based on Linux - this particular script will need to be able to run as a Windows based docker container.
Powershell for updating the web application proxies / sso / vpn type services make the Linux container difficult - tried it in the past but just recently discovered certbot officially released Windows support so I would like to fix our issues using it
Yeah… and docker on Windows should have no issues running them (at least the development edition, it comes with a full linux VM)
In theory the concept is great. That concept was what I tried initially some time ago. I am sure newer versions have made strides but it was clunky the last time I tried and so it was scrapped.
It would be better as a Windows container for powershell that contains the certbot binary for running webroot instead of running multiple containers and an additional vm in a vm on hyperv for this particular task. Why are you so against a windows based container? I don’t understand
I’m not, it’s just really unusual.
You have to remotely connect to different windows instances and copy certificates into their certificate store. It isn’t easy from a Linux environment
If you have an example to the contrary I would really appreciate seeing it
@ggg Certbot is Python based and should run fine on Windows, are you sure you just can’t use the certbot Docker container, even if its OS is linux @ Docker Hub?
There is an official release of certbot for Windows. I have no doubt it works well on Windows.
I was just hoping for some feedback from someone who had used it in a Windows based Docker container. I appreciate all of the feedback about how I could make it work. I was just interested in this particular way for simplicity of implementation. You also cannot use the Linux container on Windows Server 2016 from what I can tell. It is also difficult to work powershell into the equation that way
It’s an interesting prospect, but probably an unexplored one so far, as Certbot for Windows itself is quite new.
Since the Certbot installer is based on NSIS, you might be able to run the installer silently (https://nsis.sourceforge.io/Docs/Chapter3.html#installerusagecommon) inside a
nanoserver container, and with
C:\Certbot mounted as a volume somewhere on the host system, so that you can copy/deploy and renew the certificates on an ongoing basis.
Don’t really know if anybody has tried it before, sorry!