Certbot for Windows - Plugin Support / Nginx Support

I would like to use Certbot for Windows for a wildcard certificate. I also use Nginx for Windows. I'm curious is there a beta version of Certbot that lets me use DNS plugins and Update Nginx for Windows? If not, whats the likely timeframe when these two features will be available?

I don't mind doing things manually for a few months or so.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

At present, certbot can acquire a certificate using Nginx for Windows, but those are for http-01 challenges (that use authentication files), which (at present) cannot be used for a wildcard certificate. You can still acquire a wildcard certificate with certbot using the manual plugin and we are happy to help you do so. For which domains and/or subdomains do you want a certificate?

1 Like

Thanks for the quick response. Is it possible for me to automate the manual plugin with the help of a Powershell script and Windows scheduler? As long as I can instigate the creation/update of my wildcard ssl xxxxx.crt & xxxxx.key files for Nginx by running a command, I can have my script do the rest.

2 Likes

Possibly. To be honest with you though, until certbot matures a bit more for Windows (I can assure you that progress is being made), you might want to just use one of the other Windows ACME clients. These two are quite popular (and their developers are frequent contributors to this community):


If you choose either of those two and run into any trouble, I'll put you in touch with the developer directly. :grin:

1 Like

Hi @mkanet,

Are the scripts you're proposing to write able to make DNS updates from software, or do you need an existing Certbot DNS plugin to be ported to Windows as well?

2 Likes

If you are using DNS because you have to: Issuing wildcard certs
Then you are probably best served by not trying to reinvent a rather difficult and already working one.

To me, this sounds like your best option (at this time):

If you happen to NOT need wildcard certs OR you could just get your certs via HTTP authentication, then there are other options.
[given: There are other reasons why you would need to use DNS auth - but there is no need to list them all here]

So I leave you with that one question: Do you require using DNS auth?

1 Like

Keep in mind that certbot at present has NO installers for Apache, Nginx, or even IIS for Windows...

No installer plugins are supported. The Apache and Nginx plugins will be available soon, and a plugin to install certificates into IIS is under development.

https://certbot.eff.org/lets-encrypt/windows-apache

1 Like

Just so people don't wonder where @mkanet went, they posted a help issue on the Posh-ACME github and I'm helping work through the process of getting a wildcard cert via Posh-ACME and the acme-dns plugin.

4 Likes

@griffin @rg305 thank you for the recommendation for Posh-ACME. You were right. Posh-ACME seems best suited for me since I'm comfortable using PowerShell. The developer is extremely helpful in helping me create wildcard certificates. It really amazing how helpful and friendly everyone is in these communities. Thank you very much for all your time.

3 Likes

I'm happy that all has progressed nicely. :slightly_smiling_face:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.