Certbot for windows-webroot path

Hi guys,
I don't know where is the path "/.well-known/acme-challenge/".
could you tell me where the path in the windows?

My domain is: bot.gumptech.com.tw

I ran this command: certbot certonly --manual -m [redacted] -d bot.gumptech.com.tw

It produced this output:

My web server is (include version): apache2.4.56

The operating system my web server runs on is (include version): Windows Server 2019 Standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Depends on how you've set up your Apache.

I'd recommend using the --webroot authenticator instead of the manual plugin you're using now. See its documentation at User Guide — Certbot 2.6.0 documentation

5 Likes

Okay, I see.

I have another question.
When I run the command, I should be on the machine where the certificate is being generated, not my local machine, right?

Because the server has a certificate now, but expir on 7/6.
So I want to create a new certificate, but don't want to affect the current use.

pls help me, thanks!

1 Like

For HTTP authentication, yes.

Run "certbot renew"
It will know when to renew the cert.

5 Likes

okay.
So when I run this command , it's just create certificate in the specified path, not renew right now.
Is that so?

Depending on the version of certbot, it may be "smart enough" to notice if there already exists a cert that covers that name [or not].
And depending on such factors, it may create a new, or renew, an existing cert.
When you run it interactively, it will prompt you for input and let you choose your path.

5 Likes

No, it will create the challenge at the specified webroot path, the certificates go into their regular location in /etc/letsencrypt/ (Or C:\certbot on Windows I guess).

5 Likes

Okay,I will try it.
Thanks for your help!

1 Like

Okay,I see.
I will run this command to try. (Certbot User Guide --webroot)
Thanks for your help!

1 Like

Hi Osiris

I tried this command after I had time today, but challenge failed.
Could you help me to fix it?

Attach fail message
It produced this output: It's returning 404.
http://[mydomain].com.tw/.well-known/acme-challenge/kA69FYtRB1AfQXnZEkv891XzM31PsT0Xo8kHbSyfIeM: 404

If you need more some detail message tell me pls.

Hi @rg305

I tried this command after I had time today, but challenge failed.
Command >certbot certonly --webroot -w C:\Certbot -d domain

Could you help me to fix it?

Attach fail message
It produced this output: It's returning 404.
http://[mydomain].com.tw/.well-known/acme-challenge/kA69FYtRB1AfQXnZEkv891XzM31PsT0Xo8kHbSyfIeM: 404

If you need more some detail message tell me pls.

The -w webroot folder should be the same as your DocumentRoot in your Apache config for this domain.

4 Likes

Just specify the path to Apache config?

The config needs to be adjusted?

The apache document root is where your website html files are, if you are using apache.

However, if I browse to http://bot.gumptech.com.tw it's using the Microsoft IIS web server, not Apache. If this choice of web server is intentional (i.e. your website doesn't need to use Apache specifically) I would suggest using https://certifytheweb.com to manage certificates on Windows because it has special integration with IIS. I develop this application, so I'm biased, there are many other tools available.

  • Install the app, follow the instructions from Requesting a Certificate | Certify The Web Docs to get started, assuming your IIS site has the domains correctly set as hostnames in the http bindings it's basically:
    • Click "New Certificate", (you will be prompted to add a contact email for Let's Encrypt account registration)
    • select your IIS site from the dropdown and it will read your website configuration to populate the correct domains to include in the certificate.
    • Click "Request Certificate". If the certificate order and binding updates all succeed, then your website will now also be accessible at https://bot.gumptech.com.tw and the certificate will renew automatically as required.
    • Further support is available at https://community.certifytheweb.com/
5 Likes

I have two servers, one for Web and one for AP.
I need to set up the Web certificate first, which uses Apache.
If so, is Apache config to be adjusted?

If you do want to use Certbot for that, you should look up your DocumentRoot path, and then supply that with the -w option. The -w is not supposed to be a reference to where Certbot itself is installed, but rather to where content is served from by your specific web server.

As long as the Apache server is capable of serving static files from this location, its configuration would not need to be changed.

You might also be able to use the --apache method instead of the --webroot method, although I don't know how reliable --apache is on Windows.

3 Likes

The --apache plug-in is not available on Windows. See point #7 here

5 Likes

DocumentRoot is Apache config file path right?

No, it is not. First, locate the Apache config file that contains the VirtualHost definition for this domain. Look for a line with DocumentRoot that names a folder. This is what the -w folder on the Certbot command line should specify.

https://httpd.apache.org/docs/2.4/mod/core.html#documentroot

5 Likes

Thanks! I forgot that, but I guess I didn't remember cases of people succeeding with it. :slight_smile:

5 Likes