Certbot for windows-webroot path

Okay,thanks!
I will try it.
If I have any questions, I'll come up and ask guys.

The certificate were successfully produced!

I want to change the certificate on Apache, is it to point the Apache config path to my Let's Encrypt?

You use the two SSLCertificate settings in your VirtualHost to point to your certs

For example

SSLCertificateFile    /etc/letsencrypt/live/(cert-name)/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(cert-name)/privkey.pem

Also see:

I have another question.

There are currently three settings on my Apache: SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile

But now that there are only two Mozilla SSL Configuration Generators, do I need to add settings for SSLCertificateChainFile?

Your Apache version shouldn't need this setting.

SSLCertificateFile = fullchain.pem
SSLCertificateKeyFile = privkey.pem

I success change certificate

However I'd like to know how I can make my credentials automatically updated on Windows.
Because I see that writing certbot on the file does not support automatic Windows updates.

Did you do this?:

Yes.
I changed Apache settings and succeeded!

What do those two lines look like in your apache config?

Apache config Path like this:
SSLCertificateFile C:/Certbot/live/bot.gumptech.com.tw/fullchain.pem
SSLCertificateKeyFile C:/Certbot/live/bot.gumptech.com.tw/privkey.pem

Should I provide a configuration other than the path?

That should work.
After each certbot renewal, all you have to do is restart/reload Apache.

Do you mean this setting can be automatically updated after the certificate expire?

If yes,can I schedule Windows so that Apache can restart automatically after certbot auto renewal?

This path should be a symbolic link to the latest certificate:

So, yes, it will point to the new cert once it is renewed.

Yes, but I just schedule Windows to restart once a week and I've had no problems with that.

okay,thank you!

Could I ask you one more question?

Because I have two servers, Apache and IIS, that jump from Apache to IIS.
IIS credentials also need to be replaced.
Do I use Apache's generated certificate to convert them into IIS-available formats for replacement?

This problem has been solved.

I found certbot schedule on Windows.
Looks like a schedule that is automatically generated after certbot is installed.

Should I set this schedule if I want Apache to restart after certbot has finished auto-update?

Certbot should be scheduled to run/check twice a day.
You should NOT need to restart Apache that often [only when the cert is actually renewed].

I'm pretty sure Certbot has some sort of basic hooks mechanism where it can run a script on renewal. Welcome to the Certbot documentation! — Certbot 2.6.0 documentation

Regarding IIS you need to convert the certificate component files to PFX, this is typically done using an openssl command, then you need to store it in the computer certificate store and update your IIS binding. You may be able to script that, maybe not.

For anyone else trying to achieve the same thing in the future, despite my obvious bias, I still think my suggestion to use Certify The Web is the better option because it outputs PFX, it can auto configure IIS, it can output apache compatible files, and it can restart Apache on renewal. You could even just use certbot for Apache and CTW for IIS. Having both on the same server is a little unusual though.

Both sharing port 80?
I don't see that happening anytime soon.
I also don't see any mention of IIS running [even though the title mentions Windows], so that may be off topic.

I have wondered about this combination as well