Certbot Renew Task -Windows Setting

I already have Certbot installed in my Windows OS, so it automatically generated a task called Certbot Renew Task in Windows Task Scheduler.

I want to automatically update my certificate and auto restart my Apache to enable them.
Should I change the Certbot Renew Task? Or should I re-establish a new task

My web server is (include version): apache2.4.56

The operating system my web server runs on is (include version): Windows Server 2019 Standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

If you want to change things so Certbot automatically reloads Apache after a renewal, you don't need to create a new Scheduled Task to do that.

Instead, you can tell Certbot to restart Apache2 for you using the certbot reconfigure command. Something like:

certbot reconfigure --cert-name example.com --deploy-hook "service.exe restart apache2.4"

(or whatever the appropriate command is on your Windows installation).

Your normal renewal process, initiated by the existing Scheduled Task, will invoke this for you.

image629×509 9.69 KB

The yellow line is certbot auto renew command, so I should add the command you told me about right?

certbot reconfigure --cert-name example.com --deploy-hook "service.exe restart apache2.4"

And I want to change this option to "Execute whether user login or not" like yellow line part,but I can't change this option because the option is disable I can't choose.

Should I change the update time?
image is the default update time for certbot after installation.

The certbot reconfigure command is a once-off command to run, in a terminal. It tells Certbot to restart Apache whenever the certificate renews, and it will remember to always do this in future.

You don't need to modify the scheduled task or create a new one.

okay, I got it.

I want to enable the Certbot Renew Task without the user logging in.

But the "security option" is now selected "only if the user logs in", which is installing the option selected by certbot default I can't modify it.

Is that permission too low? So I can't edit "security option"?
But now I'm logged in already Administrator.

could anybody help me?

I'm not aware of any way that this can be achieved. There is some discussion about this issue here.

okay, thank you so much

You may want to switch to a different ACME client that's specifically designed for Windows. I know that both win-acme and Certify the Web have instructions for integrating with Apache on Windows.

I need to switch to win-acme?

Because I'm only one step away from completing the automatic update, this step is to re-enable apache after certbot update is complete and re-read the credential information

I don't know as you need to; I was just suggesting that if you didn't like how Certbot integrated with Windows, you might want to try some other clients to see if you preferred one of them.

okay~

If I choose win-acme do I need to reinstall the certificate ,because it is another certificate generation tool?

If you're going to switch to win-acme, I would recommend uninstalling certbot, installing win-acme, and then just configuring win-acme as needed (which would probably issue a new certificate for your server, yeah). I haven't personally used win-acme (or certbot on Windows, for that matter), so I don't know if other people here with more experience would have better advice on how to transition between them.

I think I'd still use certbot first.
Because it's only one step away from a full update.
If it really doesn't work, I'll change to win-acme again.
Thank you for your advice

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.