Created certificate but it isn't in directory

Certbot says it created the file but it isn’t here… I also tried with a path in C:\Certbot and get Access is Denied with that one.

My domain is: helpmecpos.com

I ran this command:
certbot certonly --csr C:\Certbot\live\helpmecpos.com\ScreenConnectCertSignRequest.csr

It produced this output:
Server issued certificate; certificate written to C:\Windows\system32\0000_cert.pem
Cert chain written to 7
Cert chain written to 8
e[1m
IMPORTANT NOTES:
e[0m - Congratulations! Your certificate and chain have been saved at:
C:\Windows\system32\0001_chain.pem

My web server is (include version):

The operating system my web server runs on is (include version): windows

My hosting provider, if applicable, is: localhost

I can login to a root shell on my machine (yes or no, or I don’t know): yes, powershell

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.8.0

2 Likes

issue resolved
apparently windows instead put the file in
c:\windows\syswow64
weird.

3 Likes

Hi @mbc

thanks reporting back. :+1:

Good to know!

2 Likes

That looks weird to me too.

@bmw

Penny for your thoughts on this one. Could just be my lack of familiarity with the windows setup. I’d love to know why this happened for future reference.

1 Like

Are there any environment variables set to c:\windows\syswow64 ?
Use this to show them (within a cmd prompt):
set
OR
look in the “System Properties” “Environment Variables”
image

That’s not required.

If I know it correct, the 32-bit programs use that directory instead of the original system32.

The names are now curious - system32 is something like systemstandard.

So it’s a general windows thing, not a special Certbot configuration.

1 Like

You may be right:

It may be a 32 bit app running in a 64 bit system…

But why would it save anything in the c:\windows\syswow64 folder?

2 Likes

When you run Certbot with --csr it defaults to writing the certificate to the current working directory of your shell which I suspect is the cause of the behavior here. You can change this by setting flags like --fullchain-path.

2 Likes

But even so, this is weird, right? OP found his/hers cert in c:\windows\syswow64, but certbot said it put the files in C:\Windows\system32?

2 Likes

If Certbot is a 32-bit application, the directory that it sees as system32 is the same directory that 64-bit applications see as syswow64. That is to say, your hard drive (among other resources like the registry) looks different depending on whether you look at it from a 32-bit application or a 64-bit application. (And yes, the 64-bit-only one has "32" in the name when viewed from 64-bit while the 32-bit-only one has "64" in the name when viewed from 64-bit. Hey, I didn't design it.)

4 Likes

Thanks for flagging that the directory name changed @Osiris. I missed that.

Thanks also for that explanation @petercooperjr. Certbot on Windows is indeed a 32-bit application.

3 Likes

So in the end we can blame the guys and girls at Microsoft? Good enough for me :stuck_out_tongue:

1 Like

While I do think we can say Certbot's behavior here is due to the somewhat strange behavior on Windows, it'd certainly be nice if we could find a workaround.

I think this issue is an edge case and probably not something we'll be able to get to anytime soon, but I created https://github.com/certbot/certbot/issues/8315 for us to look into what we can reasonably do to improve things here on our end.

4 Likes