I ran this command:
certbot certonly --csr C:\Certbot\live\helpmecpos.com\ScreenConnectCertSignRequest.csr
It produced this output:
Server issued certificate; certificate written to C:\Windows\system32\0000_cert.pem
Cert chain written to 7
Cert chain written to 8
e[1m
IMPORTANT NOTES:
e[0m - Congratulations! Your certificate and chain have been saved at:
C:\Windows\system32\0001_chain.pem
My web server is (include version):
The operating system my web server runs on is (include version): windows
My hosting provider, if applicable, is: localhost
I can login to a root shell on my machine (yes or no, or I don’t know): yes, powershell
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.8.0
Penny for your thoughts on this one. Could just be my lack of familiarity with the windows setup. I’d love to know why this happened for future reference.
Are there any environment variables set to c:\windows\syswow64 ?
Use this to show them (within a cmd prompt): set
OR
look in the “System Properties” “Environment Variables”
When you run Certbot with --csr it defaults to writing the certificate to the current working directory of your shell which I suspect is the cause of the behavior here. You can change this by setting flags like --fullchain-path.
If Certbot is a 32-bit application, the directory that it sees as system32 is the same directory that 64-bit applications see as syswow64. That is to say, your hard drive (among other resources like the registry) looks different depending on whether you look at it from a 32-bit application or a 64-bit application. (And yes, the 64-bit-only one has "32" in the name when viewed from 64-bit while the 32-bit-only one has "64" in the name when viewed from 64-bit. Hey, I didn't design it.)
While I do think we can say Certbot's behavior here is due to the somewhat strange behavior on Windows, it'd certainly be nice if we could find a workaround.
I think this issue is an edge case and probably not something we'll be able to get to anytime soon, but I created https://github.com/certbot/certbot/issues/8315 for us to look into what we can reasonably do to improve things here on our end.