How am I supposed, for God's sake, to get let's encrypt's certificates using Windows, without setting up a web server?

Seems literally impossible. Let’s encrypt pages basically just skips you to certbot’s website and apparently assumes everyone is out there hosting a web page to start with. Certbot’s documentation is absolutely the worst I’ve ever read, unless I missed it real bad, there it doesn’t explain anywhere how you go about getting a standalone certificate. Like let’s encrypt’s webpage, every instruction assumes you’re hosting a website. Anyhow, I couldn’t set certbot running in Windows after all, so it wouldn’t make any difference

I’m not hosting a web site, I just need the certificates to encrypt a remote connection to my PC (the application I’ll be using provides automatic configuration, as long as I have the certificates somewhere in my PC). How come everywhere I in certbot’s and LE’s page it’s assumed you’re doing exactly that: hosting a website. There are several other uses for an SSL certificate, you can use it with many apps unrelated to webhosting, just think of how may apps provide a web UI that have nothing to do with that.

I really don’t believe the only way to set this thing up is by using a webserver.

1 Like

You don’t technically need a web server setup. If you have a domain registered with DNS server controlled by the registrar, you can create certificates via a DNS challenge by adding DNS TXT records via your registrar’s website. You need to generate a certificate signing request with its corresponding private key then use an acme client (like the one on my website) to work through the process to get your certificate. You just don’t have a webserver on which to install the certificate and private key once your finished, but that can come later.

Upon further reading your post, why do you need a signed certificate? Just generate a self-signed certificate and use it.

1 Like

Yes, that's how the plugin you require is called :grin:

This is also explained quite well on the Certbot website if you choose "Windows" as OS and "None of the above" as webserver, which also includes no webserver: https://certbot.eff.org/lets-encrypt/windows-other

1 Like

Hi @ezxpro

there is no Letsencrypt certificate required.

Use a self signed, that's enough.

PS: Every Windows PC has a self signed that can be used with Remote support. No Letsencrypt certificate is required to use that.

2 Likes

Won't these make messages pop up, saying the site is not secure?
Because that's not desirable. I'm going to share the connection with some people, especially at college and I don't want those messages popping up. I'm afraid not everyone will known how to add an exception to their browser to be able to access the address, especially considering some browsers effectively block you from accessing sites with unsigned certificates.

Can you please tell me more about that?

1 Like

I normally use Let’s Encrypt on Linux systems, but I have one Windows system using Certify the web, it can integrate with the API of various DNS providers (I use Cloudflare) and automate renewal with the DNS-01 challenge. That might work for you.

2 Likes

Well, I honestly think I was kinda lost, as I didn’t find these on my own. In fact, I was quite a bit stressed already with this thing, maybe that’s why.
Thanks for the help, I’ll take a look into these.

2 Likes

You have never used RDP.

Please use it one time.

That's not a browser exception.

PS: I use RDP daily. But I've never checked how it works using a Letsencrypt certificate. Too critical to create an error, in the end nothing works.

The standard self signed certificate works always.

1 Like

Ok, but I’m not sure I’m getting your point. Isn’t RDP used for remote access? That’s not what I’m trying to do here, if that’s the case. I want to set access to services running on my computer using webUIs, like Calibre content server, for example.

One usage for that, for example, is that I’m often sharing ebooks and documents with people from college. It’s a huge pain to have search and send books to people everytime. With the content server running, I can just phone home and tell someone to turn the computer on and the content will be available to anyone with the link.

EDIT:
In other words, I already have a library fully organised at home. People can easily pick what they need that way.

1 Like

That's not RDP.

Then you have regular https services.

Then you can always use Certbot or another client with something like standalone. Or add a simple webserver.

You must have a working port 80 to validate your certificate. Please start with the basics:

1 Like

Yeah, that’s what I meant right from the beginning. I’ll try it once more, it’s been 10 hours since I began trying to get this damn certificate, if it doesn’t work I’ll just pay for everything. When they say getting a let’s encrypt certificate takes just 3 minutes, that definitely doesn’t conform with reality, unless you use one service that has built-in support for it.

2 Likes

I totally agree certificates can be pretty difficult, especially with the added complication of domain validation and all the different ways they can be used.

I develop https://certifytheweb.com and I’m happy to give you some guidance on getting started, just email support at certifytheweb.com and reference this thread, I’ll see if I can make a few suggestions to get you up and running.

1 Like

They probably have timed that (not in reality I hope :stuck_out_tongue:) for Linux systems. With Windows, it probably takes some more time because you've got the installer thingy and such.

That said, it should be quite easy though. As pointed out previously, you'd want to need the standalone plugin, which will spin up a temporary webserver for you to make the challenge. I've asked the developers to clear up any misunderstanding on the certbot installation guide.

2 Likes

It doesn't include the caveat of the time it can take to install, configure, debug, and maintain the client, which is almost always the largest time spent (along with fixing/modifying your configuration to allow the challenge verifications). I guess that's why I prefer dns challenges instead of http. The dns server always works regardless of my hosting setup.

1 Like

I eventually got it working via DNS challenge. Having other types of problem now…

2 Likes

I too find using DNS challenges to be a great workaround. There’s usually still the matter of getting the certificate and private key installed correctly, which is a different animal (i.e. the elephant in the room).

1 Like

Yeah, that animal I'm trying to deal with. One of the apps I'm using got it right straight away. I pointed to the cert and to the key and it magically works.

Plex and Calibre, however, didn't. I'll try to sort it out later.

2 Likes

By the way I just found out that once I run the webserver with SSL on, I can no longer access the address without manually typing https:// before it. I would be redirected automatically. Is this something I can work around on my own or is it something that has to be implemented by the webUI software I’m using?

1 Like

So the redirect from http to https is broken now?

There’s probably a directive in place to only serve secure content.

1 Like

With Calibre it looks like once you configure the the ssl cert file/key paths it switches to require https, because it still listening on the port (e.g. 8080) but the protocol has changed from basic http to https. It looks to me like Calibre runs it’s own custom Python based http/https listener for it’s web server. You could run a separate web server (IIS, nginx etc) to handle http connections then redirect them to your library service if you really wanted.

Note that to automate what you have using Certify The Web (assuming your still on windows, this will work fine on Windows 10 Home etc as well) you’d use http or dns validation to get your cert and once that’s working you’d add a Deployment Task to export your certificate to a location where you want to keep the latest cert files (the generic server export option would be fine), if Calibre is then pointing to these same files then all you’d need to do is restart the Calibre service.

You can then also add a Restart Service task so that when your cert renews it will auto restart the calibre library service. and from then on all renewals would be automatic. You can also achieve the same automation with other tools with a little bit of scripting.

2 Likes