We have a program we wrote which automates the certbot process. It goes through pulls all the active domains out of IIS, checks their expiration and if expiring soon, then calls certbot to gen new certs. We then zip these up and send them to our hosting company to install into our load balancers.
Everything works perfectly fine when I run it manually, logged in to the server with my domain account.
However when it runs in task scheduler, under our service account, there is no output generated in C:\Certbot\live . The service account has R/W access to this directory. The exit code being returned from certbot is 1 , and the StdErr from the process outputs "Error, certbot must be run on a shell with administrative rights."
Our program that calls certbot is C#, using Process.Start to launch it, and near as I can tell there is no way to launch a process with admin rights without causing a UAC prompt, which obviously won't work in a nightly scheduled task.
Is there any way to make certbot on windows NOT require admin rights? The service account is the owner of the output directory where certbot rights out all it's various logs and outputs, C:\Certbot , and the scheduled task is set to "Run with highest privileges."