Is certbot starting up "Select Administrator: C:\WlNDOWS\System32\WindowsPowerShell\v1.0\Powershell.exe" every 20 minutes or so?
If so, the powershell window is popping up and down way to fast to read
but there are no commands showing up in the blue window.
Nope, by default it has a windows task scheduled twice per day which triggers "certbot renew". It does run via powershell but not every 20 mins.
I've definitely seen windows popup random powershell windows, no idea what does that. You could try to troubleshoot it via process monitor cmd.exe - CMD prompt window pops up and instantly disappears periodically - Super User
PowerShell windows popping up regularly in the context of your logged in user account is not normal and could be a sign of malware infection.
yeah I should check that as well ..
For info, here is a capture from one of my servers (in this case hosted in AWS):
Not sure if any of these spawn a powershell window but I can see amazon has an agent running regularly, tailscale is flushing dns regularly. I guess if I did the same in an azure server I'd see some other variations.
Here's what i found. I mean it sounds legit. certbot is asking powershell to do a renew (if needed) twice per day. And for a moment, the blue powershell window pops onto the screen and disappears. A bit unnerving i would suspect for some folk. it is supposed to be hidden as i see in it's common line, but it isn't.
it's command is Powershell.exe -NoProfile -WindowStyle Hidden -Command "certbot renew"
in case you can't see in that image.