Renewing Certificats and configuring on windows 10

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://scts.co.il

I ran this command:

It produced this output:

My web server is (include version): xampp apache

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest
helo
I am having trouble using the --pre-hook & --post-hook on the conf file (windows)

certbot renew --pre-hook "net stop apache2.4" --post-hook "net start apache2."
I read the documentation but I cannot find the instructions on how to use the conf file in windows.
I want to run "net stop apache2" before the renewal.
I also want to change the certificate's location folder. I found this (only for Linux):

mv /etc/letsencrypt/archive/example.com /home/user/me/certbot/example_archive

sed -i 's,/etc/letsencrypt/archive/example.com,/home/user/me/certbot/example_archive,' /etc/letsencrypt/renewal/example.com.conf

mv /etc/letsencrypt/live/example.com/*.pem /home/user/me/certbot/

sed -i 's,/etc/letsencrypt/live/example.com,/home/user/me/certbot,g' /etc/letsencrypt/renewal/example.com.conf

certbot update_symlinks

Please be so kind to help
Thank you

I think this older advice is not ideal for our Windows users. Sorry! I will try to get it updated to something more appropraite.

In general, it's easiest to include the --pre-hook and --post-hook when you first create the certificate.

For example:

certbot certonly -d example.com --standalone --pre-hook "net.exe stop apache2.4" --post-hook "net.exe start apache2.4"

Running this would result in these two lines being present in C:\Certbot\renewal\example.com.conf:

pre_hook = net.exe stop apache2.4
post_hook = net.exe start apache2.4

like this:

image

What you can do is add these lines to this file, and next time Certbot's scheduled renewal task runs, it will appropriately stop and start the Apache server, if renewal is required.

You can then also test renewal with a dry-run, which should appropriately stop and start the Apache server, without you having to tell it to do so every time:

certbot renew --dry-run

May I ask why you would like to do this?

I think in general we would either advise that you either:

  1. Use the Certificate symlinks directly. That is, C:\Certbot\live\example.com\fullchain.pem and C:\Certbot\live\example.com\privkey.pem. They will be automatically updated at renewal.
  2. Get Certbot to create a copy of the certificate and private key files, by using a --deploy-hook script that wil copy it to the appropriate location. I can help you write one for Windows, if you're interested.

I am not really srue what will happen when modifying the paths in the renewal conf file. It's definitely off the beaten path and I wouldn't be surprised if it causes problems.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.