Running Certbot on Windows - Phase 2

Hi All

This is a continuation of this discussion.

Status:

• The aim of this section is to complete some of the surrounding requirements on making certbot work with Windows
• The changes needed to use certbot on Windows Natively are not yet implemented
• I am currently tossing up between using a combination of PowerShell and Python or go with Python Natively
• Found a Great Library to Talk to IIS from Python https://github.com/kouroshparsa/iis_bridge

This part is about automating the install and doing some smart hings around managing IIS and Remote Desktop.

Key point to cover in this article:

Part 1: Powershell Update Script (automates updates needed to get Certbot to work on Windows)
Part 2: PowerShell Automated Install Script Concepts
Part 3: PoweShell Automated Install Script (Finished Product)
Part 4: IIS Audit Script (Python)
Part 5: IIS Authentication Script (Python Hook Script HTTP and TLS-SNI)
Part 6: IIS Install Script (Python Hook Script)
Part 7: IIS Verification Scripts (Python)
Part 8: IIS Install Scripts (Zope.Interfaces)

Andrei

Part 1:

PowerShell update script. Change the virtual_env to the path of your python installation (assumes no virtual environments)

Fairly hacky. But will allow python files to be updated without using Notepad or other editiors (more reliable and quicker)

core settings:

$virtualenv="C:\Python36"
$certbot_path = "Lib\site-packages\certbot"
$mainpy="main.py"
$crypto_util="crypto_util.py"
$cert_manager="cert_manager.py"
$account="account.py"
$log="log.py"

replace main.py - e.message with e and os.geteuid with '0'

$path = $virtualenv + $certbot_path + $mainpy
(Get-Content $path).replace('os.geteuid()', "'0'") | Set-Content $path
(Get-Content $path).replace('e.message', 'e') | Set-Content $path

replace 3 other classes os.geteuid with '0'

$path = $virtualenv + $certbot_path + $crypto_util
(Get-Content $path).replace('os.geteuid()', "'0'") | Set-Content $path
$path = $virtualenv + $certbot_path + $cert_manager
(Get-Content $path).replace('os.geteuid()', "'0'") | Set-Content $path
$path = $virtualenv + $certbot_path + $account
(Get-Content $path).replace('os.geteuid()', "'0'") | Set-Content $path
$path = $virtualenv + $certbot_path + $log
(Get-Content $path).replace('os.geteuid()', "'0'") | Set-Content $path

Part 2:

High Level Design:

3 Virtual Environments each looking at the same key, cert and log repositories

CERT_DESIGNER.png612×592 27.3 KB

Part 3:

The Install Script can be found here: https://github.com/ahaw021/CERTBOT-WINDOWS-BUILD

Most of the functions are self explanatory but are described a bit more below.

The script is also designed to be modular so if you get stuck on one component you can re-run just that component.

downloadPythonInstallerPIPCert - downloads latest version of 64-bit python to %TEMP%
installPythonPIPCert - Installs Cert and Python
installPIPVENV - Downloads Get-PIP.py scripts and gets pip. Then uses pip to install virtualenv and virtualenvwrapper (easier virtual environment management)

createVirtualCertbotEnvs() - creates a virtual environment
installCertbotInVENVS() - install certbot in a virtual environment
fixCertbotFiles() - fixes certbot as per post 1

If everything works well you should get 3 environments that look like below and the %TEMP% folder should have the 3 files we downloaded. You can also verify certbot works in all 3 environments.

image.png893×340 26.5 KB

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.