I just found out about certbot for Windows Server! I am looking at using it on Windows Server 2016.
Is there a recommended way to run the “standalone” mode at boot / as a service?
1 Like
The Windows documentation (https://certbot.eff.org/lets-encrypt/windows-other) mentions:
The Certbot installation on your system comes with a pre-installed Scheduled Task that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration
If you are using --standalone, the Scheduled Task will automatically run the standalone server during certificate renewal as required.
2 Likes
automatically run the standalone server during certificate renewal as required
I read that. Maybe I am misunderstanding but I thought you run the standalone plugin and then http requests to the server triggered requesting a certificate - so I would also need to have that running right?
Or is that the part you have to hook up on your own on Windows?
1 Like
It’s like this:
- Certbot scheduled task runs twice a day and looks at each existing certificate to see whether it needs to be renewed.
- Certbot sees that certificate for
example.comis expiring in less than 30 days, and begins performing a renewal attempt. - Certbot creates a certificate order for
example.comand receives the challenge token that it needs to publish at a pre-defined URL. - In order to fulfill the challenge, Certbot starts up a web server on port 80, which answers with the token.
- Certbot tells Let’s Encrypt that the challenge is ready.
- Let’s Encrypt connects to the standalone server and checks that the challenge response matches.
- Certbot stops the standalone server.
- Let’s Encrypt issues the certificate and Certbot downloads it.
This is assuming that at one point in the past, you setup the certificate with e.g.:
certbot certonly --standalone -d example.com
2 Likes
Thanks for the detailed response!
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.