Then you can use certbot as usual in a command line with administrator rights.
When all certificates have been fetched and after a successful trial run
certbot renew --dry-run
create a file 'renewal.bat' (or whatever-you-want.bat) with the content
certbot renew
and enter this file in the task scheduler in Windows. Run it daily under the Administrators account. Enter a batch in 'C:\Certbot\renewal-hooks\deploy' that restarts your web server, e.g.
net stop nginx
net start nginx
That's it. Maybe, in a far, far, far away future, the Windows version will work...
PS
If you are interested, I can also give hints on how to solve the following problems:
Assignment of rights to folders and files in the certbot directory.
How can I restart my server if it is not running as a service but as a normal program (e.g. WinNMP). Unfortunately you cannot do this in Certbot hook scripts.
It looks like certbot-dns-desec is already installed in your first command?
It has come to my attention that it's indeed possible to install Certbot using pip on Windows indeed, but for many novice users, installing Python and using pip is rather difficult and using the installer works better.
That said, it's indeed very difficult to use alternative plugins that way, so it really depends on the skills of the users and, more importantly, the requirements of the user.
One might even argue perhaps Certbot isn't the best option for Windows at all, being a CLI application. Nothing wrong with a CLI application, obviously, but perhaps the same reasons to prefer an installer instead of using pip to install Certbot in the first place is also an argument to not prefer a CLI application at all.
I don't think a user looking for a program to install and automatically update Let's Encrypt certificates for his web server is an inexperienced user. Do you think so?
Python is also installed with an installer, so you only have one more command line input compared to the Certbot installer. From then on, the use of Certbot is identical. But you have the plugin support. And despite the chic installation program, the Windows program will probably not be able to do that in the foreseeable future. And the plugins have many, many benefits.
I don't understand what you actually want to say either. Not using Certbot at all? Or just not on Windows? Or not publicize this alternative at all? Anyway, I'm glad I found this opportunity.
This is one of the main audience for Let's Encrypt and Certbot: bring HTTPS to everyone, no matter how little skill one has.
There are perhaps other Windows ACME clients more suitable for some (inexperienced) users.
I'm not criticising your method in any way, I think it's indeed a good if not the best way to install Certbot if third party plugins are required. However, if that latter part is not the case, I'm not really sure what the benefit is above the Certbot installer
Unfortunately, Certbot is miles away from this lofty goal, both on Windows and Linux. But you have my best wishes. Until then, I prefer to use a way that works.
Just use them both with a simple batch file as a hook.
It doesn't matter if you, as a linux user, have no experience with windows. It's surprising, however, why you're so attached to your idea.
However, the solution is simple, the program installed with the installer aborts with an error message, the one installed with pip works. That was also a reason why I use and recommend the solution described.
I respect your opinion, but as a daily Windows user, allow me to have a different one. I can only recommend other Windows users to use Certbot via the procedure described. Because this is not more complicated and at least works.
As a daily Windows user myself (last six months, coming from 10 years on MacOS and 5+ on Debian derivatives), I would NEVER imagine using Windows on a server.
(I mean, am I really a Windows user if I have a WSL2 Debian Sid terminal always open?)
I second this. When working with Windows - especially IIS, those seem to be a lot better than certbot (based on user feedback send to me).
Certbot and its friends are good choices for *Nix based OS, where some familiarity with a command line is essential. Here Certbot can be a good choice, but I never really saw Certbot + Windows as a particular good choice - Windows is just too different, and Certbot wasn't really designed for Windows.
I don't want to discuss here whether Windows or *nix is better or which is better suited as a server. If you have time for this, please use it. I do not have it. If you want to be right, you can have it. I do not need it.
This post is intended for those who use windows and want to use certbot. Whether for IIS, Apache, nginx or whatever. Anyone who has problems or questions of understanding is welcome. Everyone else would like to play somewhere else please.
And if Windows and Certbot are so impractical, why is Certbot also developed for Windows? Think about it, but please don't tell me.
Neither do I, and I'm not telling you that Windows is rubbish on a server, I'm telling you that I wouldn't imagine using, mainly because I wouldn't know where to start. So I naturally find *nix easier.
As for security and stability, I'm sure Microsoft has a lot of engineers thinking and working about it, and with appropriate hardware it shouln't be much different than rhel or similar.
As a related aside, Certbot is moving to 64-bit only on windows, which will involve uninstalling the 32-bit app first, not sure if the renewals auto upgrade or not.
As the developer of Certify The Web (this GUI, which has been around for the last 6 years or so) I think having a variety of ACME clients on each OS is great and it enables many different ways of working and caters for different user experience levels and workflow preferences.
It's great that Certbot ported to windows, obviously there are a few gaps here and there but I'd rather see them port to Windows than not. Recent numbers put them at about 15K users, by contrast CTW has in excess of 120K and I'd estimate win-acme (command line!) has about 400K users (in particular for MS exchange and RDP gateways) so Certbot can expect growing pains as they gather adoption on the platform and get more demands from users.
Obviously I'm biased towards Certify The Web, because I'm the developer but also because it has the most capabilities built-in including native PowerShell integration, a wide range of DNS providers (many via Posh-ACME), many pre-built deployment tasks (including nginx & apache with vhost config read/writes coming in the future) versions), native IIS support, an always-on background management service and of course, the UI. A linux version with an optional web based UI is also in the works (honest!). The caveat (which is a big deal for individuals, but not for businesses) is that it's free only for non-commercial use (but you do get support) - the vast majority of users still use the free version.
I have found that there are many thousands of users on both Linux and Windows who are not experienced system administrators yet who are responsible for one or more servers. Apps that make things easier so it "just works" do have a role to play.
Regarding the suitability of Windows as a server, this really comes up due to peoples experience bias and comfort levels, most people who "don't like" windows are not referring to a technical reason (Windows before Server 2022 lacks native support for TLS1.3, there you go!), they just have more experience with linux (or they want the cheaper VM licensing costs).
