Windows assume identity

I am trying to determine if webroot or manual mode is better for me.

I need to run as a particular service account for placement. I could use symlinks to make placement transparent to certbot.

Is there a way to hook in when the command runs automatically (i.e. via the renew job created in the task scheduler) to assume the identity of a group managed service account with the webroot plugin? I am worried about manually modifying the tasks as it might break in the future as installation is upgraded.

Or will this require the manual mode?

1 Like

You can run certbot as its user, and use --deploy-hook to run a script that assumes another identity and installs the certificate.

3 Likes

Thanks. I thought that was renew only

1 Like