Windows Proxy no user/password

set commands values can be read by all accounts.
Thus, set commands should never contain passwords.

1 Like

This is definitely not the case. The set command only sets environment variables for the current process (and its children). You might be thinking of setx which sets a permanent environment variable that would apply to the current process and any new processes, but only in the context of the current user (without additional parameters to specify a system-wide environment variable).

You can verify it by doing the following.

  • Open cmd.exe and run set blah=secret followed by echo %blah%
  • Open a new cmd.exe without closing the first one and run another echo %blah%
  • Go back to the first instance and run powershell.exe followed by gi env:blah

The first instance and its powershell child will show the value of blah. But the second instance won't.


OK, I stand corrected.
Now the trick is issuing that set command within the same call to certbot.

1 Like

Note that you want the same Envorinment settings when the automated renewal task kicks in! In the end, I'd feel much safer with a) adjusting the company policy to allow that one server in question to access that one url in question without credentials compared to b) hard-coding the renewal task to somehow issue proxy credentials that never expire

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.