Windows tries to regularly open Certbot file and fails

Hello all

I am very new to Certbot and Lets Encrypt so I am sorry for the lack of experience. Currently I have no problems with my domain or my web server. My problem is that roughly every 4-5 hours Windows tries to open the Certbot file that I have located in my System32 folder. It always fails and as far as I can tell it is empty. I was wondering if someone could explain to me what is it trying to and how can I help it or make it stop. I've tried making it open with the command prompt but it still fails

My domain is:

I ran this command:None

It produced this output:The Program you have selected cannot be associated with this file type. Please choose a different program

My web server is (include version):

The operating system my web server runs on is (include version):Windows

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is certbot 1.17.0

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

That's probably the scheduled certificate renewal task.

@webprofusion, @rmbolger

Any thoughts here fellas?

1 Like

Why is there a certbot related file in your System32 folder? That's generally limited to Windows OS related files. The certbot installer for Windows places files in C:\Program Files (x86)\Certbot.

I don't think this is related to the scheduled task because the one created by the installer has two daily triggers; one at 12am and one at 12pm, but both with random 12 hour delays. So every 4-5 hours would be too often for the task to be the cause.

1 Like

Sorry I wish I could tell you as well. I am not really sure. But if that's the case I am going to try to delete it and see if I still have the same issue

1 Like

You mentioned windows try to open the file, how do you know (event log?).

As @rmbolger says Certbot exe normally lives in C:\Program Files (x86)\Certbot\bin, unless someone copied it there and then tried to scheduled it manually. It should not be a 0 byte file.

If you are the only administrator and you didn't put the file there I'd assume it's malware pretending to be legitimate (it may not be, but it might).

1 Like

Are there any scheduled tasks that are run around those times?
What exactly do you mean by "the Certbot file"?

1 Like

When it does try to open I get the windows prompt asking me to choose what program I would like to open the it with.No mater what I choose it seems to fail. So far I've tried CMD, Internet explorer, and notepad. Notepad just opens an empty doc. When I look at the file itself it seems to be 0kb with no extensions. It looks like a file that is only called Certbot
image

1 Like

I actually do think you should assume it's malware until you've checked all your scheduled tasks for anything trying to use that.

As it's a zero byte file (and not an executable) it's going to do nothing, it could have been intercepted by whatever av software you use, or it could simply be a temp file or test file someone innocently/accidentally created.

2 Likes

So I went through my scheduled tasks as you recommended and I did see that the Certbot Renew task is there and it thinks its never been run before. I can confirm this myself as I usually manually renew my certificates. I tried manually running the scheduled event and it takes me right to that empty Certbot file.

1 Like

Then it seems to be a failed attempt at scheduling certbot.
I would delete the task and the empty file.

1 Like

You may also consider re-installing certbot (just install the latest version), as far as I remember it should create that scheduled task (correctly) on install.

I figured out how you created the file by the way, the certbot instruction for windows have examples like this:

C:\WINDOWS\system32> certbot --help

That means you type certbot --help at a command line. If you type C:\WINDOWS\system32> certbot --help at a command line it will try to pipe the output of a non-existent command called C:\WINDOWS\system32 to a file called certbot, which is not what you want :slight_smile:

3 Likes

That must have been what I've down while copying and pasting. I've deleted the file and task for now, Ill see if I want to set up automatic renewal later on. You are all amazing, thank you for your help!

2 Likes

That's quite a brilliant observation, @webprofusion. Kudos!

:confetti_ball: :smiley: :sparkling_heart:


One mystery remains though: How did that random file get referenced by the task scheduler? :thinking:


@bmw

Thought you might want some awareness of this situation for adjustments.

2 Likes

Perhaps what may be worse is that the program to run (certbot) in the scheduled task created by the certbot installation possibly doesn't specify the full path to the certbot executable and therefore when the scheduled task gets run, the C:\Windows\System32 folder appears earlier in the PATH environment variable than the correct certbot folder, resulting in running anything named "certbot" wherever it's first found (in this case, C:\Windows\System32).

:grin:

2 Likes

"C:\WINDOWS\system32> certbot --help"

OR maybe...
That is just intended to show an example of what to type "certbot --help"
And the where is supposed to be irrelevant, but is being easily mistaken and included as part of the command to be run.

1 Like

Ha, yeah that is indeed the problem. I can confirm the task that certbot creates does not specify the full path (or certbot.exe, it's certbot renew run via powershell) so if you have a file called certbot in System32 it will attempt to run that instead.

2 Likes

A little goofiness for all the Windows users here...

From a command prompt:

PROMPT What$sis$sthy$sbidding,$soh$sglorious$smaster,$son$sthis$s$d$sat$s$t$sin$sthe$spath$sof$s$p?
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.