Windows on Windows-#2.

Update information      Edit(Sep.19)  Edit2(Oct.26)

[2017.OCt.20]    We can use mod_md in ApacheLounge 2.4.x version now, so I changed from dehydrated (former to mod_md about certs updating tool. About this, see → “From dehydrate to mod_md, Let’s Encrypt Tool”.
[Oct.26]    As I use Elliptic curve Diffie–Hellman (ECDH) for kx now, I posted a new article. ☞“ on Windows-#4”
[Sep.19]    As I had a success about the first renewal of the Let’s Encrypt Certs automatically, I posted a new article. ☞“ on Windows-#3”
   By the way, they renamed project from to dehydrated. So you can find the project at Therefore, read as dehydrated in my article.
   Continued from my last post.
   Now, I’ll write HowTO renew certs automatically by Once I made the batch file which didn’t work well because of letsencrypt-win-simple limitation. But the part which was not related to letsencrypt-win-simple worked well.

   At this time, I confirmed can force-renew certs on Cygwin on Windows, so I made another batch file named ‘LetEncryptsh.bat’. It calls bash.exe of Cygwin from cmd.exe directly and is executed once a day by Windows Task scheduler.

@echo off
setlocal enabledelayedexpansion

copy pathtoletsencrypt.shlist.txt pathtoletsencrypt.shlist-old.txt>>null

pushd pathto[Cygwin's bin directory]
bash --login -i -c "/usr/local/ -c"

pushd pathto[Cygwin's bin directory]
bash --login -i -c "/usr/local/ -gc"
pushd C:UsersUserIDAppDataRoamingarchiveYourDomain
del /Q *.*

pushd C:UsersUserIDAppDataRoamingcertsYourDomain
forfiles /m *.pem /C "cmd /c echo @file @fsize @fdate @ftime" >pathtoletsencrypt.shlist.txt
fc /L pathtoletsencrypt.shlist.txt pathtoletsencrypt.shlist-old.txt
if %errorlevel%==0 goto not_do_anything
if %errorlevel%==1 goto cpy


pushd C:UsersUserIDAppDataRoamingcertsYourDomain
forfiles /m *-*.pem >pathtoletsencrypt.shnew.txt

for /f %%a in (pathtoletsencrypt.shnew.txt) do (
SET STR=%%~a
SET STR1=!STR:~0,7!
Pushd C:UsersUserIDAppDataRoamingcertsYourDomain
if !STR1! EQU fullcha (copy !STR! pathtoserver.crt>>null)
if !STR1! EQU privkey (copy !STR! pathtoserver.key>>null)
pathtobinhttpd -k stop
pathtobinhttpd -k start

Let's's task.
Let’s’s task.
   When you make this batch file by a text editor, you have to follow a MS format for cmd.exe except ‘bash –login -i -c “~~”‘. The batch file creates list.txt, list-old.txt and new.text in directry.

   After making LetEncryptsh.bat, create a task which is executed once a day on Windows Task scheduler.
   If you want to use this batch file, you need a few preparation.

Run cmd.exe and do the following commands.

>pushd pathto[Cygwin's bin directory]
>bash --login -i -c "/usr/local/ -gc"
>pushd C:UsersUserIDAppDataRoamingcertsYourDomain
>forfiles /m *.pem /C "cmd /c echo @file @fsize @fdate @ftime" >pathtoletsencrypt.shlist.txt

   That’s it.

Leave a Reply

Your email address will not be published. Required fields are marked *