upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-06 07:12:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
certbot/windows-installer/renew-up.ps1

18 lines
1.2 KiB
PowerShell
Raw Permalink Normal View History

[Windows] Create a certbot renew scheduled task using the installer (#7371) This PR implements the item "register a scheduled task for certificate renewal" from the list of requirements described in #7365. This PR adds required instructions in the NSIS installer for Certbot to create a task, named "Certbot Renew Task" in the Windows Scheduler. This task is run twice a day, to execute the command certbot renew and keep the certificates up-to-date. Uninstalling Certbot will also remove this scheduled task. * Implementation * Corrections * Update template.nsi * Improve scripts * Add a random delay of 12 hours * Synchronize template against default one in pynsist 2.4 * Clean config of scheduled task * Install only in AllUsers mode * Add comments * Remove the logic of single user install
2019-09-23 15:29:18 -04:00
function Get-ScriptDirectory { Split-Path $MyInvocation.ScriptName }
$down = Join-Path (Get-ScriptDirectory) 'renew-down.ps1'
& $down
$taskName = "Certbot Renew Task"
$action = New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument '-NoProfile -WindowStyle Hidden -Command "certbot renew"'
$delay = New-TimeSpan -Hours 12
$triggerAM = New-ScheduledTaskTrigger -Daily -At 12am -RandomDelay $delay
$triggerPM = New-ScheduledTaskTrigger -Daily -At 12pm -RandomDelay $delay
[Windows] Avoid letsencrypt.log permissions error during scheduled certbot renew task (#7537) While coding for #7536, I ran into another issue. It appears that Certbot logs generated during the scheduled task execution have wrong permissions that make them almost unusable: they do not have an owner, and their ACL contains nonsense values (non existant accounts name). The class `logging.handler.RotatingFileHandler` is responsible for these logs, and become mad when it is in a Python process run under a scheduled task owned by `SYSTEM`. This is precisely our case here. This PR avoids (but not fix) the issue, by changing the owner of the scheduled task from `SYSTEM` to the `Administrators` group, that appears to work fine. * Use Administrators group instead of SYSTEM to run the certbot renew task
2019-11-13 13:04:45 -05:00
# NB: For now scheduled task is set up under Administrators group account because Certbot Installer installs Certbot for all users.
[Windows] Create a certbot renew scheduled task using the installer (#7371) This PR implements the item "register a scheduled task for certificate renewal" from the list of requirements described in #7365. This PR adds required instructions in the NSIS installer for Certbot to create a task, named "Certbot Renew Task" in the Windows Scheduler. This task is run twice a day, to execute the command certbot renew and keep the certificates up-to-date. Uninstalling Certbot will also remove this scheduled task. * Implementation * Corrections * Update template.nsi * Improve scripts * Add a random delay of 12 hours * Synchronize template against default one in pynsist 2.4 * Clean config of scheduled task * Install only in AllUsers mode * Add comments * Remove the logic of single user install
2019-09-23 15:29:18 -04:00
# If in the future we allow the Installer to install Certbot for one specific user, the scheduled task will need to
# switch to this user, since Certbot will be available only for him.
[Windows] Avoid letsencrypt.log permissions error during scheduled certbot renew task (#7537) While coding for #7536, I ran into another issue. It appears that Certbot logs generated during the scheduled task execution have wrong permissions that make them almost unusable: they do not have an owner, and their ACL contains nonsense values (non existant accounts name). The class `logging.handler.RotatingFileHandler` is responsible for these logs, and become mad when it is in a Python process run under a scheduled task owned by `SYSTEM`. This is precisely our case here. This PR avoids (but not fix) the issue, by changing the owner of the scheduled task from `SYSTEM` to the `Administrators` group, that appears to work fine. * Use Administrators group instead of SYSTEM to run the certbot renew task
2019-11-13 13:04:45 -05:00
$adminsSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
$adminsGroupID = $adminsSID.Translate([System.Security.Principal.NTAccount]).Value
$principal = New-ScheduledTaskPrincipal -GroupId $adminsGroupID -RunLevel Highest
[Windows] Create a certbot renew scheduled task using the installer (#7371) This PR implements the item "register a scheduled task for certificate renewal" from the list of requirements described in #7365. This PR adds required instructions in the NSIS installer for Certbot to create a task, named "Certbot Renew Task" in the Windows Scheduler. This task is run twice a day, to execute the command certbot renew and keep the certificates up-to-date. Uninstalling Certbot will also remove this scheduled task. * Implementation * Corrections * Update template.nsi * Improve scripts * Add a random delay of 12 hours * Synchronize template against default one in pynsist 2.4 * Clean config of scheduled task * Install only in AllUsers mode * Add comments * Remove the logic of single user install
2019-09-23 15:29:18 -04:00
Register-ScheduledTask -Action $action -Trigger $triggerAM,$triggerPM -TaskName $taskName -Description "Execute twice a day the 'certbot renew' command, to renew managed certificates if needed." -Principal $principal
Reference in a new issue Copy permalink