Do you guys like a "acme.bat" for Windows ?

[Neilpang]

acme.sh can work in cygwin or mingw on windows.

But it could be better if we have windows native support. Only use Windows apis, no other dependencies .

what do you guys think ?

[FernandoMiguel]

dont usually use windows. but when i needed it, i couldnt find a good LE 3rd party client.

if acme.sh can pull it off, and still maintain the good support we are used to, it could be really helpful to many many users out there

[Neilpang]

@FernandoMiguel

There are 3 solutions I could think:

1. Use powershell script, like: acme.ps. powershell can work on most Windows. there are also crypto services in .Net runtime, which can be invoked by powershell.
2. Use Windows bat script, it will depend on openssl.exe binary.
3. Use Windows bat script, together with c# code. The crypto service is provided by c#. As .Net in built in all the current Windows, it should work well. Here is an example for writing bat script together with c# code. https://github.com/npocmaka/batch.scripts/blob/master/hybrids/.net/c/screenCapture.bat

I vote to the 3rd option. Since I don't like Powershell at all.

[FernandoMiguel]

PS has two problems: it's in rapid evolution (v2 has just been deprecated) it requires to be signed or it will refuse to run while system is untrusted.

i'm assuming BAT will have a similar sandbox issue?

[Neilpang]

@FernandoMiguel

it's in rapid evolution (v2 has just been deprecated)

yes, M$ is always inventing and dropping things.

[Neilpang]

@FernandoMiguel

i'm assuming BAT will have a similar sandbox issue?

As far as I know, BAT has no such limitation.

[Neilpang]

@FernandoMiguel

The most concern I have is how many users on Windows need such a acme.bat.

It would take a lot of time to implement, it's expensive.

[FernandoMiguel]

I have no doubt it's costly. and as a linux/mac user, i rather not lose your support for those platforms. but if you dont mention that your product can do it, users wont ask either :)

i personally dont have a need for it, all the time... like maybe once a year ?

maybe leave this issue open and see if anyone comments on it for the next couple of months? and go from there

[FernandoMiguel]

also, if windows users really want, they can run the docker container :p

[Neilpang]

@FernandoMiguel

Yes, linux/mac will always be there.

Everytime I see someone facing problems with LE on Windows, I just can not bear that.

It could be better.

Let's keep it open and see.

[Neilpang]

also, if windows users really want, they can run the docker container :p

Windows docker is another nightmare, lol :)

[therentabrain]

I, for one, would love that. I am writing from the midst of fighting with cygwin/acme; with the instructions I have written up it's only about a 30 minute process to get cygwin going on these older Windows 2003 servers, but a BAT would eliminate the headaches of needing to force install an old archived cygwin, make sure the right packages are present, make sure the fruitbat repository url still exists, etc. So from me that's a yes!

[sjau]

It should work just fine in WSL I think

[martgras]

acme.sh works without problem in WSL (Windows Subsystem for Linux) on Windows 10 For the server editions you need at least Windows Server 1709 which only works in core mode (no gui) (So you have to use powershell for management ) If you are serious about managing windows servers you need powershell and it's not going away . See https://github.com/PowerShell/PowerShell/ With regards to the need for signed scripts - this can be changed with Set-ExecutionPolicy .

I wouldn't recommend investing time in hacking together a bat/cmd solution because you won't be able to implement it without installing some tools . If you want to use scripting on windows use powershell

[ElysionK]

搜索引擎上查到说有acme for windows 但是一直没找到在哪里和怎么用, 虽然可以通过cgywin生成再copy但是难免会出现不可预期的错误,所以如果允许的话还是希望有for windows版本, 毕竟可能还得用一段时间的windows

[4c74356b41]

lol, so much bigotry here. powershell v2 is what, 12 years old? why would you want to use that?

[gabri-ns]

@ElysionK if you really need it now, you can use win-acme. i use it in my production windows server and it work flawlessly and integrated with IIS seamlessly.

continuing on the subject, does any one has try acme.sh on WSL? IMO, acme.sh is fine as it is since it is just a script to get certificate from an acme server. how the certificate will be used should fall on user responsibility.

[Neilpang]

@gabri-ns acme.sh can work well in WSL and cygwin. It can also utilize the Windows schduler instead of cron on Windows.

[pebroz]

Running acme.sh in PROD in WSL2 on Windows Server, works great. Mostly deploying to F5 and Linux hosts though.