Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Install SSL on Windows Apache

Tags:

ssl

apache

lets-encrypt

1. What I want to do:

I have a domain example.me, and a sub-domain text.example.me which is hosted on my Windows Server. It's running Apache with php 5.6

I want to install and SSL certificate using Let's Encrypt and this tool https://github.com/PKISharp/win-acme

2. The problem:

It doesn't seem to be working, I get the following error when trying to access https://test.example.me

This site can’t provide a secure connection

3. What I have done so far

I followed every step from: https://commaster.net/content/how-setup-lets-encrypt-apache-windows

This is the content of my httpd-ssl.conf

<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName text.example.me
    DocumentRoot "D:/xampp/htdocs"

    RewriteEngine On
    # Redirect to the correct domain name
    RewriteCond %{HTTP_HOST} !^test.example.me$ [NC]
    RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]

    Alias /.well-known D:/xampp/htdocs/.well-known

    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/text.example.me-crt.pem"
    SSLCertificateKeyFile "conf/ssl.key/test.example.me-key.pem"
    SSLCertificateChainFile "conf/ssl.csr/ca-test.example.me-crt.pem"
</VirtualHost>

My 80,443 ports are avaiable, and not being used by Skype, so that's not the issue.

This is the content of my httpd-vhosts.conf

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName test.example.me

    RewriteEngine On
    # Redirect to the HTTPS site
    RewriteCond %{HTTPS} off
    RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]
    ErrorLog logs/slog.log
</VirtualHost>
like image 257
John Doe Avatar asked Apr 13 '18 12:04

John Doe

1 Answers

I am using Let's Encrypt since some years - but without(!) RewriteEngine.

So here is a snipped from my http-vhosts.conf

<VirtualHost *:80>
  DocumentRoot "C:/webserver/html/example_html"
  ServerName www.example.com
  Redirect permanent / https://www.example.com/
  # For the case that you are using ModProxy to forward to a Tomcat, please also add:
  # ProxyPass "/.well-known/" "!"
</VirtualHost>

A snipped from my httpd-ssl.conf:

<VirtualHost *:443>
  DocumentRoot "C:/webserver/html/example_html"
  ServerName www.example.com
  Protocols h2 http/1.1

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
  SSLHonorCipherOrder on
  SSLCompression off
  SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-crt.pem"
  SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-key.pem"
  SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-www.example.com-crt.pem"

  <IfModule headers_module>
  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
  Header always set x-frame-options "SAMEORIGIN"
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-XSS-Protection "1; mode=block"
  #Header always set Content-Security-Policy "script-src 'self'"
  </IfModule>

  BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

  #For the case that you use ModProxy to forward to a Tomcat or so
  #ProxyPass "/.well-known/" "!"

  EnableSendfile off
  EnableMMAP off 
</VirtualHost>

Also please keep in mind that when you want to use multiple hostnames, then you need a wildcard certificate - otherwise it's simple with Let's Encrypt to have one certificate for each host/domian name - but you need one virtual host section for each host/domain name you are using.

Last but not least my personal opinion is thet ModRewrite should not be used when there is no need, because it is complicate and not really understood by most people.

like image 177
PowerStat Avatar answered Oct 22 '22 07:10

PowerStat
Sign in to Comment

Related questions

adding Imagick in xampp
client certificates issued by my own CA with Apache
How to enable php_mssql.dll extension in xampp 1.8.x
How rewriting for directory in root directory
How do I deploy Django 1.6, Python 3.3, and Apache?
libjpeg.so.8 not found when using wkhtmltopdf static binary
Apache Rewrite rules: How to check for host name in cookies?
Downloading files outside the webroot
Reverse Tunnel over JSCH (SSH) and HTTPS
Redirect an octet stream in Apache using PHP or Django
Apache Reverse Proxy Unix Socket
server certificate change is restricted during renegotiation for TLS_1.2 with Java 8
How to setup ssl using only .htaccess file
apache 2.4 modules: writing new cookie on the response cause seg fault
Requested URL not found - Laravel 5
Redirecting Apache Logs to STDOUT
Solving "Received an unexpected EOF or 0 bytes from the transport stream" server-side
Remote access of WAMP redirects to duplicate url
Virtual Hosting in SSL with VirtualDocumentRoot
How to check the health of embedded tomcat in spring boot application?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!