Getting Let's Encrypt working on Apache and WIndows 10


#1

Please fill out the fields below so we can help you better.

My domain is: d20celerity.net

I ran this command: n/a

It produced this output: n/a

My web server is (include version): Apache 2.4 for windows

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I have followed the directions on https://commaster.net/content/how-setup-lets-encrypt-apache-windows and I think I have managed to get the certificates. (I can see a number of pem files that appeared in a C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org folder)

I am not sure what the next steps are. I think I have to configure the Apache to use the certificates I have using a virtual host, but are these instructions correct? https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html Their SSLCertificateFile and SSLCertificateKeyFile do not end in .pem so I am not sure if these instructions apply to my situation.

Another guide (from drupal I think, which I am using) suggested to add:

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com*
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

to my .htaccess file, which I’ve tried.

I am thinking that I have to make some edits in the httpd-vhosts.conf file, and the httpd-ssl.conf file, but I am lost.

Please help.


#2

Hi @Olagtheberserker

you can use your pem-files direct:

SSLCertificateFile C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\fullchain.pem
SSLCertificateKeyFile C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\privkey.pem

It’s the same in your link:

SSLEngine on
    SSLCertificateFile "C:/Users/<username>/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/<domain-name>-crt.pem"
    SSLCertificateKeyFile "C:/Users/<username>/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/<domain-name>-key.pem"
    SSLCertificateChainFile "C:/Users/<username>/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-<hex>-crt.pem"

At the end you have the pem-extension.


#3

I switched them to this:

SSLEngine on

SSLCertificateFile “C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\www.d20celerity.net-crt.pem”
SSLCertificateKeyFile “C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\www.d20celerity.net-key.pem”
SSLCertificateChainFile “C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\ca-www.d20celerity.net-crt.pem”

Now, my apache does not start. It also seems that my error logs stopped updating some minutes ago.

EDIT: It seems that when I comment out the “Include conf/extra/httpd-ssl.conf” line, my error logs works again.

I will try instructions on https://www.sslforfree.com/ meanwhile.


#4

I ran httpd.exe -t and found out that I’m getting “Cannot define multiple Listeners on the same IP:port ssl” error in my bitnami.conf line 35. Line 35 of my bitnami.conf says “Listen 443”.


#5

I commented out the “Listen 443” and it seems to be working now. My certificate for https://d20celerity.net seems to correctly point to my installed certificate from Let’s Encrypt. However, it still says that it is not trusted domain and not secure. Is this normal?

EDIT: My https://www.d20celerity.net has a padlock and says secured. My https://d20celerity.net does not.

EDIT2: Now both of my domains has a padlock. But It also seems that all of my pages other than the homepage is giving me an error. “NOT FOUND The requested URL was not found on this server”


#6

I changed the AllowOverride none to AllowOverride All in httpd.conf under DocumentRoot “C:/Bitnami/wampstack-7.1.19-1/apache2/htdocs”
<Directory “C:/Bitnami/wampstack-7.1.19-1/apache2/htdocs”>, and everything seems to be working now.