Handshake fails apache Windows

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dforeman.homeds.org

I ran this command: https://decoder.link/sslchecker/dforeman.homedns.org/443

It produced this output: Handshake failed, we haven’t received any certificates from the requested server.

My web server is (include version): Apache 2.4.43

The operating system my web server runs on is (include version): Windows 10 Pro

My hosting provider, if applicable, is: my own PC

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, i have direct access

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.6.0

Hi @docdj

that's not a command to create a certificate.

So the result is expected.

Create a certificate, then install it.

Start there:

Prior to my 1st post, I GOT my certificate using: certbot certonly --standalone
The command in my original post shows the ERROR message I get when TESTING my site after setting the statements in httpd-ssl.conf.
So I do HAVE a certificate, but it is not being used by my site. I am hoping someone will have a clue to what I have missed in my Apache httpd-ssl.conf file, which is “included” from my httpd.conf file. I can provide a copy of my httpd-ssl.conf file if that helps.

If you use certonly, the certificate is created, but not installed. So the result is expected.

Use the --reinstall option to install the certificate.

The certbot Windows installation procedure with Apache webserver currently claims:

No installer plugins are supported. The Apache and Nginx plugins will be available soon, and a plugin to install certificates into IIS is under development.

Is the manual incorrect and outdated? Or should @docdj install the certificate manually into the Apache configuration..

The certbot webpage says it does NOT currently have a process for Windows. So I am using the MANUAL installation mechanism. Hence my problem. My Apache log files have this: AH02568: Certificate and private key dforeman.homedns.org:443:0 configured from C:/Certbot/live/dforeman.homedns.org/fullchain.pem and C:/Certbot/live/dforeman.homedns.org/privkey.pem
AND this line: Cert matches for name ‘dforeman.homedns.org’ [subject: CN=dforeman.homedns.org / issuer: CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US / serial: 03C50024A796417E2C834D8BCB23F2010A89 / notbefore: Jul 19 14:49:22 2020 GMT / notafter: Oct 17 14:49:22 2020 GMT]

What says

apachectl -S

(Don't know if that works with Windows).

If there is a port 443 config visible, share the content of that config.

Also, your Apache is talking plain HTTP through port 443. You have to enable TLS for the port 443 VirtualHost.

I just found the solution: in my httpd-ssl.conf, I had changed
"_default_:443"
to “mydomain:443”. Where “mydomain” is my actual domain name. I changed it back, restarted Apache and it all works now. But thanks to you all for confirming everything else I had was correct.

APACHECTL does not exist. On Windows, it is just httpd.exe. And yes, the -S option is available. BUT now that I have solved my problem, you don’t need my vhost setup.

Thanks, good to know.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.