Handshake fails apache Windows

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dforeman.homeds.org

I ran this command: https://decoder.link/sslchecker/dforeman.homedns.org/443

It produced this output: Handshake failed, we haven’t received any certificates from the requested server.

My web server is (include version): Apache 2.4.43

The operating system my web server runs on is (include version): Windows 10 Pro

My hosting provider, if applicable, is: my own PC

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, i have direct access

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.6.0

Hi @docdj

that’s not a command to create a certificate.

So the result is expected.

Create a certificate, then install it.

Start there:

2 Likes

Prior to my 1st post, I GOT my certificate using: certbot certonly --standalone
The command in my original post shows the ERROR message I get when TESTING my site after setting the statements in httpd-ssl.conf.
So I do HAVE a certificate, but it is not being used by my site. I am hoping someone will have a clue to what I have missed in my Apache httpd-ssl.conf file, which is “included” from my httpd.conf file. I can provide a copy of my httpd-ssl.conf file if that helps.

1 Like

If you use certonly, the certificate is created, but not installed. So the result is expected.

Use the --reinstall option to install the certificate.

2 Likes

The certbot Windows installation procedure with Apache webserver currently claims:

No installer plugins are supported. The Apache and Nginx plugins will be available soon, and a plugin to install certificates into IIS is under development.

Is the manual incorrect and outdated? Or should @docdj install the certificate manually into the Apache configuration…

2 Likes

The certbot webpage says it does NOT currently have a process for Windows. So I am using the MANUAL installation mechanism. Hence my problem. My Apache log files have this: AH02568: Certificate and private key dforeman.homedns.org:443:0 configured from C:/Certbot/live/dforeman.homedns.org/fullchain.pem and C:/Certbot/live/dforeman.homedns.org/privkey.pem
AND this line: Cert matches for name ‘dforeman.homedns.org’ [subject: CN=dforeman.homedns.org / issuer: CN=Let’s Encrypt Authority X3,O=Let’s Encrypt,C=US / serial: 03C50024A796417E2C834D8BCB23F2010A89 / notbefore: Jul 19 14:49:22 2020 GMT / notafter: Oct 17 14:49:22 2020 GMT]

1 Like

What says

apachectl -S

(Don’t know if that works with Windows).

If there is a port 443 config visible, share the content of that config.

1 Like

Also, your Apache is talking plain HTTP through port 443. You have to enable TLS for the port 443 VirtualHost.

2 Likes

I just found the solution: in my httpd-ssl.conf, I had changed
"_default_:443"
to “mydomain:443”. Where “mydomain” is my actual domain name. I changed it back, restarted Apache and it all works now. But thanks to you all for confirming everything else I had was correct.

2 Likes

APACHECTL does not exist. On Windows, it is just httpd.exe. And yes, the -S option is available. BUT now that I have solved my problem, you don’t need my vhost setup.

3 Likes

Thanks, good to know.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.