How to set the certifcate on windows with apache 2.2 appserv

i'm new to this, just installed the certificate stand alone in the C:\Certbot\live\mydomain.dyndns.org

what do i need to do next?

i've already edited httpd-vhosts.conf
with this script

<virtualhost *:443>
    ServerName mydomain.dyndns.org
    ServerAdmin admin@localhost
    DocumentRoot "D:/Appserv/www"
    <Directory "D:/Appserv/www">
        Options FollowSymLinks Indexes
        AllowOverride All
        Order Allow,Deny
        Allow from all
        DirectoryIndex index.php index.html
   </Directory>
    SSLEngine on
    SSLCertificateChainFile  "C:/Certbot/live/mydomain.dyndns.org/fullchain.pem"
    SSLCertificateFile "C:/Certbot/live/mydomain.dyndns.org/cert.pem"
    SSLCertificateKeyFile "C:/Certbot/live/mydomain.dyndns.org/privkey.pem"
</VirtualHost>

and already restarted the apache2.2 service, but nothing happened, my site can only be accessed through http://

First, Apache 2.2 (really? 2.2?) the fullchain.pem should be chain.pem. Apache 2.2 ended its service life about 6 years ago.

Have you checked all your settings for port 443? You did not answer many of the questions on the form so I can only guess at things. But, is your router forwarding incoming port 443 to your Apache as port 443? Do you have any firewalls blocking that port? That sort of thing.

Because I can connect using HTTP like you say. But get this for HTTPS

curl -I https://mydomain.dyndns.org
curl: (7) Failed to connect to mydomain.dyndns.org port 443 after 2 ms: 
Connection refused

Well, same advice I gave before with this domain name too.

Check your port 443 network configuration (also see SSL Labs test result)

This isn't related to your cert. Your Apache cannot be reached with HTTPS on port 443. If your cert was wrong we would see a different error.

curl -I http://prioritymks.homeip.net/
HTTP/1.1 200 OK
Server: Apache/2.2.8 (Win32) mod_ssl/2.2.8 OpenSSL/0.9.8g PHP/5.2.6
X-Powered-By: PHP/5.2.6

curl -I https://prioritymks.homeip.net/
curl: (7) Failed to connect to prioritymks.homeip.net port 443 after 241 ms: 
Connection refused

Can you give me any detail advice how to check my port 443..?
I've set the port forward to port 443 just like port 80
But even accessing through localhost, my https can't connect unlike http, i even tried to turn off the firewall but still the same result

i think i got the problem but don't know what caused it...
i forgot to enable Include conf/extra/httpd-ssl.conf in myhttpd.conf, when i enabled it, and restart the service, the service can't run

Make sure all of below link is correct. It is for Apache 2.4 but you could look at the 2.2 docs

Anyway, your problems are not directly related to Let's Encrypt certs. You might try a general purpose Apache support forum.

https://httpd.apache.org/docs/2.4/bind.html

ok then thank you so much

i have checked my error log and found this
[Mon Oct 23 00:13:56 2023] [error] Oops, no RSA or DSA server certificate found for 'x:443'?!

You can check your cert using

certbot certificates

It's possible Apache 2.2 does not support ECDSA certs which are the current default from Certbot. You may need to force issuance of an RSA cert (see link below).

Still, that error sounds like it just can't find any kind of cert.

Certbot force RSA with --key-type

https://eff-certbot.readthedocs.io/en/latest/using.html#rsa-and-ecdsa-keys

Oh, also be sure to see this post in that thread I linked. Spoiler: Support for modern TLS protocols don't exist in the very old openssl you have

You might try reissuing as RSA as described in earlier link.

As for the rest, I think it's a waste of time to try to use such old software. There are numerous security holes even if you could make it work and lacking support of features used by modern clients.

You should never do that.

Apache isn't listening on port 443, maybe a missing Listen 443 directive?

Anyway, I concur with my fellow volunteers: no need for flogging a dead horse, you should upgrade to Apache 2.4.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.