Install pem files on Apache/Windows 10

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:mickwebsite.com

I ran this command:certbot certonly --standalone

It produced this output:Congratulations! Your certificate and chain have been saved at:
C:\Certbot\live\mickwebsite.com\fullchain.pem
Your key file has been saved at:
C:\Certbot\live\mickwebsite.com\privkey.pem

My web server is (include version):Apache2.4

The operating system my web server runs on is (include version):Windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.12.0

I need to install my new certificate in the configuration file for Apache2.4 on Windows 10. I found the certificates in C:\Certbot\live\ and have read thru several blogs on installing various certificate file types, but nowhere have I found a procedure to install pem files on Apache on Windows 10. Please help :slight_smile:

Those blogs are probably using PEM files as well. The Apache configuration shouldn't differ that much between Apache on Windows or Apache on Linux, besides that Windows uses \ in stead of / on Linux as the directory separator character in a path.

There are many posts about installing certificates etc into Apache, but there are virtually none that use .pem files. They commonly use .crt and .key files. From the Apache documentation...
Your SSL configuration will need to contain, at minimum, the following directives.

Listen 443
<VirtualHost :443>
** ServerName www.example.com
*
** SSLEngine on**
** SSLCertificateFile "/path/to/www.example.com.cert"**
** SSLCertificate**KeyFile "/path/to/www.example.com.key"

Can I get to these from the .pem files? Perhaps these pem files simply can not work with apache/windows, which would be why I cannot find any working examples? I sure would like to get bthis sotred out :frowning:

Hi @feMick

your quotation is incomplete.

This document is intended to get you started, and get a few things working. You are strongly encouraged to read the rest of the SSL documentation, and arrive at a deeper understanding of the material, before progressing to the advanced techniques.

Please read

https://httpd.apache.org/docs/2.4/ssl/

There is your answer.

And those are also commonly PEM files with just a different extension.

I think I chose the .pem names when first writing Certbot's storage routines. The Apache default before that was .crt for what Certbot called cert.pem (and fullchain.pem which contains multiple certificates), and .key for what Certbot called privkey.pem.

I find .pem intuitive here because all of these files are in PEM format, but they do contain different kinds of objects (certificate objects in one case, and private key objects in the other case). I'm not sure that my choice (if I'm right to remember that it was mine) was ideal, mostly just because of the amount of existing documentation out there that uses .crt and .key. :thinking:

As @Osiris said, these files are the files you're looking for and are just named according to a different convention.

It is too late for me now as I got very discouraged by the amount of frustrating looking around I did and by the first two responses here, and went to my second choice of provider. However for future use, does that mean that I can simply rename the pem files to the other extensions? Like, are they really the same content and format with the different extension? I am surprised that I appear to be the first to run across this anomaly. Perhaps there are not many using apache on windows and using your service here.

Yes, they are really the same content and format with the different extension.

If you use certbot --apache instead of certbot certonly --standalone, Certbot will attempt to install the new certificates for you. (I'm not 100% sure whether this works properly on Windows yet, but if it doesn't, it should in the future.) In this case, Certbot will create a new virtual host configuration based on your existing HTTP virtual host configuration, and the Certbot-created configuration will point directly to the Certbot-created PEM files.

Howcome? As far as I can tell, those posts contain the answer to your issue.

https://httpd.apache.org/docs/2.4/ssl/ssl_intro.html

Example of a PEM-encoded certificate (snakeoil.crt)

That line answers all of your questions.

The file extension is always unrelevant.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.