MySQL on Windows + Let's Encrypt

My domain is: mysql.projectredivivus.com for MySQL. It is not yet set to a certificate because of the below issues.

I ran this command: See below.

It produced this output: See below.

My web server is: IIS 10, however not applicable for the situation described.

The operating system my web server runs on is: Windows Server 2016 Standard (x64), with all available updates applied.

My hosting provider, if applicable, is: Self-hosting.

I can login to a root shell on my machine: Yes.

I’m using a control panel to manage my site: No.

The version of my client is: Latest Certbot beta for Windows, and latest win-acme v2 for Windows.

Explanation of situation: So I’m at a loss here. I’ve attempted to make the proper .pem files for my situation, however I’m running into nothing but obstacles, and a lack of documentation online that actually apply to me. I’m running a Windows server, and I’m attempting to set up MySQL with SSL, (which can later be connected to from PHPMyAdmin). My IIS installation, which is separate from this issue, is already running SSL fine, so I just want to secure the MySQL connections on their own. While doing this, I’m running into a number of unique problems that the *nix fixes documented online don’t apply to:

  1. I’m on Windows. The available options for outputting these files is stupidly limited. The only two clients I could find that would properly do this are causing problems. (See number 2 for this).

  2. Certbot is a beta for Windows, but is available, as is win-acme v2. They are the only ones I can find that can actually do what I want. Certbot errors every time I go through the process to make the certs. Just a spam of errors everywhere. Given that it is still in beta, I can understand why.

    Now when I use win-acme v2, it just closes. I get to the entry field where I add my output path for the .pem files. I hit enter after typing it in. Everything closes out. No error, no output files, no messages, nothing. It happens every single time. This application worked fine for me with IIS, so I’m not sure why this particular crash is being triggered when doing it separately.

    I searched online and couldn’t find solutions for either application. I didn’t even see them being reported by anyone else.

  3. I can’t find any other options for Windows that would output the proper .pem files that MySQL wants. The other Windows applications I’ve found through Let’s Encrypt and elsewhere are specific to IIS or other webservers, which I don’t want. My issue is specific to MySQL’s installation. (I just need the files!)

  4. I’ve read the topics repeatedly about MySQL self-signing certificates. I don’t want this. It causes numerous other problems and doesn’t help solve my issue. It also provides me little insight on setting this up properly. Before anyone asks, I’ve already tried it.

On a side note, I have literally spent several days, (some awake for more than one day at a time), trying to figure this out. I’m desperate and lost at this point. I’m in the process of moving to this system from an older one, which didn’t have SSL set up before for MySQL, so this is all new to me, and my time to get it done is limited. I’ve gotten to the point where searching for answers online is sending me back to every single link I’ve already seen, and nothing new is coming up. Any help here is seriously appreciated.

Hi @SugarD-x

I’m not firm with such a configuration.

But: If your mySql is only used internal: Create a self signed certificate with a long duration, 10 - 20 years, install it - and forget it.

My tool “check your website” uses an own written .NET-service (running on an internal server) to fetch data. There is the same - a self signed certificate with a long duration, an exception, so the calling .NET code accepts the self signed certificate - and the job is none. No renew is required.

The problem is that it isn’t just internal. I have some external connections that need to be done too. There’s also an issue with PHPMyAdmin refusing to accept a self-signed certificate. It produces numerous errors and blocks login.

From what I’m seeing online, this should be insanely simple with *nix setups. With Windows it appears to be next to impossible. If I could just generate the needed files, this would be fairly easy.

But what’s the problem? There are a lot of Windows clients. Create a wildcard or add an external vHost.

.pfx + OpenSsl -> create PEM-files.

Then change yours hosts file, so your webserver sees mysql.projectredivivus.com with the internal ip of your mySql server.

If your mySql and your IIS have the same ip, that’s not required.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.