Renewing LE on Linux and transfering to Windows Server

I have two servers. One is running Linux and is serving the main www pages. The second server is serving the subdomains for that same domain, running Windows Server 2012.

Three months ago I created certificates with certbot including all domains and subdomains in linux terminal command. I then copied the 4 .pem files to the desktop of the Windows server and the admins did whatever is needed to make the certificates active for Apache24 on the Windows machine.

Now I renewed the certs with the same command. Certs are fine and up-to-date on the Linux machine. I again copied the 4 pem files to the Windows machine and found the 4 old pem files in c:/Apache24/conf/ssl/ and replaced them with the new ones, restarting Apache.

Visiting the Windows server subdomains, I get an out-of date certificate error in the browser.

Is there something else that needs to be done on the Windows machine to update the certificates? The admins are unavailable and I’m only familiar with Linux, so this is beyond my experience with servers. I read something about CA bundles, but I have no idea how to continue.

Hi @Fyod

it's more an apache- then a windows-problem, you don't use IIS.

Apache doesn't use the new certificates. So it looks that you used the wrong place.

If this is possible (no users): Use a wrong filename, so Apache shouldn't start. If Apache starts, this is the wrong place.

I placed the old pem files in c:/Apache24/conf/ssl/old/ then I placed the new ones where the old ones were (c:/Apache24/conf/ssl/).

Apache restarts. If I rename the 4 files, apache doesn’t restart.

I also got this help

If you did not also replace the private key and (CA) bundle files and make sure the paths in the configs were updated with the correct files.

But I have no idea where the bundle files are and how they’re replaced.

A configuration sample:

<IfModule mod_ssl.c>
    SSLEngine on
    SSLCompression off
    SSLCertificateKeyFile C:/Ablage/ssl.key/
    SSLCertificateFile C:/Ablage/ssl.crt/
    SSLCertificateChainFile C:/Ablage/ssl.crt/

So you need three files. But there are no pem files.

I found httpd-ssl.conf

<VirtualHost _default_:443>
SSLCertificateFile "c:/Apache24/conf/server.crt"
SSLCertificateKeyFile "c:/Apache24/conf/server.key"

This crt/key does not exist though. Do I have to create them?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.