Setting up SSL on Xampp

Hello everyone reading this,

I’m currently running a beta-website with Xampp
The “server” i’m running it on is a low-grade desktop pc with Windows 7.
I’ve bought the domain from mijndomein.nl and was able to set-up the dns so it would interact with my “server”.
Now i’ve reached the point of setting up a SSL-certificate for my website but I’ve got no clue how to do this.
If searched through the forum and found some posts about SSL and Xampp but they don’t really give the information I need.

I’m not using any control-panels or shell-command, or atleast not that i’m aware of.

I’m searching for someone to tell me how to do it or some links with information so I can figure it out myself.

Thanks in advance,

Hi @oracleone

then start with the basics:

Next step: Select a client.

But I don’t know if there are a lot of Xampp-clients.

I’ve seen those links in other posts about Xampp but the problem is that I dont know which system I should select (talking about Certbot) since I’m not using Lunix but just plain Win7.
Therefor I have no way for implementing SSH.
Like I said, my website runs on a pc within my home and I just use the htdocs folder of Xampp for my files.
Also, neither of those links tell me how to set it up, they just explain what SSL is and the other is a list of clients which doesn’t really tell me anything, since I’m not an experienced webdeveloper.

I also got another question,
My website is currently just 1 index page and in the end will be like 4 html pages.
It’s not linked to a database and people cant log-in or make an account.
Basicly it’s just a small website with some information about a game-server I’m hosting.
Would I really need SSL for something as simple as that?

It’s simple. Win7 is old, very old. I have no idea if there are Win7 clients. So you have to check all Windows clients if one of these works with your setup.

Year 2000 - I would say: No.

Year 2019 - if it’s possible, yes, use SSL / https.

1 Like

@oracleone, perhaps you could consider hosting your web site somewhere other than your own PC. I don’t have any objection to self-hosted web sites (and many people on this forum operate them quite happily), but your specific software environment may make it more difficult to get and update Let’s Encrypt certificates on this site, especially as Windows 7 becomes more and more unsupported. If you can host elsewhere, you may have a greater range of software and support options, including many hosting options that have HTTPS support automatically provided without your having to do anything.

le32 has been tested on Win XP and higher versions of Windows (I have also had reports of having that running on Windows 2000, with WS2_32.dll patch), so you can give it a go - https://github.com/do-know/Crypt-LE/releases

I already figured it out on my own and got it to work.
Win-acme is what I needed.
I will place more details later today as I’m currently at work

2 Likes

Since this forum doesn’t cover anything from Xampp I will write how I managed to get it to work.
I used these websites as basis: https://www.docketrun.com/blog/how-to-setup-lets-encrypt-for-apache-on-xamp-wamp-in-windows-vm/ and https://github.com/PKISharp/win-acme/wiki.
However, both of them are a bit outdated.

So how do we setup a SSL for Xampp?
If you currently run Apache (or the other distributions such as XAMPP and Wamp Server) on Windows which is hosted as a virtual machine in some cloud based server, then this guide is for you.

(1) Download the win-acme from github

We will use a third party tool called win-acme from github link given, which runs specifically for Windows platform.

Download the latest version from the win-acme from release page here : [ **https://github.com/PKISharp/win-acme/releases)

Go ahead and download the zip file and extract the details in your C:\ Folder using “Extract as win-acme” which will look once extracted like this “C:\win-acme\” .

At this point of writing the latest version is v2.8.356.

Before we go on, Create a new folder called “apache-certs” on your C-drive.

Now open the folder and run wacs.exe.
A cmd screen will open with some options.
Choose the following options:

  1. “M” - Create new certificate
  2. “1” - Manually input host names
  3. “Enter your domain name here”
  4. “Enter” - Just click enter to confirm again
  5. “5” - Save file on local or network path
  6. “C:\xampp\htdocs” - Your site root folder
  7. “y” - Default config settings
  8. “2” - Choosing CSR
  9. “3”- Write .pem files
  10. “c:\apache-certs” - The reason we created the folder.
  11. “3” - No extra steps
  12. “1” - No extra steps
  13. “Enter e-mail” - Enter your email adres
  14. “Y” - Opens some docs
  15. “Y” - Ofcourse we agree
    Your SSL Files should now be created and placed in your “C:\apache-certs” folder and you see something like this on your console:

[INFO] Windows Acme Simple (WACS)
[INFO] Software version 198.4.6605.15190 (RELEASE)
[INFO] IIS not detected
[INFO] ACME Server https://acme-v02.api.letsencrypt.org
[INFO] Please report issues at https://github.com/PKISharp/win-acme

[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [1 binding - www.domainname.com]
[INFO] Authorize identifier: www.domainname.com
[INFO] Authorizing www.domainname.com using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://www.domainname.com/.well-known/acme-challenge/6u6NbnLxhDMbj6u1yjMg35AOvxNe1WQl7DP8-QCps_w
[INFO] Authorization result: valid
[INFO] Requesting certificate www.domainname.com 2018/2/12 5:25:05 PM
[INFO] Saving certificate to C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate www.domainname.com 2018/2/12 5:25:05 PM to store My
[INFO] Adding Task Scheduler entry with the following settings
[INFO] - win-acme renew (acme-v02.api.letsencrypt.org)
[INFO] - Path C:\Program Files (x86)\win-acme
[INFO] - Command wacs.exe --renew --baseuri “https://acme-v02.api.letsencrypt.org/
[INFO] - Start at 09:00:00
[INFO] - Time limit 02:00:00
[INFO] Adding renewal for www.domainname.com
[INFO] Next renewal scheduled at 2018/4/8 9:25:10 AM

The hard part is now over.

Now we need to configure Apache to be able to use the SSL-Files.
Before we start this please make a new folder on your C:\ Drive named “Logs”.

(2) Configuring Apache

To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in Apache\conf\extra\httpd-vhosts.conf file; you could also make these changes in the \Apache24\conf\extra\httpd-ssl.conf file as well instead if you so wish but I will only be covering “httpd-vhosts.conf”:

Define CERTROOT “C:\apache-certs”
Define SITEROOT “C:\xampp\htdocs”
Define LOGROOT “C:\Logs”

<VirtualHost *:80>
DocumentRoot “{SITEROOT}" ServerAdmin "Enter email here" ServerName "Enter domain here (your website" ErrorLog "{LOGROOT}\error.log”
CustomLog “{LOGROOT}\access.log" common SSLCertificateFile "{CERTROOT}“FileName”-chain.pem”
SSLCertificateKeyFile “${CERTROOT}\FileName-key.pem”

<VirtualHost *:443>
DocumentRoot “{SITEROOT}" ServerAdmin "Enter Email here" ServerName "Enter Domain here" ErrorLog "{LOGROOT}\error.log”
CustomLog “{LOGROOT}\access.log" common SSLEngine on SSLCertificateFile "{CERTROOT}“Domain”-chain.pem”
SSLCertificateKeyFile “${CERTROOT}“Domain”-key.pem”

At SSLCertificateFile and SSLCertificateKeyFile you need to change the names to the SSL Files you recieved from previous step.

Now your website should have the “Green Lock”.
Please note that it might take some time for the changes to be visible because of your browser-cache.

If the above steps still don’t give the Green Lock status then there is one more step left:

(3) Opening the Port in Windows Firewall Security.

Search for Windows Firewall Security for Windows and Open it.

Click on Inbound Rule, and follow the below steps:

  • Click on New Rule from the right panel
  • Select Port, Hit Next
  • Click on TCP and Give Specific Port number as 443,80
  • Allow all connection
  • Check on Domain, private and Public
  • Give the respective name and Click Finish
  • And then, repeat the same steps for Outbound Rules and Finish