Setting up SSL on Xampp

Since this forum doesn’t cover anything from Xampp I will write how I managed to get it to work.
I used these websites as basis: https://www.docketrun.com/blog/how-to-setup-lets-encrypt-for-apache-on-xamp-wamp-in-windows-vm/ and https://github.com/PKISharp/win-acme/wiki.
However, both of them are a bit outdated.

So how do we setup a SSL for Xampp?
If you currently run Apache (or the other distributions such as XAMPP and Wamp Server) on Windows which is hosted as a virtual machine in some cloud based server, then this guide is for you.

(1) Download the win-acme from github

We will use a third party tool called win-acme from github link given, which runs specifically for Windows platform.

Download the latest version from the win-acme from release page here : [ **https://github.com/PKISharp/win-acme/releases)

Go ahead and download the zip file and extract the details in your C:\ Folder using “Extract as win-acme” which will look once extracted like this “C:\win-acme\” .

At this point of writing the latest version is v2.8.356.

Before we go on, Create a new folder called “apache-certs” on your C-drive.

Now open the folder and run wacs.exe.
A cmd screen will open with some options.
Choose the following options:

  1. “M” - Create new certificate
  2. “1” - Manually input host names
  3. “Enter your domain name here”
  4. “Enter” - Just click enter to confirm again
  5. “5” - Save file on local or network path
  6. “C:\xampp\htdocs” - Your site root folder
  7. “y” - Default config settings
  8. “2” - Choosing CSR
  9. “3”- Write .pem files
  10. “c:\apache-certs” - The reason we created the folder.
  11. “3” - No extra steps
  12. “1” - No extra steps
  13. “Enter e-mail” - Enter your email adres
  14. “Y” - Opens some docs
  15. “Y” - Ofcourse we agree
    Your SSL Files should now be created and placed in your “C:\apache-certs” folder and you see something like this on your console:

[INFO] Windows Acme Simple (WACS)
[INFO] Software version 198.4.6605.15190 (RELEASE)
[INFO] IIS not detected
[INFO] ACME Server https://acme-v02.api.letsencrypt.org
[INFO] Please report issues at https://github.com/PKISharp/win-acme

[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [1 binding - www.domainname.com]
[INFO] Authorize identifier: www.domainname.com
[INFO] Authorizing www.domainname.com using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://www.domainname.com/.well-known/acme-challenge/6u6NbnLxhDMbj6u1yjMg35AOvxNe1WQl7DP8-QCps_w
[INFO] Authorization result: valid
[INFO] Requesting certificate www.domainname.com 2018/2/12 5:25:05 PM
[INFO] Saving certificate to C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate www.domainname.com 2018/2/12 5:25:05 PM to store My
[INFO] Adding Task Scheduler entry with the following settings
[INFO] - win-acme renew (acme-v02.api.letsencrypt.org)
[INFO] - Path C:\Program Files (x86)\win-acme
[INFO] - Command wacs.exe --renew --baseuri “https://acme-v02.api.letsencrypt.org/
[INFO] - Start at 09:00:00
[INFO] - Time limit 02:00:00
[INFO] Adding renewal for www.domainname.com
[INFO] Next renewal scheduled at 2018/4/8 9:25:10 AM

The hard part is now over.

Now we need to configure Apache to be able to use the SSL-Files.
Before we start this please make a new folder on your C:\ Drive named “Logs”.

(2) Configuring Apache

To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in Apache\conf\extra\httpd-vhosts.conf file; you could also make these changes in the \Apache24\conf\extra\httpd-ssl.conf file as well instead if you so wish but I will only be covering “httpd-vhosts.conf”:

Define CERTROOT “C:\apache-certs”
Define SITEROOT “C:\xampp\htdocs”
Define LOGROOT “C:\Logs”

<VirtualHost *:80>
DocumentRoot “{SITEROOT}" ServerAdmin "Enter email here" ServerName "Enter domain here (your website" ErrorLog "{LOGROOT}\error.log”
CustomLog “{LOGROOT}\access.log" common SSLCertificateFile "{CERTROOT}“FileName”-chain.pem”
SSLCertificateKeyFile “${CERTROOT}\FileName-key.pem”

<VirtualHost *:443>
DocumentRoot “{SITEROOT}" ServerAdmin "Enter Email here" ServerName "Enter Domain here" ErrorLog "{LOGROOT}\error.log”
CustomLog “{LOGROOT}\access.log" common SSLEngine on SSLCertificateFile "{CERTROOT}“Domain”-chain.pem”
SSLCertificateKeyFile “${CERTROOT}“Domain”-key.pem”

At SSLCertificateFile and SSLCertificateKeyFile you need to change the names to the SSL Files you recieved from previous step.

Now your website should have the “Green Lock”.
Please note that it might take some time for the changes to be visible because of your browser-cache.

If the above steps still don’t give the Green Lock status then there is one more step left:

(3) Opening the Port in Windows Firewall Security.

Search for Windows Firewall Security for Windows and Open it.

Click on Inbound Rule, and follow the below steps:

  • Click on New Rule from the right panel
  • Select Port, Hit Next
  • Click on TCP and Give Specific Port number as 443,80
  • Allow all connection
  • Check on Domain, private and Public
  • Give the respective name and Click Finish
  • And then, repeat the same steps for Outbound Rules and Finish