Sll certificate strange problem in windows 10

webprofusion · September 6, 2023, 3:14am

There are two problems:

you are actually using the Apache web server, but you are incorrectly trying to follow instructions for IIS - certbot is fine for what you need (Apache). but you need to configure Apache to use your certificate files.
port 443 is not open, so https will never work until you fix that.

My original answer still applies:Sll certificate strange problem in windows 10 - #2 by webprofusion

[Edit: if you try to use other tools like win-acme and Certify The Web they can be configured to get a certificate for you, but you already have that. The errors you are seeing with win-acme is because Apache is using port 80, so just stick with Certbot.]

pasturryx · September 6, 2023, 4:17am

I have opened port 443 yes im using apache/xampp

i tried with wacs.exe and it says that changes were made succefully

3: No (additional) installation steps

Which installation step should run first?: 3

Plugin Manual generated source forgottennot.online with 1 identifiers
Plugin Single created 1 order
Cached order has status invalid, discarding
Validation plugin SelfHosting is not available. Run as administrator to allow opening a HTTP listener.
[forgottennot.online] Authorizing...
[forgottennot.online] Authorizing using http-01 validation (FileSystem)
Answer should now be browsable at http://forgottennot.online/.well-known/acme-challenge/F4yWoC4blbwKC60Tw2Zz4Ah3CYxH8VW2AB7JKGWhwOU
Preliminary validation looks good, but the ACME server will be more thorough
[forgottennot.online] Authorization result: valid
Downloading certificate [Manual] forgottennot.online
Store with CentralSsl...
Copying certificate to the CentralSsl store
Saving certificate to CentralSsl location C:\xampp\htdocs\forgottennot.online.pfx
Adding Task Scheduler entry with the following settings

Name win-acme renew (acme-v02.api.letsencrypt.org)
Path C:\Users\felip\Downloads\plugableacme
Command wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/"
Start at 09:00:00
Random delay 04:00:00
Time limit 02:00:00
Unable to register scheduled task, please run as administrator or equivalent
Adding renewal for [Manual] forgottennot.online
Next renewal due after 2023/10/31
Certificate [Manual] forgottennot.online created

need to install them yet, right? how to?
http://forgottennot.online/ << working

https://forgottennot.online/ <<< not working

pasturryx · September 6, 2023, 4:57am

have enabled iiss following this https://www.youtube.com/watch?v=A0RUq9qw_-4

webprofusion · September 6, 2023, 5:13am

Do you know what Apache is? You've mentioned IIS again but your command shows XAMP.

Please write a sentence on what you think Apache and IIS are to clarify your understanding, that will help us see if you are following what we are saying.

Which web server are you intending to use? The volunteers here can help with any of them, but you need to pick one and you appear to be currently using Apache. Apache needs its config to be updated to point to PEM files and cannot use a PFX file. SSL/TLS Strong Encryption: How-To - Apache HTTP Server Version 2.4

pasturryx · September 10, 2023, 1:48am

xampp in an apache right? i had to disable iss because i was causing conflict with my website. what else i can do?

pasturryx · September 10, 2023, 7:18am

Well
i have edited httpd-vhost.config
added this

<VirtualHost *:443> 
DocumentRoot C:\xampp\htdocs 
ServerName forgottennot.online 
SSLEngine on 
SSLCertificateFile "C:\Certbot\live\forgottennot.online-0001\fullchain.pem" 
SSLCertificateKeyFile "C:\Certbot\live\forgottennot.online-0001\privkey.pem"
</VirtualHost>

also allowed port 443 in my firewall and opened it in my modem
now i can't restart apache on xampp

rg305 · September 10, 2023, 1:17pm

That is usually a sign of something not going to plan.
What shows?:
certbot certificates

Also:

I get:

http://forgottennot.online/ <<< not working
https://forgottennot.online/ <<< not working

pasturryx · September 11, 2023, 1:46am

domain were off
tried this instead ## site.test

 <VirtualHost *:80>
     DocumentRoot "C:/xampp/htdocs"
     ServerName forgottennot.online
     ServerAlias *.forgottennot.online
 </VirtualHost>
 <VirtualHost *:443>
     DocumentRoot "C:/xampp/htdocs"
     ServerName forgottennot.online
     ServerAlias *.forgottennot.online
     SSLEngine on
     SSLCertificateFile "C:/xampp/apache/conf/fullchain.pem"
     SSLCertificateKeyFile "C:/xampp/apache/conf/privkey.pem"
 </VirtualHost>

not working either installed things with wacs win acme client

rg305 · September 11, 2023, 1:21pm

Ok both are now accesible.
But the cert is mismatched [localhost]:
SSL Server Test: forgottennot.online (Powered by Qualys SSL Labs)

pasturryx · September 11, 2023, 5:28pm

what does that means? i have tried everything again i have problem when i try to add these kind of codes to the apache

DocumentRoot "${SRVROOT}/htdocs"
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "${SRVROOT}/htdocs">
Options Indexes Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted
</Directory>
</virtualhost>

<VirtualHost *:443> 
DocumentRoot C:/xampp/htdocs 
ServerName forgottennot.online 
SSLEngine on 
SSLCertificateFile "C:/Certbot/live/forgottennot.online-0001/fullchain.pem" 
SSLCertificateKeyFile "C:/Certbot/live/forgottennot.online-0001/privkey.pem"
</VirtualHost>

Listen 443
<VirtualHost *:443>
    DocumentRoot "C:/xampp/htdocs"
    ServerName forgottennot.online
    ServerAlias forgottennot.online
    SSLEngine on
    SSLCertificateFile "C:/Certbot/live/forgottennot.online-0001/fullchain.pem"
    SSLCertificateKeyFile "C:/Certbot/live/forgottennot.online-0001/privkey.pem"
</VirtualHost>

site.test

 <VirtualHost *:80>
     DocumentRoot "C:/xampp/htdocs"
     ServerName forgottennot.online
     ServerAlias *.forgottennot.online
 </VirtualHost>
 <VirtualHost *:443>
     DocumentRoot "C:/xampp/htdocs"
     ServerName forgottennot.online
     ServerAlias *.forgottennot.online
     SSLEngine on
     SSLCertificateFile "C:/xampp/apache/conf/fullchain.pem"
     SSLCertificateKeyFile "C:/xampp/apache/conf/privkey.pem"
 </VirtualHost>

site.test

 <VirtualHost *:80>
     DocumentRoot "C:/xampp/htdocs"
     ServerName forgottennot.online
     ServerAlias *.forgottennot.online
 </VirtualHost>
 <VirtualHost *:443>
     DocumentRoot "C:/xampp/htdocs"
     ServerName forgottennot.online
     ServerAlias *.forgottennot.online
     SSLEngine on
     SSLCertificateFile "C:/xampp/apache/conf/fullchain.pem"
     SSLCertificateKeyFile "C:/xampp/apache/conf/privkey.pem"
 </VirtualHost>

it won't restart. have found this too

but there says something about On the non-SSL virtual host: and On the SSL virtual host:

but doesn't say nothing about the file locations whichi ones? httpd.conf is non virtual and httpd-ssl.conf the virtual one?

thank for all the help

system · October 11, 2023, 5:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.