SSL without IIS


#1

SSL without SSI
Tell me please, I have a WIN server 2012, and I do not use IIS, I just have APACH on the server and on my websites.
The question is, can I use SSL without IIS and how can I do it?
Sorry for my English :slight_smile:


#2

Hi @Papa_Rimskiy

I don’t know, if there is an explicit client which supports Apache under Windows 2012.

But check the list of Windows clients:

Windows / IIS

Clients with a GUI may be one option.


#3

Thank you very much, how to check I’ll write


#4

We have been able to help people on the forum in a lot of languages, either by using machine translation or by finding people who speak different languages. Feel free to try asking your question in a different language!


#5

Yes; I have used Apache (and NGINX) on Windows (2008, 2012, 2016) with LE certs.

  1. Be sure IIS is not running or at least IIS is not using ports 80 nor 443.
  2. Configure Apache to handle the /.well-known/acme-challenge/ requests properly.
    (I use a global alias to affect all vhost configs at once.)
  3. Use a Windows client to obtain LE cert.
    (I use “LE64.exe” - see the GitHub REPO - Win2K12 can use the 64 bit version)
  4. Use a scheduled task to automate the renewal process and restart Apache.
    (I run it twice a week.)

#6

Yes, thank you very much with your advice, I managed to make a certificate.
But why doesn’t it work for me, what else have I done wrong?
I enabled httpd.conf in the config “LoadModule ssl_module modules / mod_ssl.so”
and made an entry in httpd-vhosts.conf
"<VirtualHost *: 443>
DocumentRoot “C: /apache/mydomain.com/www”
ServerName mydomain.com
ServerAlias www.mydomain.com
ErrorLog “C: /apache/mydomain.com/error.log”
CustomLog “C: /apache/mydomain.com/access.log” common
SSLEngine on
SSLCertificateFile “C: /Apache/conf/mydomain.crt”
SSLCertificateKeyFile “C: /Apache/conf/mydomain.key”
SSLCipherSuite HIGH:! ANULL:! MD5
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
</ VirtualHost> "


#7

What doesn’t work? Are there error logs?


#8

Is there a space between the colon and the 443 in your config?


#9

error like only one “[ssl: warn] [pid 8760: tid 548] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]”
And so the Apache normally seems to be loading.
Here is what he writes on the test “https://www.gogetssl.com/check-ssl-installation/
(http://prntscr.com/luj60u screenshot)


#10

Please share your domain name.


#11

#12

There is a self signed expired certificate.

|CN=WIN-48CV3L5K98M |06.01.2018|08.07.2018expired| | — | — |

Looks like your vHost doesn’t work, so the wrong content (empty - status 404, not found) and the wrong certificate is used.

A standard self signed certificate.

So check your Apache configuration files to find this certificate.


#13

Please tell me where to look, where to dig?


#14

Have you looked into this?:


#15

but I watched the space where there is no


#16

Please show your apache config files.


#17

http://ipbonline.ru/hlam/httpd.conf
http://ipbonline.ru/hlam/httpd-vhosts.conf


#18

I don’t find
listen 443
anywhere in those files.
Add it below
listen 80

Are you sure that port 443 goes to this system?
Who is “WIN-48CV3L5K98M”?
Please show output of:
curl ifconfig.me


#19

I’ve also already begun to doubt where it is driving me to port 443, when adding “listen 443” to the config, my apache displays an error


#20

PS C:\Users\Администратор> wget ifconfig.me

StatusCode : 200
StatusDescription : OK
Content : 94.228.200.250
RawContent : HTTP/1.1 200 OK
x-cloud-trace-context: 20136985fc31e78be8f6885f20e5ae58/11591893127808886881;o=0
Access-Control-Allow-Origin: *
Content-Length: 14
Content-Type: text/plain; charset=utf-8
Date: Th…
Forms : {}
Headers : {[x-cloud-trace-context, 20136985fc31e78be8f6885f20e5ae58/11591893127808886881;o=0], [Access-Contro
l-Allow-Origin, *], [Content-Length, 14], [Content-Type, text/plain; charset=utf-8]…}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 14