Troubleshooting Creating a SSL on a Windows server using Xampp and Apache

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: yepezwedding2023.com

I ran this command:
certbot certonly --webroot -w "C:\xampp\htdocs\1\YepezWedding2023" -d yepezwedding2023.com

It produced this output:
Saving debug log to C:\Certbot\log\letsencrypt.log
Requesting a certificate for yepezwedding2023.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: yepezwedding2023.com
Type: unauthorized
Detail: 2607:f1c0:100f:f000::200: Invalid response from http://yepezwedding2023.com/.well-known/acme-challenge/UejqBixn2MpRCCQ2Lp4SeckD61WfZWt8bqx-_joug_s: 204

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
ApacheFriends XAMPP Version 8.2.4 - Apache 2.4.56

The operating system my web server runs on is (include version):
Windows Server 2022 Datacenter 21H2 OS Build: 20348.1906

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Xampp v3.3.0

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2023-09-06 04:16:56,789:DEBUG:certbot._internal.main:certbot version: 2.6.0
2023-09-06 04:16:56,789:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files\Certbot\bin\certbot.exe
2023-09-06 04:16:56,789:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2023-09-06 04:16:56,790:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-09-06 04:16:57,201:DEBUG:certbot._internal.log:Root logging level set at 30
2023-09-06 04:17:03,280:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2023-09-06 04:17:03,282:DEBUG:certbot._internal.plugins.selection:No candidate plugin

Additional info: the directory: .well-known/acme-challenge is not being created. Not sure what is preventing this.

Domain registered with ionos, hosting through AWS EC2.

I intend to host and have other domains and SSL certs on this server but unable to get this one operational.

Hi @richii69, and welcome to the LE community forum

Please show:
httpd -t -D DUMP_VHOSTS

Can you explain why Apache responds to your "home" page request but nginx responds to the ACME challenge request? Do you have some sort of application firewall or something handling the ACME challenge specifically?

"Home" page server Apache
curl -I6 http://yepezwedding2023.com/
HTTP/1.1 302 Found
Server: Apache
Location: http://13.59.188.206/1/yepezwedding2023/

ACME Challenge is nginx
curl -I6 http://yepezwedding2023.com/.well-known/acme-challenge/Test123
HTTP/1.1 204
Server: nginx
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0

The same responses occur with IPv4 but Let's Encrypt favors IPv6 when present

There are easier ways to host a website.

Open to suggestions... AWS is free for a year. Doing this for as low cost as possible. I am a bit familiar with Windows server. But building a site (and hosting) from scratch was something I wanted to try.

Not familiar with this where do I run that?

Use a Linux machine and just the parts you need. There's a reason you never see xampp online, it's a development tool.

You want Apache, install Apache. You want a database, you install whatever database you want, whatever interpreter, anything.

You want to use Windows, you should use IIS or other windows-y software. Using unix-y software on Windows can get messy fast.

Agree with 9peppe

Also note EC2 for Windows servers will be more expensive than Linux after your "free" period. Windows has a larger footprint and a small Linux EC2 uses less EBS storage

No idea. I have dabbled with building webpages but it has been many years. Also ran servers more recently with software.

New to doing them together and on my own but wanted to learn. I have been playing and learning along with Chat GPT when I need to find a solution which is where the suggestions I am trying to use came from. They are basically default installs. Will see about enabling ipv6.

As for the firewall. I had already tried turning off all the settings on the windows server same result, AWS settings seemed to suggest traffic should be allowed on port 80. Not sure if I am missing anything.

I have used linux a little in the past. Do you have a recommendation as to which flavor for an essential noob? to hosting his own server? Ubuntu, Red Hat, Suse?

Better to go with Ubuntu, not because it's better, but because most support you'll find online assumes you're running Ubuntu. Other distros are fine, tho.

In the directory that has Apache.

C:\xampp\apache\bin>httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 www.example.com (C:/xampp/apache/conf/extra/httpd-ssl.conf:121)

I am guessing I need to change this:

General setup for the virtual host
DocumentRoot "C:/xampp/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.