VPS xampp apache Certificate Issue


#1

I dont know how to ask this properly so please excuse me.
I need to renew my certificate on the apache.
I have a vps with windows server using xampp apache.
I used letsencrypt win simple method.
I got no error everything went ok .

[INFO] Renewing certificate for www.globaldoom.net
[INFO] Authorize identifier: www.globaldoom.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate www.globaldoom.net 2019/1/16 11:43:00 AM
[INFO] Saving certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate www.globaldoom.net 2019/1/16 11:43:00 AM to store My
[INFO] Uninstalling certificate from the certificate store
[INFO] Removing certificate www.globaldoom.net 2019/1/16 10:12:15 AM from store My
[INFO] Renewal for www.globaldoom.net succeeded
[INFO] Next renewal scheduled at 2019/3/12 9:43:04 AM

It said that certificate was renewed for another 3 months.
I restarted apache but no luck.
The problem is that the xampp/apache/conf/ssl.crt/server.crt is still expired. It did not changed to a new license.
Do i have to generate the certificate somehow manualy and put it there?

I just dont know what to do anymore , totaly lost here.

My domain is:www.globaldoom.net

Thank You.


#2

You’ll probably want to change your Apache configuration to use the private key and certificate from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org , instead of the ones from xampp/apache/conf/ssl.crt.

This will involve changing the part of the Apache configuration that says SSLCertificateFile and SSLCertificateKeyFile.

That way, when letsencrypt-win-simple renews the certificate, you don’t need to do anything except restart Apache.

Edit: there’s a tutorial how to do this on the win-acme wiki: https://github.com/PKISharp/win-acme/wiki/Apache-2.4-Basic-usage#and-finally-step-6


#3

Define CERTROOT “C:/Users/Administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org”
Define SITEROOT “C:/xampp/htdocs/globaldoom.net”

<VirtualHost *:443>
ServerAdmin mail@gmail.com
DocumentRoot “${SITEROOT}”
ServerName globaldoom.net
ServerAlias globaldoom.net
ErrorLog “logs/globaldoom.net.com-error.log”
CustomLog “logs/globaldoom.net.com-access.log” common

SSLEngine on
SSLCertificateFile "${CERTROOT}/www.globaldoom.net-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/www.globaldoom.net-key.pem"

<VirtualHost *:443>
ServerAdmin mail@gmail.com
DocumentRoot “${SITEROOT}”
ServerName www.globaldoom.net
ServerAlias www.globaldoom.net
ErrorLog “logs/www.globaldoom.net.com-error.log”
CustomLog “logs/www.globaldoom.net.com-access.log” common

SSLEngine on
SSLCertificateFile "${CERTROOT}/www.globaldoom.net-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/www.globaldoom.net-key.pem"

<VirtualHost *:443>
ServerAdmin mailt@gmail.com
DocumentRoot “${SITEROOT}”
ServerName mu.globaldoom.net
ErrorLog “logs/mu.globaldoom.net.com-error.log”
CustomLog “logs/mu.globaldoom.net.com-access.log” common

SSLEngine on
SSLCertificateFile "${CERTROOT}/www.globaldoom.net-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/www.globaldoom.net-key.pem"

I modified, restart apache but its not working , the certificate is showing INVALID , the dates are good tho.
Any ideea what i’ve dont wrong ?
I disabled https for now people cant access the site.


#4

In fact, you configured everything correctly.

The problem you face now is that your certificate is only valid for www.globaldoom.net, not for mu.globaldoom.net.

What you probably want to do next, is to issue a certificate that is valid for both domains, and then configure Apache to use that one.

You can review the win-acme docs for how to do this. For example, it might be:

--manualhost www.globaldoom.net,mu.globaldoom.net

(depending how you issued the certificate initially)

Alternatively you can create a separate certificate for mu.globaldoom.net, and then change your Apache configuration only for that one domain.


#5

Hm i try to create a new certificate , also renew all , but i get this error

[INFO] Renewing certificate for www.globaldoom.net
[INFO] Authorize identifier: www.globaldoom.net
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: www.mu.globaldoom.net
[EROR] Unable to activate HttpListener, this may be due to non-Microsoft webserver using port 80
[EROR] Error resolving validation plugin

Totaly lost here :frowning:


#6

You’ll have to forgive me, I’ve never used win-acme and don’t have Windows, but I believe what you probably want is something like:

letsencrypt.exe --plugin manual --manualhost mu.globaldoom.net,www.globaldoom.net,globaldoom.net --webroot "C:/xampp/htdocs/globaldoom.net"

and then update Apache with the new certificate.


#7

Thank for helping :).

I tried your code and i get this . There is nothing in .well-known.

[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [3 bindings - mu.globaldoom.net, …]
[INFO] Authorize identifier: mu.globaldoom.net
[INFO] Authorizing mu.globaldoom.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://mu.globaldoom.net/.well-known/acme-challenge/KRz3TQ1OUUyFFgI-U4gg_D3g4m6Qjgx7Qw2Sz_AcXa8
[EROR] Authorization result: invalid
[INFO] Authorize identifier: www.globaldoom.net
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: globaldoom.net
[INFO] Authorizing globaldoom.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://globaldoom.net/.well-known/acme-challenge/OG4JUHswbjPuQaWFILIZFs8M1HVuJQAoHER2nwhZCWk
[INFO] Authorization result: valid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:unauthorized
[EROR] [detail] Invalid response from http://mu.globaldoom.net/.well-known/acme-challenge/KRz3TQ1OUUyFFgI-U4gg_D3g4m6Qjgx7Qw2Sz_AcXa8: “\r\t\t\t\t<html lang=“en”>\r\t\t\t\t\r\t\t\t\tError\r\t\t\t\t<style type=“text/css”>\r\r\t\t\t\t::selection{ backgroun”
[EROR] [status] 403
[EROR] Create certificate failed


#8

It looks like your domains do not all have the same DocumentRoot. From your earlier Apache config you posted, I thought they did.

What directory does mu.globaldoom.net get served from?


#9

mu is a folder inside globaldoom.net , the sub domain.

xampp/htdocs/globaldoom.net/mu


#10

OK, I think this should work:

letsencrypt.exe --plugin manual --manualhost mu.globaldoom.net --webroot "C:/xampp/htdocs/globaldoom.net/mu"

and then also:

letsencrypt.exe --plugin manual --manualhost www.globaldoom.net,globaldoom.net --webroot "C:/xampp/htdocs/globaldoom.net"

You should end up with two certificates, one for mu, and one for www+non-www.

Once you have those, update your Apache config for each respective domain.


#11

Hmm , i think im missing the files from the .well-known/acme-challenge , this files here should be created automaticaly right ? Sorry im not pro .

c:\letsencrypt-win-simple>letsencrypt.exe --plugin manual --manualhost mu.globaldoom.net --webroot “C:/xampp/htdocs/globaldoom.net/mu”

[INFO] A Simple ACME Client for Windows (WACS)
[INFO] Software version 1912.2.6907.35819 (RELEASE)
[INFO] IIS not detected
[INFO] ACME server https://acme-v01.api.letsencrypt.org/
[INFO] Please report issues at https://github.com/PKISharp/win-acme

[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [1 binding - mu.globaldoom.net]
[INFO] Authorize identifier: mu.globaldoom.net
[INFO] Authorizing mu.globaldoom.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://mu.globaldoom.net/.well-known/acme-challenge/ZtQxnvN1ttL8u9XZvN6XRyWfh9VKSHJlO9HJg9PyE80
[EROR] Authorization result: invalid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:unauthorized
[EROR] [detail] Invalid response from http://mu.globaldoom.net/.well-known/acme-challenge/ZtQxnvN1ttL8u9XZvN6XRyWfh9VKSHJlO9HJg9PyE80: “\r\t\t\t\t<html lang=“en”>\r\t\t\t\t\r\t\t\t\tError\r\t\t\t\t<style type=“text/css”>\r\r\t\t\t\t::selection{ backgroun”
[EROR] [status] 403
[EROR] Create certificate failed


#12

The files are automatically created and deleted. So when you look, it’s normal that they’re not there.

It might help to manually create a /.well-known/acme-challenge/test.txt file, to confirm you can reach it in a browser.

This is also to confirm that your .htaccess is not interfering with it or anything.

Sometimes content management systems intercept requests when they shouldn’t, but there’s ways to work around that.


#13

This works http://globaldoom.net/.well-known/acme-challenge/text.txt ,but not this
http://mu.globaldoom.net/.well-known/acme-challenge/text.txt , maybe because the website code.

Still getting errors dunno what to do anymore.

What if i delete the certificate and the well known folders?
And try again fresh ?


#14

Do you have an .htaccess file in the mu directory?

If you add these two lines to the top of it, can you access that test file in the browser then?

RewriteEngine On
RewriteRule ^\.well-known - [L]

Won’t help. We’re making progress, just slowly :).


#15

Yes i have .htaccess , i added your line and it shows 404 error now :slight_smile: .

The ones below is for the game im runing .

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteRule ^.well-known - [L]

ServerSignature Off
RewriteRule ^(assets|forum|application|index.php|favicon.ico|sitemap.xml|setup|interface|launcherupdate)(|/) - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^news/(.*)/([0-9]+)\/? home/read-news/$1/2 [NC,L] RewriteRule ^character/(.*)/(.*)\/? info/character/$1/2 [NC,L] RewriteRule ^guild/(.*)/(.*)\/? info/guild/$1/2 [NC,L] RewriteRule ^vote-reward\/? account-panel/vote-reward [NC,L]
RewriteRule ^account-logs/? account-panel/logs [NC,L] RewriteRule ^settings\/? account-panel/settings [NC,L]
RewriteRule ^logout/? account-panel/logout [NC,L] RewriteRule ^reset-character\/? account-panel/reset [NC,L]
RewriteRule ^grand-reset-character/? account-panel/grand-reset [NC,L] RewriteRule ^add-stats\/? account-panel/add-stats [NC,L]
RewriteRule ^add-stats/(.)/?$ account-panel/add-stats/1 [NC,L] RewriteRule ^reset-stats\/? account-panel/reset-stats [NC,L]
RewriteRule ^hide-character-info/? account-panel/hide-info [NC,L] RewriteRule ^exchange-wcoins\/? account-panel/exchange-wcoins [NC,L]
RewriteRule ^warp-char/? account-panel/warp-char [NC,L] RewriteRule ^pk-clear\/? account-panel/pk-clear [NC,L]
RewriteRule ^clear-inventory/? account-panel/clear-inventory [NC,L] RewriteRule ^zen-wallet\/? account-panel/zen-wallet [NC,L]
RewriteRule ^clear-skilltree/? account-panel/clear-skilltree [NC,L] RewriteRule ^logs\/? account-panel/logs [NC,L]
RewriteRule ^(.
) index.php?action=$1 [QSA,L]

<FilesMatch “(?:.xml|.json|.dmn|license.txt)$”>
Order allow,deny
Deny from all


#16

Did you delete the mu/.well-known/acme-challenge/test.txt file? If so, could you re-create it?


#17

from what i see the folder .wellknown its not inside the mu folder.
Its inside globaldoom.net , where mu folder also is.

And that htaccess from the image only has this , i disabled https.
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


#18

Right, but could you please copy the .well-known folder into the mu/ directory for me?

Edit: it works!

So, I believe you should be able to go run those two commands from earlier again.

However, if you run into rate limit (there is a failed attempts limit of 5 tries per hour), you may need to wait upto an hour to try again.

It’s late here and I gotta scoot, but hopefully you’re like 99% of the way there.


#19

Ok done , now its working http://mu.globaldoom.net/.well-known/acme-challenge/text.txt

Ok thank you , hope i can make it .


#21