# XAMPP - Let's Encrypt SSL Installation {% hint style="warning" %} If you currently run Apache (or the other distributions such as XAMPP and Wamp Server) on Windows which is hosted as a virtual machine in some cloud based server, then this guide is for you. {% endhint %} ## Prerequisites * **XAMPP installed** on your Windows Server. * A **registered domain** pointing to your server's IP address (via DNS A record). * Port **80 (HTTP)** and **443 (HTTPS)** open in firewall. ## Step-by-Step Guide ### Download win-acme * Go to [https://www.win-acme.com/](https://www.win-acme.com/) * Download the latest version (x64 recommended). * Extract it to a folder, e.g., `C:\win-acme\` {% hint style="warning" %} Before we go on, Create a new folder called “apache-certs” on your C-drive. \ You need to make sure your webroot is allowing `.well-known/acme-challenge/` to be publicly accessible.\ If this folder is not available under the website directory then you need to create it and then win-acme will automatically create the required txt files for verification. {% endhint %} ### Generate the SSL Certificate * Open **Command Prompt as Administrator**. * Navigate to the win-acme folder: 1. “M” - Create new certificate 2. “1” - Manually input host names 3. “Enter your domain name here” 4. “Enter” - Just click enter to confirm again 5. “5” - Save file on local or network path 6. “C:\xampp\htdocs” - Your site root folder (C:\xampp\htdocs\\\) 7. “y” - Default config settings 8. “2” - Choosing CSR 9. “3”- Write .pem files 10. “C:\apache-certs” - The reason we created the folder. 11. “3” - No extra steps 12. “1” - No extra steps 13. “Enter e-mail” - Enter your email adres 14. “Y” - Opens some docs 15. “Y” - Ofcourse we agree {% hint style="success" %} Your SSL Files should now be created and placed in your “C:\apache-certs” folder and you see something like this on your console: {% endhint %} {% hint style="danger" %} **The hard part is now over.** Now we need to configure Apache to be able to use the SSL-Files.\ Before we start this please make a new folder on your C:\ Drive named “Logs”. {% endhint %} ### **Configuring Apache** {% hint style="warning" %} To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in `Apache\conf\extra\httpd-vhosts.conf` file; you could also make these changes in the `\Apache24\conf\extra\httpd-ssl.conf` file as well instead if you so wish. {% endhint %} #### Updating C:\xampp\apache\conf\extra\httpd-ssl.conf {% hint style="success" %} Replace the certificate file paths with your actual file locations. {% endhint %} ``` ServerName urc.ac.in DocumentRoot "C:/xampp/htdocs/" SSLEngine on SSLCertificateFile "C:/ProgramData/win-acme/.../cert.pem" SSLCertificateKeyFile "C:/ProgramData/win-acme/.../privkey.pem" SSLCertificateChainFile "C:/ProgramData/win-acme/.../fullchain.pem" "> Options Indexes FollowSymLinks AllowOverride All Require all granted ``` {% hint style="warning" %} #### Step 4: Enable SSL in Apache Open `C:\xampp\apache\conf\httpd.conf` and make sure these lines are **uncommented**: ```apache LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-ssl.conf -> Not required, Disable if error occurs ``` {% endhint %} #### Configure C:\xampp\apache\conf\extra\httpd-vhosts.conf ``` ServerName urc.ac.in DocumentRoot "C:/xampp/htdocs/" SSLEngine on SSLCertificateFile "C:/ProgramData/win-acme/.../cert.pem" SSLCertificateKeyFile "C:/ProgramData/win-acme/.../privkey.pem" SSLCertificateChainFile "C:/ProgramData/win-acme/.../fullchain.pem" "> Options Indexes FollowSymLinks AllowOverride All Require all granted ``` {% hint style="warning" %} #### Enable Virtual Hosts in Apache In `httpd.conf` (main Apache config), make sure this line is **uncommented**: ```apache Include conf/extra/httpd-vhosts.conf Listen 0.0.0.0 443 Or Listen 443 ``` {% endhint %} ### Load the Required Apache Module Open this file: ``` C:\xampp\apache\conf\httpd.conf ``` Find this line (or similar): ```apache #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ``` **Uncomment it** by removing the `#`: ```apache LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ``` {% hint style="warning" %} #### Make Sure These Modules Are Enabled Too In `httpd.conf`, make sure these are also uncommented: ```apache LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/extra/httpd-vhosts.conf ``` {% endhint %} ### Force Redirect HTTP → HTTPS Add this to your `.htaccess` file in: ``` C:\xampp\htdocs\\.htaccess ``` ```apache RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ``` ## **Opening the Port in Windows Firewall Security.** Search for Windows Firewall Security for Windows and Open it. Click on Inbound Rule, and follow the below steps: * Click on New Rule from the right panel * Select Port, Hit Next * Click on TCP and Give Specific Port number as 443,80 * Allow all connection * Check on Domain, private and Public * Give the respective name and Click Finish * And then, repeat the same steps for Outbound Rules and Finish ## Troubleshooting Commands ``` Check Errors: C:\xampp\apache\logs\error.log netstat -an | findstr :443 You should now see something like: TCP 0.0.0.0:443 0.0.0.0:0 LISTENING ``` *** ## REFERENCES *