SYSTEM ADMIN BOOK
  • Hardware/Physical Machines
    • Physical Networking
      • Patch Panel
    • Hardware Devices
    • PC Build
    • RAID Configs
  • System Configuration
    • Windows
      • OneDrive for Business, Map as Network Drive in Windows
      • PDF Printer
      • Reset Windows Password
    • Linux
    • Mac
      • Factory Reset Mac Mini
      • Install FortiClient VPN
      • Remove FortiClient VPN for Macs
      • Setting Microsoft Teams Notifications in MacOS
      • Download and Install Whatsapp
  • Windows Server
    • Troubleshooting
      • 100% Disk Usage Issue
      • Maximum Path Length Limitation
    • Basic Configurations
      • Change Hostname
      • Change Default RDP Port
      • Create a User
      • Add user to Administrator group
      • Add user to Remote Desktop Users group
      • Allow log on locally - security policy setting
      • Allow Multiple Remote Desktop Connections
      • Enable Insure Guest Authentication
      • Shrink Partition
      • Extend Partition
    • FTP Server
      • Install FTP Server (IIS)
      • Create User Group
      • Add FTP Site (IIS)
      • User Isolation
      • Allow Firewall
      • FTP Client (FileZilla)
      • FTP Server (FileZilla)
      • Configure Passive Mode in FileZilla Server
      • Configuring Windows Firewall for FileZilla Server
      • FileZilla: Password reset
      • Generate a New Self-Signed Certificate
    • Group Policy
      • Block Access to the Control Panel for All Users
      • Create a Logon Banner (Legal Notice)
      • Enable / Disable Copy-Paste Policy
      • Disable Shutdown, Restart Options
      • Disable Multiple Session for Single User
      • Disable Automatic Lock Screen in Windows Server
    • Services
      • NSSM - the Non-Sucking Service Manager
      • Node-windows Library
    • Task Scheduler
      • Automate Program Execution
      • Restart Windows Server Daily
    • Auditing and Diagnostincs
      • Enabling the System Event Audit Log
      • Audit RDP Port Change Event
      • Check the read/write speed of your hard drive
      • Clear temp file and .trc file
    • Event Viewer
      • Restart / Shutdown Event
  • Control Panels
    • Plesk
      • Set Hard Quota on disk space for subscription(s)
      • Changing MX, A, and CNAME Records
      • Host Node.js Application
      • Add FTP account
      • Remove FTP account
      • Download a folder using Plesk File Manager
      • Install WordPress on domain using WP Toolkit
      • Change the name of a Subscription system user
      • Exporting and Importing Database Dumps
    • OVI Panel
      • DNS Zone Editor
    • SolidCP
      • Add a MS SQL database in SolidCP
    • cPanel
  • Virtualization
    • Proxmox VE
      • Introduction
      • Download Proxmox ISO
      • Prepare Installation Media
      • Launch Proxmox Installer
      • Create a VM
  • Web Servers
    • IIS
      • Install IIS
      • Configure Default Site
      • Application Pool
      • Installing PHP
      • Deploy a PHP Application
      • Deploying a Laravel app on Windows using IIS
      • Update PHP Version in IIS
      • Host a Node.js /w Next.js Application
    • JBoss
  • VPNs and Proxy Servers
    • Reverse Proxy
      • IIS - Node.js Application
  • Database Servers
    • MS SQL
      • Download and Install
      • Install SSMS
      • Uninstall an Instance of SQL Server
      • Enable SA Account
      • Change SA Account Password
      • Enable Network Access to SQL Express
      • Create and configure a user in MSSQL
      • Clear SQL Server Cache
      • Setting Infinite Timeout in SQL Server Contexts
      • Take SQL Server Database Offline
      • Memory configuration
  • Web Dev Stacks
    • MERN (w/ Next)
      • Build and Run Node.js Project with Next.js
  • IT Ticketing Systems
    • Jira Ticketing System
  • Linux Servers
  • AWS Environment
  • Azure Environment
  • Backup and Security
    • SSL Certificates
      • Types of SSL Certificates
      • IIS 10: Create CSR and Install SSL Certificate
      • IIS 7: Generate CSR for Wildcard SSL
      • IIS: Generate CSR for Multi-Domain SSL
      • OpenSSL: Generate CSR
      • IIS 10: How to Install and Configure Your SSL Certificate on Windows Server
      • IIS: Export Pfx using MMC
      • IIS: Import Pfx using MMC
      • IIS: Export Pfx using IIS Manager
      • IIS: Import Pfx using IIS Manager
      • cPanel: Export PFX
      • Godaddy-CPanel: Generate a CSR
      • Godaddy-CPanel: Install SSL Certificate
      • cPanel: Generate CSR
      • cPanel: Install SSL Certificate
      • cPanel: Install Let's Encrypt SSL
      • Plesk: Generate CSR
      • Plesk: Let's Encrypt SSL Installation
      • Plesk: Installing the SSL certificate
      • Plesk: Export Public & Private Key
      • Win-ACME Let's Encrypt SSL
      • Certbot - Install SSL
      • Export Leaf, Root, and Intermediate Files
      • XAMPP - Let's Encrypt SSL Installation
      • JBoss Web Server: CSR Generation
      • JBoss: Install SSL Certificate
    • Backup
      • Database
        • MS SQL DB Backup
        • MS SQL Restore Backup
    • Microsoft Defender for Endpoint
      • Introduction & Licenses
    • Microsoft Intune - Endpoint Management
      • Product Introduction
      • Intune Policies for MacOS
      • Enroll your macOS device using the Company Portal app
    • Vulnerability Scanning
      • OpenVAS Quick Guide
      • Nessus Quick Guide
    • Acronis
      • Download and Install the Acronis Cyber Protection Agent
      • Performing a file-level backup
      • Creating a disk-level backup
      • Performing a file-level recovery
      • Enabling Active Protection and Vulnerability Assessment
  • Email and Office 365
    • Troubleshooting
      • Run a message trace in the Exchange admin center
      • Not receiving email
      • Office 365 Apps Activation Error
      • Gmail Issue: Clearing Cache and Cookies
      • Excel worksheet, right click insert not functioning
      • Microsoft 365 Apps activation error: “Your organization has disabled this device”
    • Hybrid Mail Setup
      • Set Up Connectors Between Microsoft 365 and SmarterMail
    • Email Authentication
      • Protocols
    • Mail Clients
      • Outlook
        • Maximum number of Exchange accounts in an Outlook profile
        • Enable automatic forwarding in new Outlook
        • Add Email Signature
        • Create Email Singature
        • Gmail Account Login in Outlook
        • Enable desktop notifications for Outlook on the Web (OWA) in Windows
      • Apple Mail
        • Add email accounts in Mail on Mac
        • Add Mail Signatures
      • Gmail
        • Mail Forwarding to Another Account
        • Set Up an Auto-Reply (Vacation Responder) in Gmail
    • Office 365
      • Intro & Subscriptions
      • How to Create a Trial Account
      • How to Access the Office 365 Admin Center
      • Creating a Tenant
      • Create Users
      • Add several users at the same time to Microsoft 365
      • Creating & Managing Roles
      • Add a Domain
      • Manage MFA
      • Let users reset their own passwords
      • Assign Global Admin Roles
      • Create APP Password
      • Change a user name and email address
      • Reset MFA for Microsoft 365 User
      • Configure email forwarding
      • Add email aliases to a user
      • Change Username or Email Address
      • Export Mailbox to PST From Office 365
      • Import PST to Exchange Online (Microsoft O365)
      • Enable archive mailboxes for Microsoft 365
      • Grant Export Permission in M365 Compliance Center
      • Generate Transfer Token
    • Google Workspace
      • Intro & Plans
      • Create your Google Workspace trial account
      • Review your DNS records
      • Adding Users
      • Create organizational units
      • Restrict access to a Google Workspace service
      • Edit user attributes
      • Manage user accounts
      • Suspend a User
      • Generate a Transfer Token
      • Reduce Licenses in Google Workspace
      • Auto-forward From Google Workspace Using Routing
      • Recovering administrator access to your account
    • MailEnable
    • SmarterMail
      • SmarterMail Installation
      • SmarterMail Server Setup
      • Installation and Configuration (Practical)
      • Enable / Disable Domain in SmarterMail
      • Enable / Disable MFA for User Accounts
      • Create an Administrator User in SmarterMail
    • Microsoft Teams
      • Guest Access vs. External Access
      • Adding Guests To Microsoft Teams Team
      • Teams Chat DIfferent Domain: Enable External Access
      • Setup Teams Time Zone and Work Hours
      • Add Contact Numbers in Profile Page
    • Microsoft Defender for Office 365
      • Remove blocked users from the Restricted entities page
    • Microsoft Purview
      • Create a Retention Policy for Archiving in M365
  • DevOps
  • Firewalls and Access Points
    • Windows Firewall
      • Allow Ports on Windows Firewall
    • Sophos Firewall
      • Set up a new firewall with Sophos Central
      • Enable Sophos Central management of Sophos Firewall
  • Networking
    • Troubleshooting
    • Cisco Router Config
    • Cisco Switch Config
      • Basic Data and Voice VLAN Setup Homelab
  • Migration
    • Drive Migration
      • Google Drive to One Drive
      • One Drive to One Drive [SharePoint Migration Tool]
      • Migrate Google files to Microsoft 365 for business
    • Mail Migration
      • Google Workspace to Office 365 (Manual Method)
      • Google Workspace to Office 365 (Automatic Method)
      • IMAP to Office 365
      • Migration Using PST File Method
      • Office 365 to Google Workspace Migration
      • G-Suite to G-Suite Migration
    • VM Migration
    • Website Migration
      • Migrating IIS Sites Using Web Deploy
      • Plesk to Plesk Migration
    • Database Migration
  • Monitoring
    • Prometheus
      • Monitoring Windows Servers Using Prometheus
    • Grafana
      • Visualize Data in Grafana
    • Loki
  • Data Center
    • HPE ProLiant ILO Configuration
  • Other Technologies
    • Some R&Ds
      • Active vs. Passive Mode in FTP
      • IIS Recycling and Virtual Memory Limit
      • IIS Application Pool
Powered by GitBook
On this page
  • Prerequisites
  • Step-by-Step Guide
  • Download win-acme
  • Generate the SSL Certificate
  • Configuring Apache
  • Load the Required Apache Module
  • Force Redirect HTTP → HTTPS
  • Opening the Port in Windows Firewall Security.
  • Troubleshooting Commands
  • REFERENCES

Was this helpful?

  1. Backup and Security
  2. SSL Certificates

XAMPP - Let's Encrypt SSL Installation

PreviousExport Leaf, Root, and Intermediate FilesNextJBoss Web Server: CSR Generation

Last updated 2 months ago

Was this helpful?

If you currently run Apache (or the other distributions such as XAMPP and Wamp Server) on Windows which is hosted as a virtual machine in some cloud based server, then this guide is for you.

Prerequisites

  • XAMPP installed on your Windows Server.

  • A registered domain pointing to your server's IP address (via DNS A record).

  • Port 80 (HTTP) and 443 (HTTPS) open in firewall.

Step-by-Step Guide

Download win-acme

  • Go to

  • Download the latest version (x64 recommended).

  • Extract it to a folder, e.g., C:\win-acme\

Before we go on, Create a new folder called “apache-certs” on your C-drive.

You need to make sure your webroot is allowing .well-known/acme-challenge/ to be publicly accessible. If this folder is not available under the website directory then you need to create it and then win-acme will automatically create the required txt files for verification.

Generate the SSL Certificate

  • Open Command Prompt as Administrator.

  • Navigate to the win-acme folder:

  1. “M” - Create new certificate

  2. “1” - Manually input host names

  3. “Enter your domain name here”

  4. “Enter” - Just click enter to confirm again

  5. “5” - Save file on local or network path

  6. “C:\xampp\htdocs” - Your site root folder (C:\xampp\htdocs\<domain name>)

  7. “y” - Default config settings

  8. “2” - Choosing CSR

  9. “3”- Write .pem files

  10. “C:\apache-certs” - The reason we created the folder.

  11. “3” - No extra steps

  12. “1” - No extra steps

  13. “Enter e-mail” - Enter your email adres

  14. “Y” - Opens some docs

  15. “Y” - Ofcourse we agree

Your SSL Files should now be created and placed in your “C:\apache-certs” folder and you see something like this on your console:

The hard part is now over.

Now we need to configure Apache to be able to use the SSL-Files. Before we start this please make a new folder on your C:\ Drive named “Logs”.

Configuring Apache

To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in Apache\conf\extra\httpd-vhosts.conf file; you could also make these changes in the \Apache24\conf\extra\httpd-ssl.conf file as well instead if you so wish.

Updating C:\xampp\apache\conf\extra\httpd-ssl.conf

Replace the certificate file paths with your actual file locations.

<VirtualHost *:443>
    ServerName urc.ac.in
    DocumentRoot "C:/xampp/htdocs/<domain name>"

    SSLEngine on
    SSLCertificateFile "C:/ProgramData/win-acme/.../cert.pem"
    SSLCertificateKeyFile "C:/ProgramData/win-acme/.../privkey.pem"
    SSLCertificateChainFile "C:/ProgramData/win-acme/.../fullchain.pem"

    <Directory "C:/xampp/htdocs/<domain name>">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Step 4: Enable SSL in Apache

Open C:\xampp\apache\conf\httpd.conf and make sure these lines are uncommented:

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf -> Not required, Disable if error occurs

Configure C:\xampp\apache\conf\extra\httpd-vhosts.conf

<VirtualHost *:443>
    ServerName urc.ac.in
    DocumentRoot "C:/xampp/htdocs/<domain name>"

    SSLEngine on
    SSLCertificateFile "C:/ProgramData/win-acme/.../cert.pem"
    SSLCertificateKeyFile "C:/ProgramData/win-acme/.../privkey.pem"
    SSLCertificateChainFile "C:/ProgramData/win-acme/.../fullchain.pem"

    <Directory "C:/xampp/htdocs/<domain name>">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Enable Virtual Hosts in Apache

In httpd.conf (main Apache config), make sure this line is uncommented:

Include conf/extra/httpd-vhosts.conf

Listen 0.0.0.0 443
Or
Listen <Public IP> 443

Load the Required Apache Module

Open this file:

C:\xampp\apache\conf\httpd.conf

Find this line (or similar):

#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Uncomment it by removing the #:

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Make Sure These Modules Are Enabled Too

In httpd.conf, make sure these are also uncommented:

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-vhosts.conf

Force Redirect HTTP → HTTPS

Add this to your .htaccess file in:

C:\xampp\htdocs\<domain>\.htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Opening the Port in Windows Firewall Security.

Search for Windows Firewall Security for Windows and Open it.

Click on Inbound Rule, and follow the below steps:

  • Click on New Rule from the right panel

  • Select Port, Hit Next

  • Click on TCP and Give Specific Port number as 443,80

  • Allow all connection

  • Check on Domain, private and Public

  • Give the respective name and Click Finish

  • And then, repeat the same steps for Outbound Rules and Finish

Troubleshooting Commands

Check Errors: C:\xampp\apache\logs\error.log

netstat -an | findstr :443

You should now see something like:
TCP    0.0.0.0:443   0.0.0.0:0   LISTENING

REFERENCES

https://www.win-acme.com/
https://community.letsencrypt.org/t/setting-up-ssl-on-xampp/97512/8