SYSTEM ADMIN BOOK
  • Hardware/Physical Machines
    • Physical Networking
      • Patch Panel
    • Hardware Devices
    • PC Build
    • RAID Configs
  • System Configuration
    • Windows
      • OneDrive for Business, Map as Network Drive in Windows
      • PDF Printer
      • Reset Windows Password
    • Linux
    • Mac
      • Factory Reset Mac Mini
      • Install FortiClient VPN
      • Remove FortiClient VPN for Macs
      • Setting Microsoft Teams Notifications in MacOS
      • Download and Install Whatsapp
  • Windows Server
    • Basic Configurations
      • Change Hostname
      • Change Default RDP Port
      • Create a User
      • Add user to Administrator group
      • Add user to Remote Desktop Users group
      • Allow log on locally - security policy setting
      • Allow Multiple Remote Desktop Connections
      • Enable Insure Guest Authentication
      • Shrink Partition
      • Extend Partition
    • FTP Server
      • Install FTP Server (IIS)
      • Create User Group
      • Add FTP Site (IIS)
      • User Isolation
      • Allow Firewall
      • FTP Client (FileZilla)
      • FTP Server (FileZilla)
      • Configure Passive Mode in FileZilla Server
      • Configuring Windows Firewall for FileZilla Server
      • FileZilla: Password reset
      • Generate a New Self-Signed Certificate
    • Group Policy
      • Block Access to the Control Panel for All Users
      • Create a Logon Banner (Legal Notice)
      • Enable / Disable Copy-Paste Policy
      • Disable Shutdown, Restart Options
      • Disable Multiple Session for Single User
      • Disable Automatic Lock Screen in Windows Server
    • Services
      • NSSM - the Non-Sucking Service Manager
      • Node-windows Library
    • Task Scheduler
      • Automate Program Execution
  • Control Panels
    • Plesk
      • Set Hard Quota on disk space for subscription(s)
      • Changing MX, A, and CNAME Records
      • Host Node.js Application
      • Add FTP account
      • Remove FTP account
      • Download a folder using Plesk File Manager
    • SolidCP
    • cPanel
  • Virtualization
    • Proxmox VE
      • Introduction
      • Download Proxmox ISO
      • Prepare Installation Media
      • Launch Proxmox Installer
      • Create a VM
  • Web Servers
    • IIS
      • Install IIS
      • Configure Default Site
      • Application Pool
      • Installing PHP
      • Deploying a Laravel app on Windows using IIS
      • Update PHP Version in IIS
      • Host a Node.js /w Next.js Application
  • VPNs and Proxy Servers
    • Reverse Proxy
      • IIS - Node.js Application
  • Database Servers
    • MS SQL
      • Download and Install
      • Install SSMS
      • Enable SA Account
      • Change SA Account Password
      • Enable Network Access to SQL Express
      • Create and configure a user in MSSQL
      • Clear SQL Server Cache
  • Web Dev Stacks
    • MERN (w/ Next)
      • Build and Run Node.js Project with Next.js
  • IT Ticketing Systems
    • Jira Ticketing System
  • Linux Servers
  • AWS Environment
  • Azure Environment
  • Backup and Security
    • SSL Certificates
      • Types of SSL Certificates
      • IIS 10: Create CSR and Install SSL Certificate
      • IIS 7: Generate CSR for Wildcard SSL
      • IIS: Generate CSR for Multi-Domain SSL
      • OpenSSL: Generate CSR
      • IIS 10: How to Install and Configure Your SSL Certificate on Windows Server
      • IIS: Export Pfx using MMC
      • IIS: Import Pfx using MMC
      • IIS: Export Pfx using IIS Manager
      • IIS: Import Pfx using IIS Manager
      • cPanel: Export PFX
      • Godaddy-CPanel: Generate a CSR
      • Godaddy-CPanel: Install SSL Certificate
      • cPanel: Generate CSR
      • cPanel: Install SSL Certificate
      • cPanel: Install Let's Encrypt SSL
      • Plesk: Generate CSR
      • Plesk: Let's Encrypt SSL Installation
      • Plesk: Installing the SSL certificate
      • Plesk: Export Public & Private Key
      • Win-ACME Let's Encrypt SSL
      • Certbot - Install SSL
      • Export Leaf, Root, and Intermediate Files
      • XAMPP - Let's Encrypt SSL Installation
    • Backup
      • Database
        • MS SQL DB Backup
        • MS SQL Restore Backup
    • Microsoft Defender for Endpoint
      • Introduction & Licenses
  • Email and Office 365
    • Troubleshooting
      • Run a message trace in the Exchange admin center
      • Not receiving email
      • Office 365 Apps Activation Error
      • Gmail Issue: Clearing Cache and Cookies
    • Mail Clients
      • Outlook
        • Maximum number of Exchange accounts in an Outlook profile
        • Enable automatic forwarding in new Outlook
        • Add Email Signature
        • Create Email Singature
        • Gmail Account Login in Outlook
      • Apple Mail
        • Add email accounts in Mail on Mac
        • Add Mail Signatures
      • Gmail
        • Mail Forwarding to Another Account
    • Office 365
      • Intro & Subscriptions
      • How to Create a Trial Account
      • How to Access the Office 365 Admin Center
      • Creating a Tenant
      • Create Users
      • Add several users at the same time to Microsoft 365
      • Creating & Managing Roles
      • Add a Domain
      • Manage MFA
      • Let users reset their own passwords
      • Assign Global Admin Roles
      • Create APP Password
      • Change a user name and email address
      • Reset MFA for Microsoft 365 User
      • Configure email forwarding
      • Add email aliases to a user
      • Change Username or Email Address
      • Export Mailbox to PST From Office 365
      • Import PST to Exchange Online (Microsoft O365)
      • Enable archive mailboxes for Microsoft 365
      • Grant Export Permission in M365 Compliance Center
      • Generate Transfer Token
    • Google Workspace
      • Intro & Plans
      • Create your Google Workspace trial account
      • Review your DNS records
      • Adding Users
      • Create organizational units
      • Restrict access to a Google Workspace service
      • Edit user attributes
      • Manage user accounts
      • Suspend a User
      • Generate a Transfer Token
      • Reduce Licenses in Google Workspace
      • Auto-forward From Google Workspace Using Routing
      • Recovering administrator access to your account
    • MailEnable
    • SmarterMail
      • SmarterMail Installation
      • SmarterMail Server Setup
      • Installation and Configuration (Practical)
      • Enable / Disable Domain in SmarterMail
      • Enable / Disable MFA for User Accounts
    • Microsoft Teams
      • Guest Access vs. External Access
      • Adding Guests To Microsoft Teams Team
      • Teams Chat DIfferent Domain: Enable External Access
      • Setup Teams Time Zone and Work Hours
      • Add Contact Numbers in Profile Page
    • Microsoft Defender for Office 365
      • Remove blocked users from the Restricted entities page
  • DevOps
  • Firewalls and Access Points
    • Windows Firewall
      • Allow Ports on Windows Firewall
    • Sophos Firewall
      • Set up a new firewall with Sophos Central
      • Enable Sophos Central management of Sophos Firewall
  • Networking
    • Cisco Router Config
    • Cisco Switch Config
      • Basic Data and Voice VLAN Setup Homelab
  • Migration
    • Drive Migration
      • Google Drive to One Drive
      • One Drive to One Drive [SharePoint Migration Tool]
      • Migrate Google files to Microsoft 365 for business
    • Mail Migration
      • Google Workspace to Office 365
      • IMAP to Office 365
      • Migration Using PST File Method
      • Office 365 to Google Workspace Migration
    • VM Migration
    • Website Migration
      • Migrating IIS Sites Using Web Deploy
      • Plesk to Plesk Migration
    • Database Migration
  • Monitoring
    • Prometheus
      • Monitoring Windows Servers Using Prometheus
    • Grafana
      • Visualize Data in Grafana
    • Loki
  • Data Center
    • HPE ProLiant ILO Configuration
  • Other Technologies
    • Some R&Ds
      • Active vs. Passive Mode in FTP
      • IIS Recycling and Virtual Memory Limit
      • IIS Application Pool
Powered by GitBook
On this page
  • Prerequisites
  • Step-by-Step Guide
  • Download win-acme
  • Generate the SSL Certificate
  • Configuring Apache
  • Load the Required Apache Module
  • Force Redirect HTTP → HTTPS
  • Opening the Port in Windows Firewall Security.
  • Troubleshooting Commands
  • REFERENCES

Was this helpful?

  1. Backup and Security
  2. SSL Certificates

XAMPP - Let's Encrypt SSL Installation

PreviousExport Leaf, Root, and Intermediate FilesNextBackup

Last updated 14 days ago

Was this helpful?

If you currently run Apache (or the other distributions such as XAMPP and Wamp Server) on Windows which is hosted as a virtual machine in some cloud based server, then this guide is for you.

Prerequisites

  • XAMPP installed on your Windows Server.

  • A registered domain pointing to your server's IP address (via DNS A record).

  • Port 80 (HTTP) and 443 (HTTPS) open in firewall.

Step-by-Step Guide

Download win-acme

  • Go to

  • Download the latest version (x64 recommended).

  • Extract it to a folder, e.g., C:\win-acme\

Before we go on, Create a new folder called “apache-certs” on your C-drive.

You need to make sure your webroot is allowing .well-known/acme-challenge/ to be publicly accessible. If this folder is not available under the website directory then you need to create it and then win-acme will automatically create the required txt files for verification.

Generate the SSL Certificate

  • Open Command Prompt as Administrator.

  • Navigate to the win-acme folder:

  1. “M” - Create new certificate

  2. “1” - Manually input host names

  3. “Enter your domain name here”

  4. “Enter” - Just click enter to confirm again

  5. “5” - Save file on local or network path

  6. “C:\xampp\htdocs” - Your site root folder (C:\xampp\htdocs\<domain name>)

  7. “y” - Default config settings

  8. “2” - Choosing CSR

  9. “3”- Write .pem files

  10. “C:\apache-certs” - The reason we created the folder.

  11. “3” - No extra steps

  12. “1” - No extra steps

  13. “Enter e-mail” - Enter your email adres

  14. “Y” - Opens some docs

  15. “Y” - Ofcourse we agree

Your SSL Files should now be created and placed in your “C:\apache-certs” folder and you see something like this on your console:

The hard part is now over.

Now we need to configure Apache to be able to use the SSL-Files. Before we start this please make a new folder on your C:\ Drive named “Logs”.

Configuring Apache

To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in Apache\conf\extra\httpd-vhosts.conf file; you could also make these changes in the \Apache24\conf\extra\httpd-ssl.conf file as well instead if you so wish.

Updating C:\xampp\apache\conf\extra\httpd-ssl.conf

Replace the certificate file paths with your actual file locations.

<VirtualHost *:443>
    ServerName urc.ac.in
    DocumentRoot "C:/xampp/htdocs/<domain name>"

    SSLEngine on
    SSLCertificateFile "C:/ProgramData/win-acme/.../cert.pem"
    SSLCertificateKeyFile "C:/ProgramData/win-acme/.../privkey.pem"
    SSLCertificateChainFile "C:/ProgramData/win-acme/.../fullchain.pem"

    <Directory "C:/xampp/htdocs/<domain name>">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Step 4: Enable SSL in Apache

Open C:\xampp\apache\conf\httpd.conf and make sure these lines are uncommented:

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf -> Not required, Disable if error occurs

Configure C:\xampp\apache\conf\extra\httpd-vhosts.conf

<VirtualHost *:443>
    ServerName urc.ac.in
    DocumentRoot "C:/xampp/htdocs/<domain name>"

    SSLEngine on
    SSLCertificateFile "C:/ProgramData/win-acme/.../cert.pem"
    SSLCertificateKeyFile "C:/ProgramData/win-acme/.../privkey.pem"
    SSLCertificateChainFile "C:/ProgramData/win-acme/.../fullchain.pem"

    <Directory "C:/xampp/htdocs/<domain name>">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Enable Virtual Hosts in Apache

In httpd.conf (main Apache config), make sure this line is uncommented:

Include conf/extra/httpd-vhosts.conf

Listen 0.0.0.0 443
Or
Listen <Public IP> 443

Load the Required Apache Module

Open this file:

C:\xampp\apache\conf\httpd.conf

Find this line (or similar):

#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Uncomment it by removing the #:

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Make Sure These Modules Are Enabled Too

In httpd.conf, make sure these are also uncommented:

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-vhosts.conf

Force Redirect HTTP → HTTPS

Add this to your .htaccess file in:

C:\xampp\htdocs\<domain>\.htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Opening the Port in Windows Firewall Security.

Search for Windows Firewall Security for Windows and Open it.

Click on Inbound Rule, and follow the below steps:

  • Click on New Rule from the right panel

  • Select Port, Hit Next

  • Click on TCP and Give Specific Port number as 443,80

  • Allow all connection

  • Check on Domain, private and Public

  • Give the respective name and Click Finish

  • And then, repeat the same steps for Outbound Rules and Finish

Troubleshooting Commands

Check Errors: C:\xampp\apache\logs\error.log

netstat -an | findstr :443

You should now see something like:
TCP    0.0.0.0:443   0.0.0.0:0   LISTENING

REFERENCES

https://www.win-acme.com/
https://community.letsencrypt.org/t/setting-up-ssl-on-xampp/97512/8