I’m using an Intel Compute Stick with an USB 3.0 harddisk as my “Home-Server”. The stick has Windows 10 pre-installed:
I installed Serviio for streaming to my Samsung TV and I also installed XAMPP to run my ownCloud (8.0.x). In the past I used a self-signed certificate for HTTPS but I want a free and all-trusted SSL certificate. Let’s Encrypt can offer you this for free!
The enrollment is very easy and I want to show you how I did it. The Windows XAMPP software runs an Apache webserver. There’s an windows tool that can request a ready-to-use certificate. You can download this tool here: letsenrypt-win-simple
In our example we are using “castle.myhomeaddress.com“. Your webserver also needs to be accessible with http (tcp 80), so you need to forward this port to you internal webserver. Let’s Encrypt will check if your requested domain-certificate is coming from a real-running webserver to prevent abuse! If your webserver isn’t reachable, you will get this error code:
Authorization Result: invalid
******************************************************************************
The ACME server was probably unable to reach http://castle.myhomeaddress.com/.well-known/acme-challenge/G4MU0y0xrBdEX4vQotqBNW6q_mW6sqAkrIE1rT5auR8Check in a browser to see if the answer file is being served correctly.
******************************************************************************
Extract the archive to your harddisk and open a command prompt with administrative rights. Now go to your folder (for example C:\letsencrypt) and run the exe file like this:
letsencrypt.exe --manualhost castle.myhomeaddress.com --webroot C:\xampp\htdocs
A correct procedure will look like this:
Let's Encrypt (Simple Windows ACME Client) Renewal Period: 60 Certificate Store: WebHosting ACME Server: https://acme-staging.api.letsencrypt.org/ Config Folder: C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org Certificate Folder: C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org Loading Signer from C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org\Signer Getting AcmeServerDirectory Loading Registration from C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org\Registration Authorizing Identifier castle.myhomeaddress.com Using Challenge Type http-01 Writing challenge answer to C:\xampp\htdocs\.well-known/acme-challenge/KYhSTwaDTg_c1GFyMLDJFc5WPkTsdsfwef9Ncc8cAIs1LeTE Answer should now be browsable at http://castle.myhomeaddress.com/.well-known/acme-challenge/KYhSTwaDTg_c1GFywefbvDJFc5WPertfofvf9Ncc8cAIs1LeTE Submitting answer Refreshing authorization Authorization Result: valid Requesting Certificate Request Status: Created Saving Certificate to C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org\castle.myhomeaddress.com-crt.der Saving Issuer Certificate to C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org\ca-008BE12wrwerfwe944ED3C546431F097614FE5-crt.pem Saving Certificate to C:\Users\YourMama\AppData\Roaming\letsencrypt-win-simple\httpsacme-staging.api.letsencrypt.org\castle.myhomeaddress.com-all.pfx Do you want to install the .pfx into the Certificate Store/ Central SSL Store? (Y/N) y Opened Certificate Store "My" Adding Certificate to Store Closing Certificate Store Do you want to add/update the certificate to your server software? (Y/N) y WARNING: Unable to configure server software. Opened Certificate Store "My" Closing Certificate Store Do you want to automatically renew this certificate in 60 days? This will add a task scheduler task. (Y/N) Creating Task letsencrypt-win-simple httpsacme-staging.api.letsencrypt.org with Windows Task Scheduler at 9am every day. Do you want to specify the user the task will run as? (Y/N) n Renewal Scheduled Manual castle.myhomeaddress.com (C:\xampp\htdocs) Renew After 17.02.2017
The wizard copied the files into your local cert container and also in a sub-folder under your personal roaming folder. The wizard also created a daily-recurring task that can be found under “administrative tools / tasks”:
The two tasks are starting the following commands:
letsencrypt.exe --renew --baseuri "https://acme-staging.api.letsencrypt.org/" letsencrypt.exe --renew --baseuri "https://acme-v01.api.letsencrypt.org/"
You can create this task by your own or implement it in other task-jobs or in a crontab on linux-systems. The certificate validity is only 90 days long but this task job will re-request the new certificate automatically. Our website is now secured with a valid and trusted SHA2 certificate:
Now we need to stop the Apache service within the XAMPP service console and open the httpd-ssl.conf:
Go to “<VirtualHost _default_:443>” and place an hashtag (#) before SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile to ignore them. Place new entries like this:
# Let's Encrypt ServerAdmin webmaster@myhomeaddress.com ServerName castle.myhomeaddress.com RewriteEngine On # Redirect to the correct domain name RewriteCond %{HTTP_HOST} !^castle.myhomeaddress.com$ [NC] RewriteRule ^/?(.*)$ https://castle.myhomeaddress.com/\ [NE,L,R=301] Alias /.well-known C:/xampp/htdocs/.well-known SSLEngine on SSLCertificateFile "C:/Users/YourMama/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/castle.myhomeaddress.com-crt.pem" SSLCertificateKeyFile "C:/Users/YourMama/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/castle.myhomeaddress.com-key.pem" SSLCertificateChainFile "C:/Users/YourMama/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-<ID>-crt.pem"
Change the paths to your correct location. Start the Apache service again and check if your server is reachable via https.
6 Responses
Your guide failed on the first part. Please delete this.
No, I will correct this :) what was not working? I will test and correct this tutorial
Hi Michel, I am very thankful I found your tutorial as there is nothing else I have found specifically for xampp and lets encrypt. However I am not so successful as yourself. When I type in the commands as you describe I get a list of options instead of how you described…it reads as follows:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Studio>cd c:\letsencrypt
c:\letsencrypt>letsencrypt.exe manualhost pxxxxo.xxx webroot C:\xampp\htdocs4
[INFO] Let’s Encrypt Windows Simple (LEWS)
[INFO] Software version 198.4.6605.15190 (RELEASE)
[INFO] IIS not detected
[INFO] ACME Server https://acme-v01.api.letsencrypt.org/
[INFO] Please report issues at https://github.com/Lone-Coder/letsencrypt-win-si
mple
M: Create new certificate with advanced options
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew *all*
V: Revoke certificate
C: Cancel scheduled renewal
X: Cancel *all* scheduled renewals
Q: Quit
Please choose from the menu: m
[INFO] Running in Advanced mode
1: Single binding of an IIS site
2: SAN certificate for all bindings of an IIS site
3: SAN certificate for all bindings of multiple IIS sites
4: Manually input host names
C: Cancel
Which kind of certificate would you like to create?:
this is where I get stuck… I do not have IIS so not sure how to proceed. But since this looks so different from what you described I thought you might have some suggestions.
Thanks
I think you can choose the first one because he will export the files to your apache server. There you need to configure your apache configuration to use this certificate.
Hi Michel,
Thank you for the tutorial.
It also failed for me at first. Seems we should have double dash instead of simple ones for parameters. Also, we might need to specify a folder if our website is not at the root, but in a folder of HTDOCS:
Currently:
letsencrypt.exe –manualhost castle.myhomeaddress.com –webroot C:\xampp\htdocs
Might be:
letsencrypt.exe –-manualhost castle.myhomeaddress.com –-webroot C:\xampp\htdocs
Hi Romain,
I corrected the statements into “code” snippets in this blog. There was a problem with double minus symbols. Thanks!