Apply for and automatically renew Let’s Encrypt credentials on Windows Apache through WIN-ACME

I have previously written a "Apply for Let’s Encrypt wildcard certificate on Windows」,This article is mainly through “Get HTTPS for free!” The website applies for or extends the certificate manually。When a new website was launched recently,Try to apply with WIN-ACME tool,to make it easier to use its automatic extension later (renewal) Features。

 

◎ First to WIN-ACME GitHub Download the latest tools,Here is win-acme.v2.1.22.1260.x64.pluggable.zip as an example。

◎ After downloading and unzipping,Execute wacs.exe as "system administrator"。

◎ Next,Mainly for the official WIN-ACME Example of an apache environmentSetting。

 

◎ Input “m”,Manually set each parameter。

 

◎ Input “m” or press Enter (Default m),Manually set each parameter。

 

◎ Enter the URL where you want to apply for a certificate,such as www.abc.com。

 

◎ Enter a recognizable alias for this domain name,or press Enter to use the default。

 

◎ Input “1”,Provide the native website directory path for domain name verification。

 

◎ Enter the root directory path of the local website,as C:\WebApache24htdocsabc。

 

◎ Input “yes”,Allow program to copy web.config to website directory for verification。

 

◎ Input “2” or press Enter (preset 2),Generate private key with RSA。

 

◎ Input “2”,to generate a PEM credential file for apache。

 

◎ Enter the directory path where you want to store the credential file,as C:\WebSSL。

 

◎ Input “2”,Add a password to the private key,or enter “1” not encrypted。

 

◎ If not, generate a second certificate,Import “5” or press Enter (preset 5) Carry on。

 

◎ If there are no special needs,Import “3” or press Enter (preset 3) Carry on。

 

◎ After verification,A new schedule to check for document updates will be added to the Job Scheduler,If you do not need to perform this work in a specific capacity,Import “no” Carry on。

 

◎ here,Complete the certificate application。

 

◎ Then you can confirm the certificate just generated in the certificate directory。

Note. *-crt.pem + *-chain-only.pem = *-chain.pem

 

◎ In the "Work Scheduler", you can see that a new WIN-ACME project has been added。

 

◎ Open httpd-ahssl.conf of apache (or httpd-ssl.conf or httpd.conf,look at your environment),Add a set of SSL VirtualHost。

<VirtualHost *:443>
  SSLEngine on
  ServerName www.abc.com:443
  SSLCertificateFile "C:\Web\SSL\www.abc.com-chain.pem"
  SSLCertificateKeyFile "C:\Web\SSL\www.abc.com-key.pem"
  DocumentRoot "${SRVROOT}/htdocs/abc"
</virtualhost>

 

◎ If 80 port's VirtualHost is not closed,but want to 80 Automatically go to 443,Available at 80 port's VirtualHost increased “Redirect” parameter。

<VirtualHost *>
 DocumentRoot C:\Web\Apache24\htdocs\abc
 ServerName www.abc.com
 Redirect / https://www.abc.com/
</VirtualHost>

Note. https://www.abc.com/ should be followed by a slash,This will convert http://www.abc.com/def leads to https://www.abc.com/def,Otherwise it will become http://www.abc.comdef。

 

[Links]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.