I am trying to install a letsencrypt ssl certificate on my (wamp) apache server. Running on a Windows Server 2012 x64 machine.
These are the exact steps I did:
Step 1. openssl genrsa -out privatekeyfilename.key 2048 openssl req -new -key privatekeyfilename.key -sha256 -config myconf.cnf -out csrfilename.csr
Step 2. generated letsencrypt certificates on https://www.sslforfree.com/ with csrfilename.csr
Step 3:
Renamed privatekeyfilename.key > my-domain.key and placed in: C:\wamp\bin\apache\apache2.4.9\conf\certificate\
Letsencrypt Certificate placed in same folder and named: my-domain.crt
Letsencrypt CA Bundle placed in same folder and named: my-domain.ca-bundle
Step 4:
Adjusted the httpd-ssl configurations:
C:\wamp\bin\apache\apache2.4.9\conf\extra\httpd-ssl.conf,
C:\wamp\bin\apache\apache2.4.9\conf\original\extra\httpd-ssl.conf
Added these lines to the configs and commented out the old ones:
SSLCertificateFile c:/wamp/bin/apache/apache2.4.9/conf/certificate/my-domain.crt SSLCertificateKeyFile c:/wamp/bin/apache/apache2.4.9/conf/certificate/my-domain.key SSLCertificateChainFile c:/wamp/bin/apache/apache2.4.9/conf/certificate/my-domain.ca-bundle
(myconf.cnf)
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = NL
ST = Noord-holland
L = Amsterdam
O = JDJ
OU = IT
CN = *.my-domain.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = my-domain.com
DNS.2 = *.my-domain.com
I expected the ssl certficicate to be working but it is giving errors:
https://i.imgur.com/syuuVoy.png
https://i.imgur.com/2jA2aTB.png
Does anyone have any idea what is going wrong? Thank you.
Edit: Since apache 2.4.8 SSLCertificateChainFile is obsoleted.
I added the content of my-domain.ca-bundle to my-domain.crt and commented out the SSLCertificateChainFile in the conf files. Still the same error.
Also ssl_error.log is showing:
[Fri Aug 16 11:21:06.642778 2019] [ssl:warn] [pid 5256:tid 364] AH01909: my-domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Aug 16 11:21:06.814657 2019] [ssl:warn] [pid 5256:tid 364] AH01909: my-domain.com:443:0 server certificate does NOT include an ID which matches the server name
SSLCertificateChainFile
gets ignored which als shows up likely as problem if you look into your log files. – Steffen Ullrich