1. What I want to do:
I have a domain example.me, and a sub-domain text.example.me which is hosted on my Windows Server. It's running Apache with php 5.6
I want to install and SSL certificate using Let's Encrypt and this tool https://github.com/PKISharp/win-acme
2. The problem:
It doesn't seem to be working, I get the following error when trying to access https://test.example.me
This site can’t provide a secure connection
3. What I have done so far
I followed every step from: https://commaster.net/content/how-setup-lets-encrypt-apache-windows
This is the content of my httpd-ssl.conf
<VirtualHost *:443>
ServerAdmin me@examole.com
ServerName text.example.me
DocumentRoot "D:/xampp/htdocs"
RewriteEngine On
# Redirect to the correct domain name
RewriteCond %{HTTP_HOST} !^test.example.me$ [NC]
RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]
Alias /.well-known D:/xampp/htdocs/.well-known
SSLEngine on
SSLCertificateFile "conf/ssl.crt/text.example.me-crt.pem"
SSLCertificateKeyFile "conf/ssl.key/test.example.me-key.pem"
SSLCertificateChainFile "conf/ssl.csr/ca-test.example.me-crt.pem"
</VirtualHost>
My 80,443 ports are avaiable, and not being used by Skype, so that's not the issue.
This is the content of my httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin me@example.me
ServerName test.example.me
RewriteEngine On
# Redirect to the HTTPS site
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]
ErrorLog logs/slog.log
</VirtualHost>
I am using Let's Encrypt since some years - but without(!) RewriteEngine.
So here is a snipped from my http-vhosts.conf
<VirtualHost *:80>
DocumentRoot "C:/webserver/html/example_html"
ServerName www.example.com
Redirect permanent / https://www.example.com/
# For the case that you are using ModProxy to forward to a Tomcat, please also add:
# ProxyPass "/.well-known/" "!"
</VirtualHost>
A snipped from my httpd-ssl.conf:
<VirtualHost *:443>
DocumentRoot "C:/webserver/html/example_html"
ServerName www.example.com
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-crt.pem"
SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-key.pem"
SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-www.example.com-crt.pem"
<IfModule headers_module>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set x-frame-options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
#Header always set Content-Security-Policy "script-src 'self'"
</IfModule>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#For the case that you use ModProxy to forward to a Tomcat or so
#ProxyPass "/.well-known/" "!"
EnableSendfile off
EnableMMAP off
</VirtualHost>
Also please keep in mind that when you want to use multiple hostnames, then you need a wildcard certificate - otherwise it's simple with Let's Encrypt to have one certificate for each host/domian name - but you need one virtual host section for each host/domain name you are using.
Last but not least my personal opinion is thet ModRewrite should not be used when there is no need, because it is complicate and not really understood by most people.