Setting Up a Free SSL Certificate on Your XAMPP Server on Windows 10

Securing your website with SSL is crucial for protecting data and building trust with visitors. If you're running a web server using XAMPP on Windows 10, you might think getting an SSL certificate up and running is a challenge. But with Let's Encrypt and Certbot, you can set up a free SSL certificate in just a few steps. This blog post will guide you through the entire process. But another thing you should know is that Certbot for Windows is discontinued from February 2024. Certbot is offering alternatives, you can check out this article. 

With this procedure, you can level up the security of your home server built with XAMPP. Yes, if you have a public IP from your ISP, you can host your own server from your home. Not going to be fancy but can take smaller loads depending on your bandwidth and system capability.

First thing first, you have to add a domain to your server, if you can't afford one, you can try sub-domain services and provide sub-domains for free. 

no-ip.com is a good choice to get a domain for your IP address, the process is very straightforward on their website and dashboard. You can get 3 free sub-domains for free and the interesting thing is, with the virtual host on Apache, you can set 3 different subdomains on 3 different websites on the same server. 

If you are ready, let's get started.

Step 1: Install Certbot

Certbot is a free, open-source tool for automating the process of obtaining and renewing SSL certificates from Let's Encrypt. Here’s how to get it on your Windows 10 machine:

1. Download Certbot for Windows:

• Visit the Certbot website or Download from Github Releases
• Download the Certbot installer.
  
  

2. Install Certbot:

• Run the installer you just downloaded.
• Follow the on-screen instructions to complete the installation.

Step 2: Generate the SSL Certificate

Now that you have Certbot installed, you can use it to generate an SSL certificate for your domain. Open Command Prompt as Administrator.

• Navigate to your XAMPP directory:
  

  cd C:\xampp\htdocs

• Run Certbot:
  

  certbot certonly --manual
  

  Certbot will prompt you to complete a DNS challenge to verify your domain ownership. You’ll need to create a specific file in your web server's directory.
  
  
• Complete the DNS Challenge:
  

• Certbot will provide you with a file to upload to your web server. This file is used to verify your domain ownership.
• Create a /.well-known/acme-challenge/ directory in your htdocs folder and place the provided file there.
  
  
• Finish the Certificate Generation:
• Once the DNS challenge is successful, Certbot will generate your SSL certificate files.

Step 3: Configure XAMPP to Use the SSL Certificate

With your SSL certificate generated, the next step is to configure XAMPP to use it.

1. Locate the Certificate Files

Certbot will have created fullchain.pem (your certificate) and privkey.pem (your private key) files.

2. Move the Files to XAMPP

Copy these files to a secure directory within your XAMPP installation, such as C:\xampp\apache\conf\ssl.crt for the certificate and C:\xampp\apache\conf\ssl.key for the private key.

3. Edit the Apache SSL Configuration

• Open the httpd-ssl.conf file located in  C:\xampp\apache\conf\extra\.
• Update the following lines to point to your certificate and key files:
  

  SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/fullchain.pem"
  SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/privkey.pem"

4. Configure SSL Virtual Hosts

In the httpd-ssl.conf file, add or modify your virtual host configuration for SSL:

<VirtualHost *:443>
    DocumentRoot "C:/xampp/htdocs"
    ServerName yourdomain.com

    SSLEngine on
    SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/fullchain.pem"
    SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/privkey.pem"

    <Directory "C:/xampp/htdocs">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog "C:/xampp/apache/logs/error.log"
    TransferLog "C:/xampp/apache/logs/access.log"
</VirtualHost>

5. Include the SSL Configuration

• Open httpd.conf from the XAMPP Control Panel under the Apache Config button 
• Add the following line at the bottom to include the SSL configuration:
  

  Include "C:/xampp/apache/conf/extra/httpd-ssl.conf"

6. Restart Apache

• Go to the XAMPP Control Panel and restart Apache to apply your new SSL settings.

Step 4: Verify Your SSL Installation

Once you've restarted Apache, it's time to verify that your SSL certificate is working.

1. Open your browser and navigate to https://yourdomain.com

If everything is set up correctly, your site should load with a secure HTTPS connection.

Step 5: Automate SSL Certificate Renewal

SSL certificates from Let's Encrypt are only valid for 90 days, so you'll need to renew them periodically.

Unfortunately, the manual DNS challenge method used in this tutorial doesn’t allow for easy automation. You'll need to repeat the certificate generation process every 90 days.

For automation, consider using a web server that supports direct DNS access or a hosting provider that can automate renewals for you. You can try installing a Ubuntu server on your machine with Cyberpanel, Cyberpanel can easily handle this automation for you. 

Setting up a free SSL certificate on your XAMPP server may seem daunting, but with the help of Let's Encrypt and Certbot, it's a straightforward process. By following the steps outlined in this guide, you can secure your website with HTTPS and protect your visitors' data. Don't forget to keep your SSL certificate up to date to ensure continuous protection. Happy hosting!