Still site Not Secure
dontletthesamedogbiteyoutwice opened this issue · 13 comments
Hi,
I posted the below on the WAMP Forum. Hope you can help.
Windows 11 64bit
Wampserver 3.3.1 64bit
Apache Version 2.4.54.2
PHP Version 5,7&8
MySQL Version 5&8
MariaDB 10 (don't /can't use)
Hi @Diepeter
I've tried your much appreciated SSL batch script, but am unsuccessful in getting it to work. Hopefully, it has something to do with the below questions:
I run the script as administrator from the command prompt.
your "sample-config.ini" file shows, for example:
[Website 1]
hostname=www.dev.website-1.com.au
documentRoot=C:/wamp64 - domains/website-1/public_html
http2=true
But WAMP, using "Virtual Hosts" to create a WordPress site, doesn't use a tld. So I tried:
[Website 1]
hostname=fox
documentRoot=D:\fox
http2=true
The script runs fine without any errors but the site in Chrome or Edge, still says Not Secure.
Hoping you can help.
My config.ini looks like:
;--------------------------;
; WampServer Configuration ;
;--------------------------;
; Your WampServer installation path.
wampServerInstallPath=D:\wamp64
; Your custom path to store your SSL certificates, keys, logs and vhost files.
; Ensure this path is NOT within your WampServer installation path.
wampServerExtensionsPath=C:\wamp64 - ssl auto config
;-------------------------;
; SSL Certificate Details ;
;-------------------------;
; These (common) ssl certificate details are used to build each developments domain name certificate.
;
; sslCity: The full name of a city.
; sslState: The full name of a state.
; sslCountry: The two letter ISO code of a country.
; sslOrganisation: The organisation name.
; sslOrganisationUnit: The unit name of a organisation.
; sslEmail: Use the 'local' part of an email address followed by the @ (at) symbol only.
; IMPORTANT: Do not include the 'domain' part of the email address as the hostname will be auto-appended.
; sslDays: The number of days you would like the certificates to remain valid for.
sslCity=Brisbane
sslState=Queensland
sslCountry=AU
sslOrganization=Business
sslOrganizationUnit=IT Department
sslEmail=webmaster@
sslDays=3650
;---------------------;
; Development Domains ;
;---------------------;
[Website 1]
hostname=fox
documentRoot=D:\fox
http2=true
Hi there @dontletthesamedogbiteyoutwice,
Just to let you know: I don't think you've tagged the right account.
Best, Peter
Hi @dontletthesamedogbiteyoutwice
Thanks for raising your issue.
Just to tick all the boxes before heading deeper into the issue, can you please see the below.
- In your
config.inifile, can you please change the slash in yourdocumentRootfrom a backslash (\) to a forward slash (/). EG:documentRoot=D:/Fox - Within the URL of your web browser (IE: Chrome and Edge), are you prefixing it with
https://? - In your
config.inifile, try adding a domain extension to yourhostname. IE:.com. EG:hostname=fox.com- I would suggest trying
www.dev.fox.comfirst, then work your way backwards, removing one part of the URL at a time until you find the minimum functional URL. Certain browsers may restrict functionality if the URL is not fully formed.
- I would suggest trying
Let me know how you go.
I appreciate your follow-up.
Now I'm receiving the below error. The only thing I changed was the path in the config.ini to wampServerExtensionsPath=C:\wamp64-sslautoconfig
The conf folder exists but is empty.
14:52:47.76 : Attempting to add hostname
to OS 'hosts' file.
14:52:47.82 : Hostname added to OS 'hosts' file.
14:52:47.83 : ---------------------------------------------
14:52:47.85 : Updating Apache primary config file(s):
14:52:47.87 : 'apache2.4.54.2\conf\httpd.conf'
14:52:47.93 : 'socache_shmcb_module' already uncommented.
14:52:48.01 : 'ssl_module' already uncommented.
14:52:48.09 : 'http2_module' already uncommented.
14:52:48.16 : Added SSL Config link.
14:52:48.24 : Added HTTP vhosts link.
14:52:48.32 : Added HTTPS vhosts link.
FAILURE
WampServer Apache Validation Error
File: See below
Error: httpd.exe: Syntax error on line 597 of D:/wamp64/bin/apache/apache2.4.54.2/conf/httpd.conf: Include/IncludeOptional: No matches for the wildcard
'*.conf' in 'C:/wamp64-sslautoconfig/vhosts/http', failing
Please correct the error in the stated configuration file and restart WampServer.
Ok, so there are no *.conf files in the C:/wamp64-sslautoconfig/vhosts/http directory. Is this the same for the C:/wamp64-sslautoconfig/vhosts/https directory as well?
Perform a restore by following The Restore instructions.
If Apache fails to restart following the restore command then you will need to perform a manual update as indicated below.
- In each and every version of Apache you have installed:
- Delete the file
C:\wamp64\bin\apache\apacheX.X.XX\conf\httpd.conf. - Rename the file
C:\wamp64\bin\apache\apacheX.X.XX\conf\httpd-backup.conftohttpd.conf.
- Delete the file
- In the directory containing your system 'hosts' file:
- Delete the file
%systemroot%\System32\drivers\etc\hosts. - Rename the file
%systemroot%\System32\drivers\etc\hosts-backuptohost.
- Delete the file
Once this is completed, delete the C:\wamp64-sslautoconfig folder.
Ensure WampServer starts without any (syntax) errors in the Apache httpd.conf file(s). This will confirm WampServer is back to its original state.
Next, in your config,ini file, change the drive letter referenced in your wampServerExtensionsPath from C:\ to D:\.
EG: wampServerExtensionsPath=D:\wamp64-sslautoconfig. I don't think this should make a difference as they are local drives but let's try and standardise as much as possible prior to further debugging.
What version of WampServer SSL Auto Config are you using?
Additionally, after you have completed all of the above, if you are still having issues, can you please post the ssl_config.log file found in the D:\wamp64-sslautoconfig\logs directory.
Thanks again.
So, I did run the "Restore" just to clean things up, and I think I understand most of it now. I have a spare Windows 10 machine that I did a clean install of WAMP64 on the C Drive and ran the config.ini script and it it runs without errors and create the directory strucure that stores all the certs, conf, logs and vhosts files in their respective folders.
But what now? I feel like a box of rocks. I checked the WAMP64 directory for any changes or symlinks to the folder that contains the files but couldn't find any reference. The WP site files are each in their own directory on drive "F".
Localhost in WAMP doesn't show any of the Virtual dirs. Not certain if or when I should create a Virtual Host in WAMP for those sites. The Readme doesn't address this.
I'm wondering if I need to copy these file to WAMP and if so where? The below is the https "list.om.conf" created by the script and below that the ssl_config.log.
Virtual Host - https://list.com
<VirtualHost *:443>
ServerName list.com
ServerAlias list.com
ServerAdmin admin@list.com
DocumentRoot "F:/list"
<Directory "F:/list/">
SSLOptions +StdEnvVars
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
Require ip 172.18
</Directory>
SSLEngine on
SSLCertificateFile "/certs/list.com/server.crt"
SSLCertificateKeyFile "/certs/list.com/private.key"
LogFormat "%L [%{%a, %d-%b-%g %T}t %{%z}t] %H %m \"%U%q\" (%b bytes) %>s" access
CustomLog "/logs/list.com/access.log" access
ErrorLogFormat "%L [%t] [%-m:%l] [pid %P:tid %T] %E: %a %M"
ErrorLog "/logs/list.com/error.log"
LogFormat "%L [%{%a, %d-%b-%g %T}t %{%z}t] %H %{SSL_PROTOCOL}x %{SSL_CIPHER}x %m \"%U%q\" (%b bytes) %>s" ssl
CustomLog "/logs/list.com/ssl_request.log" ssl
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Protocols h2 http/1.1
=====================================================================================================================================================
===========================================================
Sun 01/29/2023 : WampServer SSL Auto Config Script (v1.2.3)
11:48:48.17 : Script initialised.
11:48:48.20 : ---------------------------------------------
11:48:48.20 : Found WampServer installation path at 'C:\wamp64'
11:48:48.23 : Found WampServer Apache path at 'C:\wamp64\bin\apache'
11:48:48.25 : Found WampServer Apache installation(s):
11:48:48.30 : 'apache2.4.54.2'
11:48:48.31 : Found OS 'hosts' file at 'C:\WINDOWS\System32\drivers\etc\hosts'
11:48:48.36 : Found OS Apache service name 'wampapache64'
11:48:48.39 : Validating Apache config file(s):
11:48:49.27 : 'apache2.4.54.2'
11:48:49.30 : Using 'openssl.exe' from 'apache2.4.54.2'
11:48:49.40 : Starting Apache service.
11:48:52.52 : Apache service started.
11:48:52.55 : OS 'hosts' file backed up.
11:48:52.58 : Backing up Apache 'httpd.conf' file(s):
11:48:52.60 : 'apache2.4.54.2'
11:48:52.62 : Created common 'certs' directory at '\certs'
11:48:52.63 : Created common 'vhosts\http' directory at '\vhosts\http'
11:48:52.65 : Created common 'vhosts\https' directory at '\vhosts\https'
11:48:52.68 : Created common 'httpd-ssl.conf' file.
11:48:52.71 : ---------------------------------------------
11:48:52.73 : Website 1 (twentyfifteen.com)
11:48:52.76 : 'certs' directory created.
11:48:52.77 : 'logs' directory created.
11:48:52.81 : Created 'openssl.conf' file.
11:48:52.84 : Created Virtual Host http file.
11:48:52.88 : Created Virtual Host https file.
11:48:52.99 : Deleted old certificate from store.
11:48:53.27 : Generated certificate keys.
11:48:53.35 : Removed certificate passphrase.
11:48:53.45 : Generated Certificate.
11:48:53.48 : Deleted 'private.pem' file.
11:48:53.57 : Added new certificate to store.
11:48:53.68 : Attempting to add hostname to OS 'hosts' file.
11:48:53.79 : Hostname added to OS 'hosts' file.
11:48:53.81 : ---------------------------------------------
11:48:53.84 : Website 2 (list.com)
11:48:53.86 : 'certs' directory created.
11:48:53.88 : 'logs' directory created.
11:48:53.91 : Created 'openssl.conf' file.
11:48:53.95 : Created Virtual Host http file.
11:48:53.99 : Created Virtual Host https file.
11:48:54.08 : Deleted old certificate from store.
11:48:54.19 : Generated certificate keys.
11:48:54.29 : Removed certificate passphrase.
11:48:54.36 : Generated Certificate.
11:48:54.39 : Deleted 'private.pem' file.
11:48:54.47 : Added new certificate to store.
11:48:54.57 : Attempting to add hostname to OS 'hosts' file.
11:48:54.68 : Hostname added to OS 'hosts' file.
11:48:54.70 : ---------------------------------------------
11:48:54.71 : Updating Apache primary config file(s):
11:48:54.75 : 'apache2.4.54.2\conf\httpd.conf'
11:48:56.27 : 'socache_shmcb_module' uncommented.
11:48:57.84 : 'ssl_module' uncommented.
11:48:59.36 : 'http2_module' uncommented.
11:48:59.47 : Added SSL Config link.
11:48:59.56 : Added HTTP vhosts link.
11:48:59.67 : Added HTTPS vhosts link.
11:49:00.18 : Validated config file(s).
11:49:00.21 : ---------------------------------------------
11:49:00.23 : Flushing DNS.
11:49:00.27 : Flushed DNS.
11:49:00.30 : Re-starting Apache.
11:49:08.49 : Re-started Apache.
I see you are using the latest version of wampserver-ssl-auto-config [v1.2.3] which is excellent.
This script doesn't utilise symlinks. Instead, it adds some additional lines of code to the end of each Apache version (httpd.conf) file you have installed.
On your system, check the EOF at C:\wamp64\bin\apache\apache2.4.54.2\conf\httpd.conf
It should look something like this:
# SSL Config - Additional
Include "C:\wamp64 - ssl auto config/vhosts/https/conf/httpd-ssl.conf"
# HTTP Vhost(s) - Additional
Include "C:\wamp64 - ssl auto config/vhosts/http/*.conf"
# HTTPS Vhost(s) - Additional
Include "C:\wamp64 - ssl auto config/vhosts/https/*.conf"
The above lines instruct that particular version of Apache (2.4.52.2 in this case) to also use any *.conf file(s) found in those directories. To explain it simply, all the included conf files add together to effectively form a single large conf file which is used by Apache.
The beauty of this script is that your WP files can be (and should be) kept on a different local drive to that of your WampServer installation. In addition to this, the folders and files generated by this script can be (and should be) stored in a different location (drive or folder) to that of your WampServer installation and project code. Whilst this script output doesn’t necessarily need to be stored on a different drive, it definitely should be stored in a separate folder from your WampServer installation and your project code. This keeps all your valuable project code completely separate from your WampServer installation and again separate from this scripts generated files, so if something goes wrong, your project code is not corrupted or worse.
The creation and use of this scripts Apache conf and log files are not reflected anyway in WampServers system tray menu system. IE: You will not see anything listed in WampServers virtual dir's. I shall add that as a comment in the readme.md document during the next script revision.
So, from the information I have gleamed from your correspondence, the below config.ini file should generated the below folder structure and update the installed Apache (2.4.52.2) httpd.conf file.
config.ini
;--------------------------;
; WampServer Configuration ;
;--------------------------;
; Your WampServer installation path.
wampServerInstallPath=D:\wamp64
; Your custom path to store your SSL certificates, keys, logs and vhost files.
; Ensure this path is NOT within your WampServer installation path.
wampServerExtensionsPath=D:\wamp64 - ssl auto config
;-------------------------;
; SSL Certificate Details ;
;-------------------------;
; These (common) ssl certificate details are used to build each developments domain name certificate.
;
; sslCity: The full name of a city.
; sslState: The full name of a state.
; sslCountry: The two letter ISO code of a country.
; sslOrganisation: The organisation name.
; sslOrganisationUnit: The unit name of a organisation.
; sslEmail: Use the 'local' part of an email address followed by the @ (at) symbol only.
; IMPORTANT: Do not include the 'domain' part of the email address as the hostname will be auto-appended.
; sslDays: The number of days you would like the certificates to remain valid for.
sslCity=Brisbane
sslState=Queensland
sslCountry=AU
sslOrganization=Business
sslOrganizationUnit=IT Department
sslEmail=webmaster@
sslDays=3650
;---------------------;
; Development Domains ;
;---------------------;
[Website 1]
hostname=fox.com
documentRoot=D:/fox
http2=true
Folder structure:
D:\wamp64 - ssl auto config
├─ certs
│ └─ fox.com
│ ├─ openssl.cnf
│ ├─ private.key
│ └─ server.crt
├─ logs
│ ├─ fox.com
│ │ ├─ access.log
│ │ ├─ error.log
│ │ └─ ssl_request.log
│ └─ ssl_config.log
└─ vhosts
├─ http
│ └─ fox.com.conf
└─ https
├─ conf
│ └─ httpd-ssl.conf
└─ fox.com.conf
Added to the end of the D:\wamp64\bin\apache\apache2.4.54.2\conf\httpd.conf file.
# SSL Config - Additional
Include "D:\wamp64 - ssl auto config/vhosts/https/conf/httpd-ssl.conf"
# HTTP Vhost(s) - Additional
Include "D:\wamp64 - ssl auto config/vhosts/http/*.conf"
# HTTPS Vhost(s) - Additional
Include "D:\wamp64 - ssl auto config/vhosts/https/*.conf"
If you have problems adapting this to your needs let me know the following.
- Path (drive letter and particular folder) WampServer is installed.
- Path (drive letter and particular folder) you want this scripts output to be written to.
- Path (drive letter and particular folder) where your project code resides.
- Hostname to be used when viewing project through a web browser.
Works like a charm!
So after running WAMP's phpMyAdmin and creating the DB, I just run the script with a changed?:
[Website ]
hostname="name"
documentRoot=D:/script or WordPress site
http2=true
I'm going to try it without the tld in the hostname. i.e. "fox/" rather than "fox.com" and hopefully won't have to pester you any more :-)
All the Best -
Lance
That's excellent news that it is working for you now.
I'm not sure if fox by itself will work. If not, it will be a browser requirement. IE: It may work on some browsers but not others.
Either way, pass on your findings as the end result will be interesting to know.
After this, if I have not heard back from you in sometime, I will close the issue.
Thanks Lance.
Almost there
What I've found is that I must have WAMP, WampServer SSL Auto Config, the Document Root, and the directory to store the certs, etc. All on different drives or I receive an error similar to the below. It may be because I'm all thumbs and I do plan on more experimentation, but this was the only way I could acheive success.
In any event I'm hoping you can help me with the following. Thought I'd ask you first before attempting to get an answer on the WAMP forum:
I'm testing a script that runs an analysis of SEO for any domain I enter; i.e https://example.com
However it returns the below when I run the script. I'm assuming I need to enter the cert path in the curl entry in php.ini(?), but I'm not sure how to do this. I've attached a screenshot of the curl section of phpinfo
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
Sorry for the flood of problems, but I'm loving the script.
Lance
================================================================================================================================================
The below is what I get if I don't use different drives. Interestig thing is "wamp64sslautoconfig" contains all the files and folders, it's just that the http folder is empty!
WampServer Apache Validation Error
File: See below
Error: httpd.exe: Syntax error on line 597 of D:/wamp64/bin/apache/apache2.4.54.2/conf/httpd.conf: Include/IncludeOptional:
No matches for the wildcard
'*.conf' in 'C:/wamp64sslautoconfig/vhosts/http', failing
Please correct the error in the stated configuration file and restart WampServer.
NET HELPMSG 3521
Actually, never mind about the cURL issue. I've found that Laragon installs SSL by just clicking a box.
I'll still keep working with your WAMP script tho.
Thanks for all your assistance.
Can you please copy and paste the complete contents of your config.ini
The key points I will be looking at will be:
- The path (drive letter and particular folder) where your WampServer is installed.
- The path (drive letter and particular folder) where you want this scripts output to be written to.
- The path (drive letter and particular folder) where your project code resides.
- The hostname to be used when viewing your project through a web browser.
Once you have replied to the above, I will be able to begin guiding you through the process of running and debugging this script.
PS: Coding issues unrelated to this script are best posted on the StackOverflow website.
Soon
Can you please copy and paste the complete contents of your config.ini
The key points I will be looking at will be:
- The path (drive letter and particular folder) where your WampServer is installed.
- The path (drive letter and particular folder) where you want this scripts output to be written to.
- The path (drive letter and particular folder) where your project code resides.
- The hostname to be used when viewing your project through a web browser.
Once you have replied to the above, I will be able to begin guiding you through the process of running and debugging this script.
PS: Coding issues unrelated to this script are best posted on the StackOverflow website.
Hi @dontletthesamedogbiteyoutwice
As I haven't received a response regarding the above issue for over 30 days now I'm going to assume that your issue has been resolved.
If not, just open a new issue so we may continue to investigate the problem.
Thank you.