Laragon and Let's Encrypt


  • | 169 points

    Is it possible to install LetsEncrypt on laragon? If it is possible, how?


  • administrators
    | 62340 points

    @askaoru : Laragon uses Apache, so it is possible to use Let's Encrypt with Laragon. You can read documents about using Let's Encrypt with Apache.


  • | 3180 points

    Let's Encrypt isn't meant for local development environments.

    You can create and add self-signed certificate to Apache to achieve encrypted connection between browser and server (Laragon). So here's a little tutorial how to do that.

    To generate a self-signed certificate you need OpenSSL binaries (I used openssl binary provided by Cygwin while testing this).
    Proceed with following:

    • Open terminal (cmd) in folder where you want to store your certificates (I used d:\tools\laragon\ssl)
    • Generate certificate and key with following command (replace app.dev with wanted hostname):
    openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout app.dev.key -out app.dev.crt
    
    • You can just press enter on all the questions, except with the Common name part. Here give the hostname you want to use, for example app.dev
    • Add following to your httpd-vhosts.conf (use correct hostname and paths and note that we use forward slashes in paths):
    <VirtualHost app.dev:443>
    	DocumentRoot "${DOCROOT}/app/public"
    	ServerName app.dev:443
    
    	SSLEngine on
    	SSLCertificateKeyFile D:/tools/laragon/ssl/app.dev.key
    	SSLCertificateFile D:/tools/laragon/ssl/app.dev.crt
    	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    
    • Reload Apache and you have encrypted connection between browser and site! :smile:
    • But your browser is nagging about untrusted certificate :disappointed:
    • You need to add it as trusted certificate...In Chrome go to chrome://settings :arrow_right: Advanced settings :arrow_right: HTTPS/SSL :arrow_right: Manage certificates
    • Now we need to import newly created certificate to Chrome's certificate store
    • Select import and select app.dev.crt file which you created earlier
    • Important: Now you need to select the certificate store where you want to store this certificate.
    • Select Place all certificates in the following store and to Certificate Store: select Trusted Root Certification Authorities
    • Click Finish/OK and restart your browser. Now you can browse to https://app.dev without browser nagging about the certificate :)

    Hopefully you can get certificates working with this method..I wrote this text in a little rush, so please ask if you have some problems.


  • | 3180 points

    @leokhoa I had an impression that you can't generate LE certs for local hosts (atleast when I tried to use LE cert script on my linux VM, it failed because it wasn't able to resolve that domain, or something like that). So I've kept using self-signed certs..

    I could be wrong though :D


  • administrators
    | 62340 points

    @Kurre: You're right. However, when @askaoru asked about Let's Encrypt, I think he asking for using in production.
    For localhost development, I see no reason to use Let's Encrypt and it is impossible because Let's Encrypt can not connect to localhost to valiadate.
    If he need to use SSL on localhost, your self-signed certificate article is very helpful :+1:
    Or he can use ngrok and tunnel https if this solves his problem.


  • | 169 points

    @leokhoa yes I wanted to use it for production. I managed to get it to work.

    I used acme.sh to handle the cert installation and renewal. And by using @Kurre 's advice on the vhost, I managed to get it to work. One thing that threw me off was that laragon's default ssl port was 4433 instead of the usual 443.

    Thank you for the help. Also, laragon is awesome for someone like me who really prefers windows environment over linux.


  • | 501 points

    WARNING: can't open config file: C:\laragon\bin\apache\httpd-2.4.23-win32-VC14\conf\openssl.cnf i'm using nginx


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.