Laragon and Let's Encrypt
-
Is it possible to install LetsEncrypt on laragon? If it is possible, how?
-
@askaoru : Laragon uses Apache, so it is possible to use Let's Encrypt with Laragon. You can read documents about using Let's Encrypt with Apache.
-
Let's Encrypt isn't meant for local development environments.
You can create and add self-signed certificate to Apache to achieve encrypted connection between browser and server (Laragon). So here's a little tutorial how to do that.
To generate a self-signed certificate you need OpenSSL binaries (I used openssl binary provided by Cygwin while testing this).
Proceed with following:- Open terminal (cmd) in folder where you want to store your certificates (I used
d:\tools\laragon\ssl
) - Generate certificate and key with following command (replace app.dev with wanted hostname):
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout app.dev.key -out app.dev.crt
- You can just press enter on all the questions, except with the Common name part. Here give the hostname you want to use, for example app.dev
- Add following to your
httpd-vhosts.conf
(use correct hostname and paths and note that we use forward slashes in paths):
<VirtualHost app.dev:443> DocumentRoot "${DOCROOT}/app/public" ServerName app.dev:443 SSLEngine on SSLCertificateKeyFile D:/tools/laragon/ssl/app.dev.key SSLCertificateFile D:/tools/laragon/ssl/app.dev.crt SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </VirtualHost>
- Reload Apache and you have encrypted connection between browser and site!
- But your browser is nagging about untrusted certificate
- You need to add it as trusted certificate...In Chrome go to chrome://settings
Advanced settings
HTTPS/SSL
Manage certificates
- Now we need to import newly created certificate to Chrome's certificate store
- Select import and select app.dev.crt file which you created earlier
- Important: Now you need to select the certificate store where you want to store this certificate.
- Select Place all certificates in the following store and to Certificate Store: select Trusted Root Certification Authorities
- Click Finish/OK and restart your browser. Now you can browse to https://app.dev without browser nagging about the certificate
Hopefully you can get certificates working with this method..I wrote this text in a little rush, so please ask if you have some problems.
- Open terminal (cmd) in folder where you want to store your certificates (I used
-
@leokhoa I had an impression that you can't generate LE certs for local hosts (atleast when I tried to use LE cert script on my linux VM, it failed because it wasn't able to resolve that domain, or something like that). So I've kept using self-signed certs..
I could be wrong though
-
@Kurre: You're right. However, when @askaoru asked about Let's Encrypt, I think he asking for using in production.
For localhost development, I see no reason to use Let's Encrypt and it is impossible because Let's Encrypt can not connect to localhost to valiadate.
If he need to use SSL on localhost, your self-signed certificate article is very helpful
Or he can use ngrok and tunnel https if this solves his problem.
-
@leokhoa yes I wanted to use it for production. I managed to get it to work.
I used acme.sh to handle the cert installation and renewal. And by using @Kurre 's advice on the vhost, I managed to get it to work. One thing that threw me off was that laragon's default ssl port was 4433 instead of the usual 443.
Thank you for the help. Also, laragon is awesome for someone like me who really prefers windows environment over linux.
-
WARNING: can't open config file: C:\laragon\bin\apache\httpd-2.4.23-win32-VC14\conf\openssl.cnf i'm using nginx
-
Hello guys,
was there any radical change in how certificates are automatically generated for virtual hosts? For me everything seems to work (Apache 2.4.29, PHP 7.1.11) but even after adding generated certificate to Chrome, I get error NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is newblog.dev; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection.
-
@P-Mo said in Laragon and Let's Encrypt:
Hello guys,
was there any radical change in how certificates are automatically generated for virtual hosts? For me everything seems to work (Apache 2.4.29, PHP 7.1.11) but even after adding generated certificate to Chrome, I get error NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is newblog.dev; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection.
@P-Mo check this out https://forum.laragon.org/topic/493/self-signed-cert-not-working-due-to-chrome-latest-update
Maybe future Laragon version will handle this stuff automatically 🙂
-
OK, so there is a working solution, it's just not implemented in Laragon yet