3. Laragon and Let's Encrypt

Laragon and Let's Encrypt

  • A
    | 169 points

    Is it possible to install LetsEncrypt on laragon? If it is possible, how?

    0
  • administrators
    | 81463 points

    @askaoru : Laragon uses Apache, so it is possible to use Let's Encrypt with Laragon. You can read documents about using Let's Encrypt with Apache.

    1 Replies: 1
  • K
    | 4363 points

    Let's Encrypt isn't meant for local development environments.

    You can create and add self-signed certificate to Apache to achieve encrypted connection between browser and server (Laragon). So here's a little tutorial how to do that.

    To generate a self-signed certificate you need OpenSSL binaries (I used openssl binary provided by Cygwin while testing this).
    Proceed with following:

    • Open terminal (cmd) in folder where you want to store your certificates (I used d:\tools\laragon\ssl)
    • Generate certificate and key with following command (replace app.dev with wanted hostname):
    openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout app.dev.key -out app.dev.crt
    • You can just press enter on all the questions, except with the Common name part. Here give the hostname you want to use, for example app.dev
    • Add following to your httpd-vhosts.conf (use correct hostname and paths and note that we use forward slashes in paths):
    <VirtualHost app.dev:443>
	DocumentRoot "${DOCROOT}/app/public"
	ServerName app.dev:443

	SSLEngine on
	SSLCertificateKeyFile D:/tools/laragon/ssl/app.dev.key
	SSLCertificateFile D:/tools/laragon/ssl/app.dev.crt
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
    • Reload Apache and you have encrypted connection between browser and site! :smile:
    • But your browser is nagging about untrusted certificate :disappointed:
    • You need to add it as trusted certificate...In Chrome go to chrome://settings :arrow_right: Advanced settings :arrow_right: HTTPS/SSL :arrow_right: Manage certificates
    • Now we need to import newly created certificate to Chrome's certificate store
    • Select import and select app.dev.crt file which you created earlier
    • Important: Now you need to select the certificate store where you want to store this certificate.
    • Select Place all certificates in the following store and to Certificate Store: select Trusted Root Certification Authorities
    • Click Finish/OK and restart your browser. Now you can browse to https://app.dev without browser nagging about the certificate :)

    Hopefully you can get certificates working with this method..I wrote this text in a little rush, so please ask if you have some problems.

    1
  • K
    | 4363 points

    @leokhoa I had an impression that you can't generate LE certs for local hosts (atleast when I tried to use LE cert script on my linux VM, it failed because it wasn't able to resolve that domain, or something like that). So I've kept using self-signed certs..

    I could be wrong though :D

    0
  • administrators
    | 81463 points

    @Kurre: You're right. However, when @askaoru asked about Let's Encrypt, I think he asking for using in production.
    For localhost development, I see no reason to use Let's Encrypt and it is impossible because Let's Encrypt can not connect to localhost to valiadate.
    If he need to use SSL on localhost, your self-signed certificate article is very helpful :+1:
    Or he can use ngrok and tunnel https if this solves his problem.

    1
  • A
    | 169 points

    @leokhoa yes I wanted to use it for production. I managed to get it to work.

    I used acme.sh to handle the cert installation and renewal. And by using @Kurre 's advice on the vhost, I managed to get it to work. One thing that threw me off was that laragon's default ssl port was 4433 instead of the usual 443.

    Thank you for the help. Also, laragon is awesome for someone like me who really prefers windows environment over linux.

    0
  • V
    | 501 points

    WARNING: can't open config file: C:\laragon\bin\apache\httpd-2.4.23-win32-VC14\conf\openssl.cnf i'm using nginx

    0
  • | 136 points

    Hello guys,

    was there any radical change in how certificates are automatically generated for virtual hosts? For me everything seems to work (Apache 2.4.29, PHP 7.1.11) but even after adding generated certificate to Chrome, I get error NET::ERR_CERT_COMMON_NAME_INVALID

    This server could not prove that it is newblog.dev; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection.

    0 Replies: 1
  • K
    | 4363 points

    @P-Mo said in Laragon and Let's Encrypt:

    Hello guys,

    was there any radical change in how certificates are automatically generated for virtual hosts? For me everything seems to work (Apache 2.4.29, PHP 7.1.11) but even after adding generated certificate to Chrome, I get error NET::ERR_CERT_COMMON_NAME_INVALID

    This server could not prove that it is newblog.dev; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection.

    @P-Mo check this out https://forum.laragon.org/topic/493/self-signed-cert-not-working-due-to-chrome-latest-update

    Maybe future Laragon version will handle this stuff automatically 🙂

    1
  • | 136 points

    OK, so there is a working solution, it's just not implemented in Laragon yet

    0
Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.