If you need to add a Free SSL to your XAMPP install (windows), this is a small tutorial on how to do this:
First, you need to make sure your firewall resolves port 80 and 443. Setup the appropriate rules in your router for this. Enable port 80 and 443 to your servers IP and have TCP en UPD rules both enabled.
- Go to sslforfree.com (Let's Encrypt certificates)
- Enter your website, and click on 'Generate Free SSL certificate'
- Select your verify method, and choose to add txt records to your domain
- Go to your domain DNS management and add the txt records as requested
- Wait for a few seconds, then verify if the txt records are OK
- if OK, you can download your certificate files, below the 3 text fields full of letters and numbers is a download button
- Unzip the file in your /apache/conf folder. it holds 3 files. ca_bundle.crt, certificate.crt and private.key
- Rename the certificate.crt to server.crt and copy it to xampp/apache/conf/ssl.crt
- Rename the private.key to server.key and copy it to xampp/apache/conf/ssl.key
- Go to apache/conf/extra/httpd-ssl.cfg and edit this file:
- Change the ServerName from www.example.com:443 to your domain name, and leave the 443 in place
- Check if the SSLCertificateFile value is correct
- Check if the SSLCertificateKeyFile value is correct
- Stop and start your server, Your site is now SSL enabled
Every 3 months you must renew your certificate files.
FAQ (from the sslforfree site)
- Is this free for commercial use?
Yes, it is free for all usages including commercial usage.
- Can I use my own CSR?
Yes, just choose one of the manual verification methods and there will be input at the bottom before the generate certificate button to provide your own CSR.
- Do these SSL certificates work for IP addresses?
No, certificates can only be generated for registered domain names.
- Special Characters and Internationalized Domain Names
For domain names with special characters or international characters we automatically convert it to the punycode representation.
- Can Verification Files or TXT records be deleted after verification?
Yes, all verification files or records can be deleted after verification. It is used only once for each verification.
- My website gives a security error after installation
If your website shows a security error then the installation was not done correctly. You can try going to https://www.ssllabs.com/ to check SSL certificate installation issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
- My website works but shows a red "Not Secure" or "Insecure" in the address bar after installation
Your website most likely has insecure content which needs to be remedied. You can try going to https://whynopadlock.com to see issues and fix. If you need help with this your best bet would be to contact your host, professional developer or admin for help.
- My website is still not going to HTTPS or Secure after a successful installation
Web servers do not redirect to HTTPS by default. If you want to force it you will have to configure it to force a redirect. This configuration will depend on your server setup. If you need help with this your best bet would be to contact your host, professional developer or admin for help.