Last active
December 28, 2024 17:56
-
-
Save jitheshkt/7f578e3f450af9d0e8a248545d2662d7 to your computer and use it in GitHub Desktop.
Installing SSL on WSL2 Apache
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The idea is, we don't install certificates on WSL, instead we install them on | |
| # Windows and point the path at WSL Apache/Ngnix configuration file. | |
| # We use mkcert to generate certificates. | |
| # https://github.com/FiloSottile/mkcert | |
| # Install mkcert on Linux. Even though we don't generate certificate here, | |
| # I am installing this only to check the constant is properly set or not. | |
| # If you're Linux Ninja like my friend Bombay, you could do it without | |
| # This package for sure. | |
| # On WSL2 as root | |
| wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.2/mkcert-v1.4.2-linux-amd64 | |
| mv mkcert-v1.4.2-linux-amd64 mkcert | |
| chmod +x mkcert | |
| cp mkcert /usr/local/bin/ | |
| # On Windows | |
| # Install Chocolatey on Windows: https://chocolatey.org/install | |
| # Open a PowerShell windows with administrator rights and run choco install mkcert | |
| mkcert -install | |
| setx CAROOT "$(mkcert -CAROOT)"; If ($Env:WSLENV -notlike "*CAROOT*") { setx WSLENV "CAROOT/up:$Env:WSLENV" } | |
| # This will set the CAROOT environment variable on the WSL2 side to point to the Windows CAROOT, | |
| # so your Windows browser can trust sites running in WSL2. | |
| # Back on WSL2, you can verify the constant by typing: | |
| mkcert -CAROOT | |
| # You will see a result something like this: | |
| `/mnt/c/Users/Jithesh/AppData/Local/mkcert` | |
| # On Windows type | |
| mkcert localhost 127.0.0.1 ::1 0.0.0.0 | |
| # So, now the certificates will be in the CAROOT directory. | |
| # Simply update the apache2 config and point certificate files: | |
| # Type vim /etc/apache2/sites-available/default-ssl.conf | |
| SSLCertificateFile /mnt/c/Users/Jithesh/AppData/Local/mkcert/localhost+3.pem | |
| SSLCertificateKeyFile /mnt/c/Users/Jithesh/AppData/Local/mkcert/localhost+3-key.pem | |
| # Enable SSL if you've not | |
| a2enmod ssl | |
| a2ensite default-ssl.conf | |
| # Restart Apache | |
| service apache2 reload | |
| service apache2 restart | |
When I run
setx CAROOT "$(mkcert -CAROOT)"; If ($Env:WSLENV -notlike "*CAROOT*") { setx WSLENV "CAROOT/up:$Env:WSLENV" }I get the following error every time
ERROR: Invalid syntax.
Type "SETX /?" for usage.
@ShawnCrigger-SOLS are you on powershell? Please try it on Powershell
@howarddavis Try the same command without any if condition. Like:
setx WSLENV "CAROOT/up:$Env:WSLENV"
For me everything seemed OK, but https://localhost in Chrome 131.0 shows this:
localhost
This site can’t be reached
The webpage at https://localhost/ might be temporarily down or it may have moved permanently to a new web address.
ERR_SSL_KEY_USAGE_INCOMPATIBLE
Any ideas please?
It seems I'm having this trouble because, although after I do mkcert localhost on windows, it says the certificate is at ./localhost.pem and the key is at ./localhost-key.pem, actually there are no files except for rootCA.pem and rootCA-key.pem in this folder.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you for your help.
I followed this guide, however, I am stuck here:
I installed mkcert on windows, and ran the following,
setx CAROOT "$(mkcert -CAROOT)"; If ($Env:WSLENV -notlike "*CAROOT*") { setx WSLENV "CAROOT/up:$Env:WSLENV" }however,
When I type in the following in WSL Ubuntu,
mkcert -CAROOTI get the following output
/root/.local/share/mkcertWhat am I doing wrong?