Speed up SSL issuance
GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.
Automating SSL/TLS for your Apache web server on Windows using an ACME SSL certificate keeps your website secure without manual renewals. This guide, using the Win-ACME (WACS) client with external account binding (EAB), shows how to:
Example commands use placeholders — replace them with your actual values.
Before getting started, ensure you have the following assets in place or processes completed:
* These credentials are issued by your chosen ACME certificate authority (CA), and the exact process of accessing them varies by CA.
cd C:\win-acme
wacs.exe
The result should be an output listing the Windows ACMEv2 client (WACS) client (i.e., wacs.exe), much like the example image below:

mkdir C:\Apache24\conf\ssl
dir C:\Apache24\conf\ssl

To start, run the following set of commands to select your directory and to register and connect your Win-ACME client with your certificate authority (CA):
cd C:\win-acme
wacs.exe --baseuri ACME_SERVER_URL
Follow the menu steps outlined below. These steps must be followed precisely to work properly.
Open the menu and make the following selections:

Type 4 to select the single certificate option and hit Enter.
When prompted, select your preferred domain control validation (DCV) method. For this example, we’ll be using the HTTP validation via Webroot:
Choose option 2: RSA key for your private key.

After successful validation and account registration, Win-ACME will issue the certificate for you to download.
Select N to choose the default SYSTEM user. You should see a resulting output that looks akin to the following (although it will list your relevant details instead of the placeholder data):
[yourdomain.com] Authorization result: valid
Downloading certificate [Manual] yourdomain.com
Exporting .pem files to C:\Apache24\conf\ssl
Adding Task Scheduler entry
If Win-ACME returns to a new certificate menu after completion, then exit by typing C or Q. (This exit method is safe because the certificate has already been issued.)
Verify the generated files are accounted for and accurate:
dir C:\Apache24\conf\ssl
Here is an example list of the files you should expect to see (although yours will have your unique domain details instead of the placeholder yourdomain.com listed):
yourdomain.com-chain-only.pem
yourdomain.com-chain.pem
yourdomain.com-crt.pem
yourdomain.com-key.pem

Follow the sub-steps below to enable HTTPS support in Apache.
In CMD, enter the following command to access your Apache configuration file using the Notepad text editor:
notepad C:\Apache24\conf\httpd.conf
Ensure the following lines are enabled (remove the # symbol if commented):
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf

Open your Windows server’s Apache config file using the Notepad editor:
notepad C:\Apache24\conf\extra\httpd-ssl.conf
Update the following values (using your specific details in place of the example placeholder data):
ServerName yourdomain.com:443
DocumentRoot "C:/Apache24/htdocs"
ServerAdmin user@yourdomain.com
SSLCertificateFile "C:/Apache24/conf/ssl/yourdomain.com-chain.pem"
SSLCertificateKeyFile "C:/Apache24/conf/ssl/yourdomain.com-key.pem"
If present, comment this line:
#SSLCertificateChainFile
Next, replace these placeholders with your own values:

Follow these sub-steps to apply the SSL certificate to Apache and enable HTTPS.
cd C:\Apache24\bin
httpd -t
This is what you should see as the expected output:
Syntax OK
Enter the following command to reboot Apache:
httpd -k restart
Open the httpd.conf file:
notepad C:\Apache24\conf\httpd.conf
Add the following input at the bottom (using your pertinent details in place of the placeholder values):
<VirtualHost *:80>
ServerName yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>

httpd -k restart
If the redirect was successful, you should see the following:
(Note: This is typically done during the renewal window (~30 days before the certificate’s expiration date)
To manually implement a certificate renewal, enter the following commands:
cd C:\win-acme
wacs.exe --renew --baseuri “YOUR_ACME_SERVER_URL”
The expected output will look like this:
Renewal yourdomain.com is due after YYYY/MM/DD
This approach bypasses the expiration check process and renews the certificate instantly:
cd C:\win-acme
wacs.exe --renew --force --baseuri "YOUR_ACME_SERVER_URL"
The expected output will look like this:
Renewal for yourdomain.com succeeded

These steps are not required for most installations but are helpful if you encounter issues. You may also contact our support team for more questions.
Create a test file (e.g., testfile.txt) on your web server using the following command:
echo Welcome test > C:\Apache24\htdocs\testfile.txt
Confirm the file exists on your domain by opening the verification test file in your browser. (Replace the placeholder yourdomain.com with your domain name.):
curl -I http://yourdomain.com/testfile.txt

We’ve put together a list of error codes and solutions:
Congratulations! You have successfully achieved the following
Now, SSL renewals will run automatically without requiring manual intervention.
Get a Domain Validation SSL certificate within just 5 minutes using our friendly and automated system. No paperwork, callback or company required.
Found a better price? We will match it - guaranteed. Get the best possible price in the World with us. The correct place to save your money.
No more manual installations or expiring certificates: automate your SSL certificates with ACME. Get Started with ACME SSL
Customer satisfaction is our major concern. Get a full refund within 30 days for any purchase of SSL certificates with 100% guarantee.
GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.