Hey there, let's work through this "no secure connection" issue step by step—here are the most common fixes tailored to your Apache + PHP 5.6 Windows setup with win-acme and Let's Encrypt:

First, double-check that win-acme's generated certificates are properly referenced in your Apache config:

• Locate your win-acme certificate directory (default path: C:\Program Files\win-acme\acme\test.example.me\). You should see files like fullchain.pem, privatekey.pem, and possibly cert.pem.
• Open your Apache SSL config (usually httpd-ssl.conf or a custom virtual host file) and confirm these directives point to the correct absolute Windows paths:

  SSLCertificateFile "C:\Program Files\win-acme\acme\test.example.me\fullchain.pem"
  SSLCertificateKeyFile "C:\Program Files\win-acme\acme\test.example.me\privatekey.pem"
  

• Run httpd -t in Command Prompt to check for config syntax errors—fix any issues before restarting Apache.

• Check if Apache is listening on port 443: Run netstat -ano | findstr ":443" in Command Prompt. You should see an entry for httpd.exe with the Apache process ID.
• If no entry exists, uncomment or add Listen 443 in your main Apache config (httpd.conf).
• Verify Windows Firewall (and any network firewalls/routers) allow inbound traffic on port 443—blocked ports will prevent SSL handshake entirely.

• Re-run win-acme in verbose mode to confirm certificate generation succeeded:

  wacs.exe --renew --verbose
  

  Look for errors related to domain validation or certificate chain downloads. Let's Encrypt requires a full chain (domain cert + intermediate certs) to be trusted by browsers.
• Ensure your fullchain.pem includes all chain certificates—if it's missing intermediates, win-acme may have failed to fetch them, and you'll need to re-run the certificate issuance process.

PHP 5.6 supports TLS 1.2, but Apache may be configured to use outdated protocols that browsers block. Update your httpd-ssl.conf with these directives:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

This restricts Apache to use only modern, secure TLS versions compatible with both PHP 5.6 and modern browsers.

Make sure your HTTPS virtual host is correctly bound to test.example.me and points to your web root:

<VirtualHost *:443>
    ServerName test.example.me
    DocumentRoot "C:\path\to\your\test-subdomain-webroot"
    SSLEngine on
    SSLCertificateFile "C:\Program Files\win-acme\acme\test.example.me\fullchain.pem"
    SSLCertificateKeyFile "C:\Program Files\win-acme\acme\test.example.me\privatekey.pem"

    # PHP-specific config (adjust path to your PHP handler)
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>

    <Directory "C:\path\to\your\test-subdomain-webroot">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Ensure no other virtual hosts on port 443 are conflicting (e.g., missing ServerName leading to Apache serving the wrong certificate).

Use OpenSSL (download a lightweight Windows build if needed) to test the connection directly:

openssl s_client -connect test.example.me:443

Look for the line Verify return code: 0 (ok)—this confirms the certificate is trusted. If you see any error codes, they'll point to the root issue (e.g., untrusted chain, expired cert).

If you're still stuck, share relevant snippets from Apache's error log (usually C:\Apache24\logs\error.log)—this will help narrow down the exact problem.

内容的提问来源于stack exchange，提问作者John Doe