Brazil's biggest MU Online portal — since 2003
Tutorial Intermediate Tutoriais

How to Configure SSL and HTTPS Certificate on MU Server Website

Step-by-step guide to install and configure an SSL/TLS certificate on your MU Online private server website using Let's Encrypt, IIS, and Apache/XAMPP.

VI ViciadosMU Team · Updated on 3 jul 2026 · ⏱ 12 min read

Securing your MU Online private server website with HTTPS is critical for player trust and data protection — covering login, registration, and the web control panel. This guide walks through SSL certificate installation for both IIS (Windows Server) and Apache/XAMPP, the two most common web stacks used in MU private server hosting.

Prerequisites

Before starting, make sure you have:

  • A domain name pointing to your server IP (e.g. myserver.com → VPS IP)
  • Administrator access to Windows Server (2008/2012/2016/2019)
  • IIS installed with your MU site already running on HTTP (port 80)
  • PowerShell 5.1 or later available
Nota: If you use XAMPP instead of IIS, skip to the Configuring SSL on Apache/XAMPP section. For webEngineNET, follow the IIS section since webEngineNET runs on top of IIS.

Option A: Free Certificate with Let's Encrypt + win-acme (IIS)

Step 1 — Download win-acme

  1. Connect to your server via RDP as administrator.
  2. Open PowerShell as administrator and create a working directory:
mkdir C:\ssl-tools
cd C:\ssl-tools
  1. Download win-acme (wacs.exe) from https://github.com/win-acme/win-acme/releases — choose the wacs.exe build for Windows x64.
  2. Extract the contents to C:\ssl-tools\wacs\.

Step 2 — Open Port 80 in the Firewall

Let's Encrypt validates your domain over HTTP on port 80. Confirm it is open:

netsh advfirewall firewall add rule name="HTTP-80" protocol=TCP dir=in localport=80 action=allow
netsh advfirewall firewall add rule name="HTTPS-443" protocol=TCP dir=in localport=443 action=allow

Step 3 — Run win-acme

cd C:\ssl-tools\wacs
.\wacs.exe

In the interactive menu:

  1. Choose N (New certificate — simple for IIS)
  2. Select your MU server's IIS site from the list
  3. Confirm the domain names (e.g. myserver.com and www.myserver.com)
  4. Accept the terms of service and provide your email for expiry notifications
  5. win-acme requests the certificate, completes the HTTP-01 challenge, and installs it into IIS automatically
Dica: win-acme automatically creates a Windows Task Scheduler entry called win-acme renew that handles renewal every 90 days without any manual steps.

Step 4 — Add the HTTPS Binding in IIS

Open IIS Manager:

  1. Expand Sites → click your MU server site
  2. In the right panel, click Bindings...
  3. Click Add and fill in:
  • Type: https
  • IP Address: All Unassigned
  • Port: 443
  • SSL certificate: select the myserver.com certificate installed by win-acme
  1. Click OK and close

Step 5 — Force HTTP-to-HTTPS Redirect

Edit the web.config at the root of your MU site (typically C:\inetpub\wwwroot\myserver\web.config) and add the following inside <system.webServer>:

<rewrite>
  <rules>
    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
              redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>
Atenção: The Rewrite module must be installed in IIS for this to work. Download and install the URL Rewrite Module from https://iis.net/downloads/microsoft/url-rewrite before editing web.config.

Option B: Self-Signed Certificate for Internal or Test Environments

Use this option only for local testing or internal networks — browsers will display a security warning.

Step 1 — Generate the Certificate via PowerShell

$cert = New-SelfSignedCertificate `
  -DnsName "myserver.com", "localhost" `
  -CertStoreLocation "cert:\LocalMachine\My" `
  -NotAfter (Get-Date).AddYears(2) `
  -KeyAlgorithm RSA `
  -KeyLength 2048
Write-Host "Thumbprint: $($cert.Thumbprint)"

Step 2 — Bind to IIS

Follow the same steps in Option A Step 4, selecting the self-signed certificate from the list.


Option C: SSL Certificate on Apache/XAMPP

For MU servers using XAMPP with PHP for the website and web panel:

Step 1 — Enable the SSL Module in XAMPP

Edit C:\xampp\apache\conf\httpd.conf and uncomment (remove the #):

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

Step 2 — Generate Key and Certificate with OpenSSL

cd C:\xampp\apache
bin\openssl.exe req -x509 -nodes -days 730 -newkey rsa:2048 ^
  -keyout conf\ssl.key\myserver.key ^
  -out conf\ssl.crt\myserver.crt ^
  -subj "/CN=myserver.com/O=MyServer MU/C=US"

Step 3 — Configure the HTTPS VirtualHost

Edit C:\xampp\apache\conf\extra\httpd-ssl.conf and locate the <VirtualHost _default_:443> block. Adjust it to:

<VirtualHost *:443>
    ServerName myserver.com
    DocumentRoot "C:/xampp/htdocs/mysite"

    SSLEngine on
    SSLCertificateFile    "C:/xampp/apache/conf/ssl.crt/myserver.crt"
    SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/myserver.key"

    <Directory "C:/xampp/htdocs/mysite">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Step 4 — Redirect HTTP to HTTPS in Apache

Create or edit C:\xampp\htdocs\mysite\.htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Restart Apache from the XAMPP Control Panel and test by navigating to https://myserver.com.


Database Updates After Enabling HTTPS

After activating HTTPS, update any stored URLs in the MU database that still reference HTTP:

-- Database: MuOnline or MuWebConfig (varies by WebEngine version)
-- Update the site base URL in the configuration table
USE [MuWebConfig]
GO

UPDATE [dbo].[SiteSettings]
SET [SiteUrl] = 'https://myserver.com'
WHERE [SettingKey] = 'BaseUrl';

-- If using WebEngine configuration table:
UPDATE [dbo].[WebConfig]
SET [ConfigValue] = 'https://myserver.com'
WHERE [ConfigKey] IN ('SiteURL', 'WebsiteUrl', 'BaseURL');
Nota: Exact table names vary by WebEngine version (webEngineNET, MuCMS, etc.). Use SQL Server Management Studio to inspect the available tables in your web panel database.

Verifying the SSL Installation

Test via PowerShell

# Check certificate validity and expiry date
$result = [System.Net.HttpWebRequest]::Create("https://myserver.com").GetResponse()
$cert = $result.ServicePoint.Certificate
Write-Host "Issued to: $($cert.Subject)"
Write-Host "Expires: $($cert.GetExpirationDateString())"

Test via curl

curl -I https://myserver.com

Expected response:

HTTP/2 200
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000

Configuring HSTS (Advanced Security)

Add the HSTS header to enforce HTTPS at the browser level. In IIS, edit web.config:

<httpProtocol>
  <customHeaders>
    <add name="Strict-Transport-Security"
         value="max-age=31536000; includeSubDomains" />
    <add name="X-Content-Type-Options" value="nosniff" />
    <add name="X-Frame-Options" value="SAMEORIGIN" />
  </customHeaders>
</httpProtocol>
Atenção: Do not enable HSTS with the preload directive until you have confirmed that HTTPS works flawlessly on all pages. Once added to browser preload lists, removing HSTS can take months to propagate.

Common Troubleshooting

ProblemLikely CauseSolution
ERR_SSL_PROTOCOL_ERRORHTTPS binding not configured in IISAdd binding on port 443 with the certificate
Expired certificateAutomatic renewal task failedRun .\wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/"
Mixed content warningsHardcoded HTTP URLs in HTML/CSS/JSFind and replace http://myserver.com with https://myserver.com in all files
Port 443 already in useAnother service occupying the portRun `netstat -ano \findstr :443` to identify the conflicting process
403 error on HTTPSFolder permissions in IISGrant read permission to IIS_IUSRS on the site root folder

Next Steps

With SSL in place, consider also:

  • Setting up monitored automatic renewal via a PowerShell script that sends an email alert on failure
  • Installing a wildcard certificate (*.myserver.com) to cover subdomains like panel.myserver.com
  • Reviewing SQL Server security settings used by the site to enforce authenticated-only connections

Perguntas frequentes

Does Let's Encrypt work with a bare IP address?

No. Let's Encrypt requires a valid domain name (e.g. myserver.com). For IP-only setups, generate a self-signed certificate with OpenSSL or purchase a commercial certificate from a trusted CA.

My webEngineNET panel broke after enabling HTTPS. What should I check?

Verify the IIS binding is configured for port 443 with the correct certificate. Open IIS Manager → Sites → your site → Bindings → add HTTPS on port 443. Also confirm that web.config contains the HTTP-to-HTTPS rewrite rule.

How often does a Let's Encrypt certificate need to be renewed?

Every 90 days. Configure automatic renewal using win-acme with a Windows Task Scheduler entry so the certificate renews without manual intervention.

Player registration on the website stopped working after enabling SSL. What should I check?

Confirm the connection string in web.config points to the correct SQL Server instance and that the IIS Application Pool has network access. Also verify that registration form action URLs use absolute HTTPS paths.

VI

ViciadosMU Team

Equipe editorial do ViciadosMU — portal de MU Online no ar desde 2003.

Keep reading

Related articles

🐬
Tutorial

Install MySQL and phpMyAdmin for the MU Online server website

Complete guide to installing MySQL and phpMyAdmin for a MU Online server website: the critical difference between MySQL (for the website) and SQL Server (for the game), when to install MySQL separately vs using XAMPP or AppServ, the full MySQL Community Server installation walkthrough (7 steps including the authentication method choice for PHP compatibility), how to install phpMyAdmin manually and configure config.inc.php, how to create the website database and import the web system's SQL file, how to create a dedicated MySQL user (never use root in the site config), common MySQL connection errors and how to fix them, and security best practices (no port 3306 exposed, strong root password, dedicated user).

12 min · Beginner
🧰
Tutorial

How to install XAMPP for a MU Online server website

Complete guide to installing XAMPP for running a MU Online server's website: what XAMPP includes (Apache, PHP, MySQL/MariaDB, phpMyAdmin), the critical difference between XAMPP's MySQL and SQL Server (the game database), how to choose the right PHP version for your web system, the full XAMPP installation and control panel walkthrough, where to put the website files (htdocs folder), how to create and import the MySQL database for the web system via phpMyAdmin, how to install IonCube Loader in XAMPP for PHP-encoded MU web systems, the four most common XAMPP problems and fixes (port 80 conflict, MySQL not starting, wrong PHP version, blank page), and how to use XAMPP on a VPS vs a local development machine.

12 min · Beginner
🧰
Tutorial

How to install AppServ for your MU Online server website

Complete guide to installing AppServ for running a MU Online server website on Windows: what AppServ is and what it includes (Apache, PHP, MySQL, phpMyAdmin), when to choose AppServ over XAMPP, the full installation walkthrough with each configuration screen explained (Apache port, admin email, MySQL root password, charset), where AppServ installs its files (C:\\AppServ\\www\\), how to access phpMyAdmin, installing IonCube Loader in AppServ for protected MU web systems, configuring the virtual host for multiple sites, solving the most common AppServ problems (port 80 conflict, MySQL not starting, phpMyAdmin access), the AppServ vs XAMPP comparison in detail, and the security hardening steps before going live.

12 min · Beginner