How to Configure SSL and HTTPS Certificate on MU Server Website
Step-by-step guide to install and configure an SSL/TLS certificate on your MU Online private server website using Let's Encrypt, IIS, and Apache/XAMPP.
Securing your MU Online private server website with HTTPS is critical for player trust and data protection — covering login, registration, and the web control panel. This guide walks through SSL certificate installation for both IIS (Windows Server) and Apache/XAMPP, the two most common web stacks used in MU private server hosting.
Prerequisites
Before starting, make sure you have:
- A domain name pointing to your server IP (e.g.
myserver.com→ VPS IP) - Administrator access to Windows Server (2008/2012/2016/2019)
- IIS installed with your MU site already running on HTTP (port 80)
- PowerShell 5.1 or later available
Option A: Free Certificate with Let's Encrypt + win-acme (IIS)
Step 1 — Download win-acme
- Connect to your server via RDP as administrator.
- Open PowerShell as administrator and create a working directory:
mkdir C:\ssl-tools
cd C:\ssl-tools
- Download win-acme (wacs.exe) from
https://github.com/win-acme/win-acme/releases— choose thewacs.exebuild for Windows x64. - Extract the contents to
C:\ssl-tools\wacs\.
Step 2 — Open Port 80 in the Firewall
Let's Encrypt validates your domain over HTTP on port 80. Confirm it is open:
netsh advfirewall firewall add rule name="HTTP-80" protocol=TCP dir=in localport=80 action=allow
netsh advfirewall firewall add rule name="HTTPS-443" protocol=TCP dir=in localport=443 action=allow
Step 3 — Run win-acme
cd C:\ssl-tools\wacs
.\wacs.exe
In the interactive menu:
- Choose N (New certificate — simple for IIS)
- Select your MU server's IIS site from the list
- Confirm the domain names (e.g.
myserver.comandwww.myserver.com) - Accept the terms of service and provide your email for expiry notifications
- win-acme requests the certificate, completes the HTTP-01 challenge, and installs it into IIS automatically
win-acme renew that handles renewal every 90 days without any manual steps.Step 4 — Add the HTTPS Binding in IIS
Open IIS Manager:
- Expand Sites → click your MU server site
- In the right panel, click Bindings...
- Click Add and fill in:
- Type:
https - IP Address:
All Unassigned - Port:
443 - SSL certificate: select the
myserver.comcertificate installed by win-acme
- Click OK and close
Step 5 — Force HTTP-to-HTTPS Redirect
Edit the web.config at the root of your MU site (typically C:\inetpub\wwwroot\myserver\web.config) and add the following inside <system.webServer>:
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
redirectType="Permanent" />
</rule>
</rules>
</rewrite>
https://iis.net/downloads/microsoft/url-rewrite before editing web.config.Option B: Self-Signed Certificate for Internal or Test Environments
Use this option only for local testing or internal networks — browsers will display a security warning.
Step 1 — Generate the Certificate via PowerShell
$cert = New-SelfSignedCertificate `
-DnsName "myserver.com", "localhost" `
-CertStoreLocation "cert:\LocalMachine\My" `
-NotAfter (Get-Date).AddYears(2) `
-KeyAlgorithm RSA `
-KeyLength 2048
Write-Host "Thumbprint: $($cert.Thumbprint)"
Step 2 — Bind to IIS
Follow the same steps in Option A Step 4, selecting the self-signed certificate from the list.
Option C: SSL Certificate on Apache/XAMPP
For MU servers using XAMPP with PHP for the website and web panel:
Step 1 — Enable the SSL Module in XAMPP
Edit C:\xampp\apache\conf\httpd.conf and uncomment (remove the #):
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Step 2 — Generate Key and Certificate with OpenSSL
cd C:\xampp\apache
bin\openssl.exe req -x509 -nodes -days 730 -newkey rsa:2048 ^
-keyout conf\ssl.key\myserver.key ^
-out conf\ssl.crt\myserver.crt ^
-subj "/CN=myserver.com/O=MyServer MU/C=US"
Step 3 — Configure the HTTPS VirtualHost
Edit C:\xampp\apache\conf\extra\httpd-ssl.conf and locate the <VirtualHost _default_:443> block. Adjust it to:
<VirtualHost *:443>
ServerName myserver.com
DocumentRoot "C:/xampp/htdocs/mysite"
SSLEngine on
SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/myserver.crt"
SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/myserver.key"
<Directory "C:/xampp/htdocs/mysite">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Step 4 — Redirect HTTP to HTTPS in Apache
Create or edit C:\xampp\htdocs\mysite\.htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Restart Apache from the XAMPP Control Panel and test by navigating to https://myserver.com.
Database Updates After Enabling HTTPS
After activating HTTPS, update any stored URLs in the MU database that still reference HTTP:
-- Database: MuOnline or MuWebConfig (varies by WebEngine version)
-- Update the site base URL in the configuration table
USE [MuWebConfig]
GO
UPDATE [dbo].[SiteSettings]
SET [SiteUrl] = 'https://myserver.com'
WHERE [SettingKey] = 'BaseUrl';
-- If using WebEngine configuration table:
UPDATE [dbo].[WebConfig]
SET [ConfigValue] = 'https://myserver.com'
WHERE [ConfigKey] IN ('SiteURL', 'WebsiteUrl', 'BaseURL');
Verifying the SSL Installation
Test via PowerShell
# Check certificate validity and expiry date
$result = [System.Net.HttpWebRequest]::Create("https://myserver.com").GetResponse()
$cert = $result.ServicePoint.Certificate
Write-Host "Issued to: $($cert.Subject)"
Write-Host "Expires: $($cert.GetExpirationDateString())"
Test via curl
curl -I https://myserver.com
Expected response:
HTTP/2 200
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
Configuring HSTS (Advanced Security)
Add the HSTS header to enforce HTTPS at the browser level. In IIS, edit web.config:
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security"
value="max-age=31536000; includeSubDomains" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
preload directive until you have confirmed that HTTPS works flawlessly on all pages. Once added to browser preload lists, removing HSTS can take months to propagate.Common Troubleshooting
| Problem | Likely Cause | Solution | |
|---|---|---|---|
| ERR_SSL_PROTOCOL_ERROR | HTTPS binding not configured in IIS | Add binding on port 443 with the certificate | |
| Expired certificate | Automatic renewal task failed | Run .\wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/" | |
| Mixed content warnings | Hardcoded HTTP URLs in HTML/CSS/JS | Find and replace http://myserver.com with https://myserver.com in all files | |
| Port 443 already in use | Another service occupying the port | Run `netstat -ano \ | findstr :443` to identify the conflicting process |
| 403 error on HTTPS | Folder permissions in IIS | Grant read permission to IIS_IUSRS on the site root folder |
Next Steps
With SSL in place, consider also:
- Setting up monitored automatic renewal via a PowerShell script that sends an email alert on failure
- Installing a wildcard certificate (
*.myserver.com) to cover subdomains likepanel.myserver.com - Reviewing SQL Server security settings used by the site to enforce authenticated-only connections
Perguntas frequentes
Does Let's Encrypt work with a bare IP address?
No. Let's Encrypt requires a valid domain name (e.g. myserver.com). For IP-only setups, generate a self-signed certificate with OpenSSL or purchase a commercial certificate from a trusted CA.
My webEngineNET panel broke after enabling HTTPS. What should I check?
Verify the IIS binding is configured for port 443 with the correct certificate. Open IIS Manager → Sites → your site → Bindings → add HTTPS on port 443. Also confirm that web.config contains the HTTP-to-HTTPS rewrite rule.
How often does a Let's Encrypt certificate need to be renewed?
Every 90 days. Configure automatic renewal using win-acme with a Windows Task Scheduler entry so the certificate renews without manual intervention.
Player registration on the website stopped working after enabling SSL. What should I check?
Confirm the connection string in web.config points to the correct SQL Server instance and that the IIS Application Pool has network access. Also verify that registration form action URLs use absolute HTTPS paths.