503 error. Binding are correct. And used several tooles

I had no problems what’s so all before. After an update of Windows server 2016 and used Certify The Web I got a new certificate.
So, checked everything, even SSLlabs found it, but not the server!
503 Error: access denied! Port 80 works, so is the mailserver.on port 443 (2 differnt servers standing alone).

Tried several tools, latest was acme. Error this and that.
Access denied.

I’m busy for almost 3 days and in the mean time there are about 8 certs on the webserver!

My domain is:surfgate.be

I ran this command:letsencrypt.exe

It produced this output:you don’t wanna know

My web server is (include version):

The operating system my web server runs on is (include version):Windows Server 2016

My hosting provider, if applicable, is: Proximus business line

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): sometimes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):Certify the Web and DigiCertUtil -ACME

Are you using IIS, Apache, NGINX ???
Which control panel do you use?

IIS 10 now. This is so frustrating. to walk over the ceiling.

Do you see the certs in the MMC (certmgr.msc)?
Which folder are they in?

Does IIS see the certs?

I used Powershell and the onsole of IIS itself…
Also i can’t do a complete restore…
The most important thing is that the mailserver is running

Been busy since all night. And i have to go pick up wy wife at the airport in Brussels…
This will be a very long day.

It used to work.
I looked at many sites. Use this tool and this tool tehy said with their little Windows machine or worse, laptop.
Maybe spyware, I don’t know.

I think you might be overlapping "control"...

Five different ways to mange certs (including PS / IIS).
That looks like too many cooks spoiling dinner...

But if you fear for malware, you should have the entire system files checked before you continue.

I hate to bear bad news but…

Your current operational state is unclear/unknown.
Your normal operational state is undefined.

It is difficult to get somewhere that is undefined from a location that unclear/unknown.

Yes, my “motto” is:
Master
Of
The
Tottaly
Obvious

a.k.a. “Captain Obvious”

I deleted the other cert, installed a new one.
Now it get this error: PR_CONNECT_RESET_ERROR

Then the error is not with getting a cert - one less problem.

What is giving this error?
[PR_CONNECT_RESET_ERROR]

Something to do with the browser and also not local binded.
THE LIGHT IS AT THE END OF THE TUNNEL! (I hope)

Do you get that error from within your network only?
Or also from the Internet?

Do you have another system to test from?

To the default domain (“surfgate.be”), I get:

curl -Iki https://surfgate.be/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to surfgate.be:443

And

openssl s_client -connect surfgate.be:443 -servername surfgate.be
CONNECTED(00000005)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 313 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

It seems that there are missing ciphers, or protocols, or both, in your config.

flushed the dns
same error

This is NOT a DNS error.
It is a protocol/cipher binding error.

Try using:
IIScrypto

[check on both tabs - any changes made will require a reboot]

Thx, I’ll try that.
First a couple hours of sleep!

Hi @Attacus

there is no correct answer. So

• there is no binding
• the binding is wrong, no certificate or another problem.

That's not a problem you can fix with IISCrypto.

That's a problem of yor IIS running port 443.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.