After installing SSL certificate, website now prompts me with a sign-in box

waheez · June 16, 2023, 10:34am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://app.quoteit.ca
I ran this command:
Install new ssl certificate using "Certify the Web" UI client and verified domain using http-01 method.
It produced this output:
It installed the certificate and created new bindings for port 443
My web server is (include version):
Dedicated Windows Server from ionos
The operating system my web server runs on is (include version):
Windows Server 2019, IIS 10
My hosting provider, if applicable, is:
iONOS
I can login to a root shell on my machine (yes or no, or I don't know):
yes, also remote desktop login
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): "Certify the web" https://certifytheweb.com/

So all looks good from installing the certificate and verifing the domain but when I visit the url, I am being prmpted to a sign in box, and I don't how what credentials it ask. I have also create simple html website with same results.

MikeMcQ · June 16, 2023, 11:50am

I agree your cert looks good.

And, I see the below response to your domain which is causing the sign-in. But, that's coming from something in your server configuration. You said IONOS provides the server system so you should ask them. Or, try posting on the Certify the Web community forum. There are more Windows server experts there that might have seen this before.

The problem is the below response which is not coming directly from IIS but something enforcing NTLM on your system. I only know from google what NTLM is

curl -I https://app.quoteit.ca/

HTTP/2 401
server: Microsoft-HTTPAPI/2.0
www-authenticate: Negotiate
www-authenticate: NTLM
date: Fri, 16 Jun 2023 11:45:30 GMT

rg305 · June 16, 2023, 3:51pm

That may well be coming from IIS.
The site needs to allow anonymous access.
In IIS Manager, locate the web site and open "Authentication":

Then ensure "Anonymous Authentication" is enabled:

system · July 16, 2023, 3:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.