Can't reach HTTPS, Azure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nttdata.westeurope.cloudapp.azure.com

My web server is (include version): IIS 10

The operating system my web server runs on is (include version):Windows Server 2019

My hosting provider, if applicable, is: Microsoft Azure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

Hi Guys,

I am pretty new in the Certificates Topic and need some Help.

I have created a Certificate via Certbot. I had .pem files, but the IIS and my Application wanted a .pfx file, I used OpenSSL and converted them. Then I loaded it to the IIS and also in my Application.

The Ports in Archer and in IIS for 443(HTTPS) are open but I am not getting to it.

I am finding my Certficate in “Certificate Transparency logs” (https://crt.sh/?caid=16418).

Here are some Screenshots from my Configurations:

image1121×800 148 KB

Hopefully somebody can Help me.

Seems like a firewall, or IPS, blocking issue.
Ensure port 443 is open from the Internet.
Also confirm your IP (hasn’t changed):

Name:    nttdata.westeurope.cloudapp.azure.com
Address:  51.136.58.113

[not likely]

Hi @ager24

works your https internal?

curl https://nttdata.westeurope.cloudapp.azure.com/

from that machine?

If yes, it’s only a firewall-, may be an azure config problem.

It’s not working internally to. HTTP is Working fine but not HTTPS.

It can be that the IP is changed from the IP when the Certificate was issued, but I was thinking that the Issued Certification only look on the Domain name ?!

Then share your binding - create a screenshot.

Restart the server.
[Patch Tuesday may be at play here]

That is, do all your Windows Updates

… and the binding details of your port 443 binding.

Do you mean this ?

There is no certificate selected.

Creating a certificate is only the first step.

You have to select that certificate, so the binding uses that (and not another) certificate.

Forgot it because I got this Error, don’t sure why, I already restarted the server maybe I need the Updates.

image876×643 82.9 KB

No. That error says, the private key doesn't exist or can't be used.

There are a lot of problems possible.

Wrong certificate store, wrong .pfx creation, wrong import to that certificate store.

PS: Use Google. That's an old problem, tons of reasons are possible. It's not an update problem.

The certificate store must show something like

2020-09-09.server-daten.private-key359×513 24.4 KB

That key symbol is required:

You have a private key

If that private key symbol doesn't exist, you can't use the certificate with your webserver.

How (exactly) did you create the PFX file?

Private Key ist da. I have created with Open SSL with this tutorial: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

I ofc. I had changed that command.

Or maybe is that the Problem ? I have the Certificate in “Personal” ?

image1210×607 31.6 KB

That's the wrong place, must be machine \ Web Hosting.

Duplicated imports -> certificate can't be used.

And delete the certificate there. As written: Tons of problems possible.

Yes, cert should be in web hosting
remove it from IIS
drag it to correct location
then add back to IIS

Now your https works.

YES !!! THANK YOU GUYS VERY MUCH !!! I am really new in this topic, but learned a lot in the last two days.

Only one last Question, do I need to Update this Section ?

image802×318 8.25 KB