Can't reach HTTPS, Azure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nttdata.westeurope.cloudapp.azure.com

My web server is (include version): IIS 10

The operating system my web server runs on is (include version):Windows Server 2019

My hosting provider, if applicable, is: Microsoft Azure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

Hi Guys,

I am pretty new in the Certificates Topic and need some Help.

I have created a Certificate via Certbot. I had .pem files, but the IIS and my Application wanted a .pfx file, I used OpenSSL and converted them. Then I loaded it to the IIS and also in my Application.

The Ports in Archer and in IIS for 443(HTTPS) are open but I am not getting to it.

I am finding my Certficate in “Certificate Transparency logs” (https://crt.sh/?caid=16418).

Here are some Screenshots from my Configurations:

Hopefully somebody can Help me.

Seems like a firewall, or IPS, blocking issue.
Ensure port 443 is open from the Internet.
Also confirm your IP (hasn’t changed):

Name:    nttdata.westeurope.cloudapp.azure.com
Address:  51.136.58.113

[not likely]

Hi @ager24

works your https internal?

curl https://nttdata.westeurope.cloudapp.azure.com/

from that machine?

If yes, it’s only a firewall-, may be an azure config problem.

1 Like

It’s not working internally to. HTTP is Working fine but not HTTPS.

It can be that the IP is changed from the IP when the Certificate was issued, but I was thinking that the Issued Certification only look on the Domain name ?!

Then share your binding - create a screenshot.

1 Like

image

Restart the server.
[Patch Tuesday may be at play here]

That is, do all your Windows Updates :slight_smile:

… and the binding details of your port 443 binding.

1 Like

Do you mean this ?
image

There is no certificate selected.

Creating a certificate is only the first step.

You have to select that certificate, so the binding uses that (and not another) certificate.

1 Like

Forgot it because I got this Error, don’t sure why, I already restarted the server maybe I need the Updates.

No. That error says, the private key doesn’t exist or can’t be used.

There are a lot of problems possible.

Wrong certificate store, wrong .pfx creation, wrong import to that certificate store.

PS: Use Google. That’s an old problem, tons of reasons are possible. It’s not an update problem.

The certificate store must show something like

That key symbol is required:

You have a private key

If that private key symbol doesn’t exist, you can’t use the certificate with your webserver.

1 Like

How (exactly) did you create the PFX file?

image

Private Key ist da. I have created with Open SSL with this tutorial: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

I ofc. I had changed that command.

Or maybe is that the Problem ? I have the Certificate in “Personal” ?

That’s the wrong place, must be machine \ Web Hosting.

Duplicated imports -> certificate can’t be used.

And delete the certificate there. As written: Tons of problems possible.

2 Likes

Yes, cert should be in web hosting
remove it from IIS
drag it to correct location
then add back to IIS

1 Like

Now your https works. :+1:t2:

2 Likes

YES !!! THANK YOU GUYS VERY MUCH !!! I am really new in this topic, but learned a lot in the last two days.

Only one last Question, do I need to Update this Section ?

1 Like