I have been plagued with an issue since I started using Let’s Encrypt. Getting all 9 certificates to run smoothly has been challenging. IIS will choose randomly one of the certs to use for all of the domains. Everything looks perfect inside of IIS. The certs are available and linked correctly but when I go to a browser to visit the site, I get an error saying that it is using the wrong cert.
www.--------.org uses an invalid security certificate. The certificate is only valid for dev.fullcirclerescue.org Error code: SSL_ERROR_BAD_CERT_DOMAIN
In the past I have just tried a bunch of different things to get it to work. Usually a server restart and killing IIS and the application pools a few times gets everything to work correctly again. The issue is that today it is not working. Certify is fully updated and I have the paid license.
I am really hitting my head aginst the wall. Every 3 months I go through hell with this damn system
Also, if I try to change the cert in IIS, it does not acknowledge the change. It is totally stuck on the random cert.
IIS is not easy to configure.
Check the bindings and ensure you have all the correct hostnames with the individual certs.
Yeah, I have been working with IIS for almost a decade now. Everything is configured perfectly. I have been running Certify for almost 2 years now and I have been able to get everything to run good but then when I go to renew my certs every 3 months I randomly run into issues. I think it was last November that I had problems last.
I am using Windows server 2016 dataserver edition on Windows Azure. I had the same issue with Windows 2012 on a dell server before I migrated to Azure.
All 9 domains share the same IP address but that is not a problem. I run and work with a handful of non-profits. These are simple non-profit wordpress websites.
Even after I erase the certificate from the server, the site still is still connected to this single domain. It makes no sense. I also deleted the cert from the IIS cert manager after deleting it from Certify.
And now after 30 minutes of screwing with it, one of my domains has the correct certificate signed and the site is running.
I have restarted IIS countless times, restarted the whole server 4x, deleted certs and recreated them. I have no idea what makes things sort of work.
And now it is totally fixed. All 9 sites are back up and using their correct certs. The hardest problem with this bug is I never know what I do to fix it. Sometimes renewal works flawlessly, sometimes it does not. Sometimes I can add a new domain into my certify list and other days it breaks all of the sites. I have had identical experiences with both my dell server and this azure server.
I don’t have enough information to help you further.
But I am glad to hear that they are all working now.
I would take pictures of all the working settings and store them away for the day you encounter another failure.
That is the whole problem. I did not change any settings. After about an hour of restarting services and the system, things just magically started working. It is such a frustrating bug.
Ensure you are not mixing hostname:port with IP:port nor with “All unassigned”:port - stick to one format.
See this for more (or less): https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.