I installed the Let’s Encrypt certificate using win-acme.v1.9.10.1.zip on IIS 8.5. Installs okay but when I browse the site https://www.vodanile.com then I get this error DLG_FLAGS_SEC_CERT_CN_INVALID

Any help on this is appreciated.


see: https://www.ssllabs.com/ssltest/analyze.html?d=www.vodanile.com&hideResults=on

I have seen that and wanted help on my initial post. Thanks

Are the two domains supposed to be using the same IP?

@rg305 Yes both links are on the same domain but on different servers.

to be clear:
What are the internal and external IPs of the servers?

What is that got to do with this? Surely you can view the external ip already?

If you are using only one external IP and trying to forward the same port (443) to two separate internal servers…
then you will fail (without additional considerations).

Any way round this to fix it?

There are always ways…
But without more detail it is difficult to be specific on any direction/instruction.

443 is forwarding to physical server and www is on virtual machine on the same server

Physical and virtual are considered as equal.
So there are two servers with two separate IPs.
The first server gets all the 443 requests.
The first server can handle the first service but fails to deal with the second servers’ service.
…You could add a reverse proxy on either server (or create an additional dedicated virtual server) to handle all 443 requests and then forward them to their specific internal server.

Ubuntu with NGINX and Certbot-Auto would do the trick nicely.

If I move www to the same server as mail, would LetsEncrypt installation remove the mail ssl ? Or would they both work on the same server?

Could I install certbot auto on www virtual machine or I need to install it on a dedicated virtual machine?

If you could get both services to run from the same server, that may solve your problem.
LE would not remove anything unless you instruct it to do so.
It sounds like your servers are running IIS on Windows.
Certbot and Certbot-Auto are not Windows programs - they require some version of Linux.
That said, you could run a reverse proxy using NGINX (or Apache) for Windows and not have to learn another O/S and without having to dedicate a virtual system just for that one function.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.