Existing sites serve incorrect certificate after new cert/site added

My domain is: sharonstiles.co.uk, thinksnack.co.uk, mindblockssorted.com

I ran this command:

It produced this output:

My web server is (include version): IIS 8.5

The operating system my web server runs on is (include version): Windows 2012 dedicated server managed via RDP

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): ACMEv2 WACS v 2.0.5.246

Two existing web sites - sharonstiles.co.uk and thinksnack.co.uk - have been running as HTTPS with letsencrypt certs for some time on the same IP with SNI. Two non-HTTPS sites are also on the same IP. There are also several other HTTPS sites on the same server though different IPs; these are all ok.

Today I converted another long-running existing site - www.mindblockssorted.com - to HTTPS using a letsencrypt cert on the same IP. It works as expected.

A while later my server-watcher reported the earlier two HTTPS sites as failing. On examination, both sites were displaying the new certificate instead of their own. The new site had no problem.

The certificates were all correctly assigned in IIS and a review of them showed no problem.

I removed the new cert and tried the sites again. All three showed the same cert as before - I assume this was a caching problem. I obtained a new cert for mindblockssorted - same problem but with new cert.

I’ve tried several browsers from my desktop plus a couple from two online servers. All give the same result.

I’m guessing the fact that all three sites are on the same IP (though with SNI) may be causing a problem, though there was no problem with just two HTTPS sites.

I read of a problem with an IIS cert renewal but that does not seem applicable.

Any ideas, please?

1 Like

Hi @dstiles

sounds like your SNI setup is wrong.

Share a screenshot of one binding.

1 Like

I was absolutely certain all SNIs were ticked. I missed ONE, dammit! :frowning:
Thanks for the prompt! :slight_smile:
One thing: The group that contained that SNI was Stopped in IIS Manager. No excuse but it’s worth noting, I think.

Thanks again!

1 Like