How to Fix a Revoked Certificate with WinAcme

In my IIS certificate dropdowns, to choose a certificate, I had over 8 certificates listed. I wanted to get rid of the old ones so I didn’t choose them by accident. I revoked 2 in order to remove them from the list. I didn’t think revoking an older unused certificate would shut down the entire site.

Unfortunately it has:

“You cannot visit right now because its certificate has been revoked. Network errors and attacks are usually temporary, so this page will probably work later.”

I’ve tried everything I can think of. I created new certificates. I rebooted the server. I made sure the websites are pointing in IIS to the new certificates. But when I do certificate checks, it’s still reporting is associated with the old revoked certificates.

How do I detach the websites from those old revoked certificates and get them active on the new ones I’ve made via WinAcme? My entire website is down.

Update. I tracked down every single certificate in my system relating to IIS and deleted them. The only instructions I could find were in French. That’s pretty bizarre. A reboot or two and I think that did the trick. I also did a ton of googling and hadn’t been able to find any pages talking about how to delete a revoked certificate. So hopefully this post here helps other people in the same situation.

It appears what you need to do is first delete the certificates on your local machine. Reboot. Generate a brand new certificate. I also deleted and reinstalled WinAcme along the way, I’m not sure if that was part of it. But all my attempts to simply generate a new certificate to replace the old didn’t work at all.

1 Like

This is not the expected procedure to remove a cert from use.
Revoking a cert means you have lost all confidence in the security of that cert (compromised).
Please don’t just do that to DELETE a cert.

1 Like

IIS manager | right-click site | choose edit bindings

1 Like

Thank you so much for taking the time to respond. I had actually done the IIS binding changes and it wasn’t making any difference. Even though IIS was showing the websites bound to the new certificates, the live websites were still showing the error with the revoked certificate. That was what was so baffling. And this despite rebooting IIS, rebooting the server, and so on.

I had to manually go into the certificate manager and delete the entire certificates before it started working again.

So it’s set now.

Yes, I’ve learned my lesson about not revoking a certificate and instead deleting it in the certificate manager when I want to get rid of it. Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.