Where this is what I am presently seeing (IPv4 only)
$ nmap kratosinferno.fr
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-05 22:19 UTC
Nmap scan report for kratosinferno.fr (91.216.107.49)
Host is up (0.16s latency).
Not shown: 938 filtered ports, 58 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 8.53 seconds
They are now using the ddns domain Bruce
Yes I used Chrome to go to the url and I had this :
Yes, Chrome found the HTTP site because you have port 443 blocked and it could not find the HTTPS site. You need to get port 443 working
nmap -Pn -p80,443 kratosinferno.ddns.net
rDNS record for 90.52.5.244: lfbn-lyo-1-1610-244.w90-52.abo.wanadoo.fr
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
as mentioned in my first post, ports 80 and 443 are redirected to my server.
You might think that is true but it is not 
Example
curl -I -m7 http://kratosinferno.ddns.net
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
curl -I -m7 https://kratosinferno.ddns.net
curl: (28) Connection timed out after 7001 milliseconds
My bad. 
Yes, that looks OK as does your router.
Maybe you have something else blocking port 443. Or, maybe the router has a firewall setting that needs adjusting? Or, maybe the router is using port 443 for its own purposes? Or maybe just restart the router?
In any case, this is just a comms config or possible server config problem. Once that is resolved HTTPS and the cert should work fine.
There is nothing I see that would be "fixed" by using a different domain name
@Kratos You might also try posting on the Certify the Web forum. Chris (webprofusion), the author of Certify, often checks in here but you might get quicker response there.
Even refer to this thread showing we checked out the basics but it might be something unique to Windows. I don't know IIS very well and perhaps it's some port or binding issue.
I configured the certificate on the ddns, this part is OK.
When I try to reach http://kratosinferno.ddns.net : IIS answer correctly.
But httpS://kratosinferno.ddns.net doesn't answer at all.
I checked the firewall in my router but I didn't see anything that can block it.
I agree. I don't see anything yet but something very definitely is. See my post just prior to yours. We cross-posted. I'm pretty sure at Certify they'll find it quick.
It's ok it works !
In IIS, the link to https was not present
I added it and now I got https on my ddns
Thanks a lot for your time all, your help is really appreciated !
Just as a follow up, if you define your IIS http binding with a hostname then Certify can automatically create that corresponding https binding (which should be SNI, just in case you haven't set that).
If instead you manually enter domains into the app it will add them to the certificate, but it doesn't know which IIS site to apply the binding for without a matching hostname (some users have many thousands of websites on the same server). You can see what Certify plans to do for your next renewal on the Preview tab, which should now show the planned update to the https binding under the Deployment section (scroll down to see that).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
