IIS, Windows server 2019 newly created certificate as invalid on browser

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: without https:- platform.interxlab.io
after applying https:- https://platform.interxlab.io

I ran this command: successfully created the certificate by wacs.exe and even tried with 1 site binding or multiple. It always successfully generate and bind the certificate to selected domain.

It produced this output:I have created the ssl certificate for making my site secure (https), but browser says it’s invalid. Ealier I used lets encryption on my AWS account and I successfully generated and bind the ssl certificate and that certificate was valid. But now when I am trying on my own server (Windows 2019) it gives invalid certificate error(which I recently created specific to targeted domain)

My web server is (include version): IIS, windows server(2019)

The operating system my web server runs on is (include version): Windows 2019

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi,

In this case, you should confirm whether the binding is successful. https://www.ssl.com/how-to/binding-in-iis-10/

P.S. I personally don’t have experience in Windows IIS server, if you need further assistance, maybe contacting the software developer or Windows IIS forum might be better options.

Thank you

Hi Stevenzhu,

Binding is fine as I again crosscheck with your given link. But still issue is there.

Can you let me know the tag name of letsencrypt team’s windows iis supporting staff?

Thank you
Gaurav

Hi @gauravbadyal

then it would work.

Share a screenshot of your binding.

PS: Checking your domain there answers - an Apache - https://check-your-website.server-daten.de/?q=platform.interxlab.io

http has an IIS:

Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

but https:

Server: Apache

Hello @JuergenAuer

here are the screenshots
of my whole bindings process(now I am using api.interxlab.io because I over limit with platform.interxlab.io)

please find the attachments…

bindingResults775×570 49.3 KB

Your bindings aren’t relevant if there runs an Apache.

Dear @JuergenAuer, I am running on IIS (server windows 2019)

I am just wondering because the exactly same process I followed on my cloud rdp(AWS) where it works absolutely well but in my server it is causing issue of invalid certificate.

Hi,

I checked again and it turns out that the instructions I give you are for IP based binding, which won't work for mutiple websites.

You can look for SNI IIS 10 for the correct instructions or try the below thread:

I don't think this is a Let's Encrypt problem. You probably should ask in IIS Forum: https://forums.iis.net/

There answers an Apache. Your IIS is completely unrelevant.

Please check your system.

PS1: Your api.interxlab.io - again an Apache.

D:\temp>download https://api.interxlab.io/ -h
SSL error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
ProtocolError
X-Frame-Options: SAMEORIGIN
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 11 Aug 2020 08:46:33 GMT
Server: Apache
WWW-Authenticate: Basic realm="VisualSVN Server"

Status: 401 Unauthorized

PS2: @stevenzhu : The binding is correct, I use the same. Not selecting an ip address is always good.

I am just sending the attachment as a kind of surety check that it is on the windows server. But I am wondering why it is showing that this is on the apache server.

I have one kind of doubt:- If Windows server not activated then SSL certificate work or not?

windowsServer.PNG1661×862 238 KB

Now i understand why @JuergenAuer and I hold different views.
An interesting fact: You have IIS running on Port 80 (for HTTP) and Apache running on port 443.

curl -I -L platform.interxlab.io
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

curl -I -L https://platform.interxlab.io --insecure
HTTP/1.1 401 Unauthorized
Server: Apache

If your Apache server (I think it’s for other applications) keep running on port 443 and we (at least me) keep telling you to check your bindings, it’s definitely not going to work because the requests never reaches your IIS server. (Sorry @JuergenAuer)

In short: Find out where the Apache server is running and try to modify that to run alongside your IIS, or you won’t be able to see your sites in IIS in HTTPS.

@JuergenAuer and @stevenzhu Thank you very much.

The reason was another application was running on same port so I have just changed the external port and it works well.

Thank you for your support.

Best regards

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.