Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: [removed as it was irrelevant]
I ran this command: Added certificate to Anywhere Access wizard.
It produced this output: “You can import only trusted SSL certificates. Get a trusted SSL certificate, and then import the trusted certificate.”
My web server is (include version): IIS (cert is valid on IIS)
The operating system my web server runs on is (include version): Windows Server 2016 Standard (with Essentials role)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): CertifyTheWeb
I am having the exact same issue as this reddit post. except I am on Windows Server 2016 instead of 2012 R2 Essentials. I will quote the post below as it all pertains to what is happening to me.
The utility ‘Certify the Web’ is able to request, install and renew a Lets Encrypt SSL cert on my Windows Server 2012 R2 Essentials. It works perfectly on the default web site of the server. When I try to import that cert in the Anywhere Access wizard though, it is rejected with the error “Certificate is not trusted” and the explanatory text “You can import only trusted SSL certificates. Get a trusted SSL certificate, and then import the trusted certificate.”
The thing is, the cert is trusted by remote web visitors and by IE and Chrome on the server itself, so I am stuck.
I have been following this excellent guide: https://www.server-essentials.com/support/articleid/143/get-a-free-lets-encrypt-ssl-certificate-for-access-anywhere-and-automatically-renew-it
but for step 2 (export the certificate), I have also tried using the Certificates snap-in in MMC, which provides some additional options, including “Include all certificates in the certification path if possible” and “Export all extended properties” . No combination satisfies the wizard, though. I have used commercial certs here before without problems. Any ideas?
I have imported the full chain of certs into Windows and I am still having this issue.