It produced this output - another site hosted on our server started displaying SSL certificate errors as the SSL had swapped over to the one I had just created, rather than keeping the one it should have stayed on - we have swapped it back but I would like to know what caused it to happen.
My web server is: Microsoft Windows Server 2008 running IIS V6
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No
Definitely an excellent argument for upgrading to a more modern web server!
If you absolutely can’t upgrade, you could get a single Let’s Encrypt certificate that covers all of the domain names that are hosted on that server. This won’t require the use of SNI but will still support separate virtual hosts at the HTTP layer.
Ok then thanks guys - Upgrading the current server is currently not an option for us but we can look into moving this website onto a different hosting platform as it is relatively seperate from the rest of them - do you know how I can uninstall this SSL from ISS7 at all?
We have decided to look into hosting the site somewhere else but unfortunately there has been another problem.
As we were going to move it somewhere else I figured the SSL would no longer be needed on our current box so I deleted the certificate and the HTTPS binding for promisemoney.co.uk, also the tool I used sets up a Scheduled Task to renew the certificate which I cancelled. However, this morning we were having SSL issues again with the other site as before. I did check the bindings at the end of last night and they were correct but this morning something must’ve changed with them,
Do you know if there is anything else that I could look at to resolve this as I’m worried the box may be infected from installing the tool I mentioned above.
Have other people used it and can confirm if it is safe?
As far as I am aware, you only have to worry about the scheduled task as the tool is pretty much self-contained. You can try also deleting the registry key it creates to track the certificates that are issued, which is HKCU\Software\lets-encrypt-win-simple\https://acme-v01.api.letsencrypt.org/\Renewals (per the tool’s wiki).
The letsencrypt-win-simple tool is used by quite a few people, so it should be safe if you got it from the official GitHub project page.