Hi, I have used LetsEncrypt-Win-Simple in windows server 2016 to create my website certificates and i have 2 domains that i create certificate for each one, in iis server certificates list they are exists and everything is ok, and also in website binding setting both of them are exists and ok, now when i open website on my google chrome client, browser tells me that certificate is not safe and also shown in certificate info : issued by localhost!!
I don’t know where is wrong?
Thanks for helping.
Server OS: windows server 2016
Web Server: IIS 10
Domains:
www.sharannuts.com
www.sharannuts.ir
checking your first domain via https://check-your-website.server-daten.de/?q=sharannuts.com there are wrong certificates used.
First, you don't have an A entry of your main domain:
| Host | T | IP-Address | is auth. | ∑ Queries | ∑ Timeout |
|---|---|---|---|---|---|
| sharannuts.com | A | yes | 1 | 0 | |
| AAAA | yes | ||||
| www.sharannuts.com | A | 185.252.28.43 | yes | 1 | 0 |
| AAAA | yes |
The www version has a self signed:
CN=localhost
23.05.2018
23.05.2023
expires in 1500 days localhost - 1 entry
And http + www redirects to http://www.thtc.ir.
Same with your second domain ( https://check-your-website.server-daten.de/?q=sharannuts.ir ):
The second domain name has a new certificate, but it's not used.
| CRT-Id | Issuer | not before | not after | Domain names | LE-Duplicate | next LE |
|---|---|---|---|---|---|---|
| 1384058060 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-04-14 05:42:11 | 2019-07-13 05:42:11 | www.sharannuts.ir | duplicate nr. 1 | |
| 1173148243 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2019-02-03 13:05:57 | 2019-05-04 12:05:57 | *.sharannuts.ir, sharannuts.ir |
Same with your first domain.
Looks like your bindings aren't correct. Did you add the hostname value and checked "SNI required"?
Looks like both domains use the standard binding, not the individual binding.
Share a screenshot of your bindings.
Now I've read the header details of https://check-your-website.server-daten.de/?q=sharannuts.com
See
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://www.thtc.ir | 301 | https://www.thtc.ir/ | 0.050 | A |
| • http://www.sharannuts.com/ | ||||
| 185.252.28.43 | 302 | http://www.thtc.ir | 0.197 | D |
| • https://www.thtc.ir/ | 404 | 0.763 | M | |
| Not Found | ||||
| • https://www.sharannuts.com/ | ||||
| 185.252.28.43 | 200 | 3.874 | N | |
| Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors | ||||
| • http://www.sharannuts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 185.252.28.43 | 404 | 0.434 | A | |
| Not Found | ||||
| Visible Content: Server Error 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable. |
there is a checkbox
show header
Your http version answers:
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.2.7,ASP.NET
But your https has a different header:
Server: Kestrel
Looks like your IIS isn't used. So your bindings (looks ok) aren't used.
Thanks bro, I you said https was handling by Kestrel, and was from a default setting in visual studio asp.net core application properties, so i disable it and republish project to iis and problem resolved,
I just say for others guy that might have same issue in future :
Visual studio asp.net core project - > properties -> debug - > Uncheck Enable SSL
(this will disable localhost managing ssl by Kestrel)
Thanks to @JuergenAuer again,
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.