SSL certificate is installed on iis and website but in browser is unknown

Hi, I have used LetsEncrypt-Win-Simple in windows server 2016 to create my website certificates and i have 2 domains that i create certificate for each one, in iis server certificates list they are exists and everything is ok, and also in website binding setting both of them are exists and ok, now when i open website on my google chrome client, browser tells me that certificate is not safe and also shown in certificate info : issued by localhost!!
I don’t know where is wrong?
Thanks for helping.
Server OS: windows server 2016
Web Server: IIS 10
Domains:
www.sharannuts.com
www.sharannuts.ir

Hi @MarshalOfficial

checking your first domain via https://check-your-website.server-daten.de/?q=sharannuts.com there are wrong certificates used.

First, you don’t have an A entry of your main domain:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
sharannuts.com A yes 1 0
AAAA yes
www.sharannuts.com A 185.252.28.43 yes 1 0
AAAA yes

The www version has a self signed:

CN=localhost
	23.05.2018
	23.05.2023
expires in 1500 days	localhost - 1 entry

And http + www redirects to http://www.thtc.ir.

Same with your second domain ( https://check-your-website.server-daten.de/?q=sharannuts.ir ):

The second domain name has a new certificate, but it’s not used.

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1384058060 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-04-14 05:42:11 2019-07-13 05:42:11 www.sharannuts.ir duplicate nr. 1
1173148243 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-02-03 13:05:57 2019-05-04 12:05:57 *.sharannuts.ir, sharannuts.ir

Same with your first domain.

Looks like your bindings aren’t correct. Did you add the hostname value and checked “SNI required”?

Looks like both domains use the standard binding, not the individual binding.

Share a screenshot of your bindings.

Thanks for your answer,
below is my binding screenshot:

Now I’ve read the header details of https://check-your-website.server-daten.de/?q=sharannuts.com

See

Domainname Http-Status redirect Sec. G
http://www.thtc.ir 301 https://www.thtc.ir/ 0.050 A
http://www.sharannuts.com/
185.252.28.43 302 http://www.thtc.ir 0.197 D
https://www.thtc.ir/ 404 0.763 M
Not Found
https://www.sharannuts.com/
185.252.28.43 200 3.874 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://www.sharannuts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.252.28.43 404 0.434 A
Not Found
Visible Content: Server Error 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

there is a checkbox

show header

Your http version answers:

Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.2.7,ASP.NET

But your https has a different header:

Server: Kestrel

Looks like your IIS isn’t used. So your bindings (looks ok) aren’t used.

Thanks bro, I you said https was handling by Kestrel, and was from a default setting in visual studio asp.net core application properties, so i disable it and republish project to iis and problem resolved,
I just say for others guy that might have same issue in future :
Visual studio asp.net core project - > properties -> debug - > Uncheck Enable SSL
(this will disable localhost managing ssl by Kestrel)
Thanks to @JuergenAuer again,

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.