Unable to get IIS to bind to Let's Encrypt certs Central Store


I currently have my IIS Central Store set up with a single wildcard certificate .pfx file, and all my sites use this wildcard cert.

I would like to switch to using Let's Encrypt certificates instead for each site.

I've tried using both Certify the Web and win-acme to generate my SSL certificates to place them into my IIS Central Store. Both clients generate .pfx file for each cert in the store just like they're supposed to.

However, if I check each site in a browser I see that the site is still using the old wildcard cert, not the new certificate .pfx files.

Has anyone you run into this before?

If the certs are available, then you may only need to bind the new certs to their sites in IIS.

Ok, cool, will I need to manually need to re-bind the certs every time it renews, or will this happen automatically?

I do not know how win-acme or Certify the Web handle such renewals.
If they use the exact same "cert name" it is possible that IIS only needs to restart that site to use the updated cert.

Did the re-binding show the correct cert?

Yes, I tried restarting a few sites but they still used the wildcard cert. If I edit the binding manually it gives me a choice of 2 certs, one from the local store and 1 from the CCS. Choosing the bindings this way works

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.