What should I see in Windows Certificate Manager?

Std. answers below. What should I see in the Windows Certificate Manager when WinAcme is saying my certs are valid and do not renew until sometime in January (two or three weeks in the future)? Because what I see are three entries for the domain and all of them show as expired.

My domain is: tampahybrids.online

I ran this command:

It produced this output:

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): WinServer 2019

My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @GTGeek88,

You can see the presently being severed certificate here SSL Checker
and presently I see it matches this issued certificate crt.sh | 15825760072

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f7:46:e4:30:7d:fd:36:86:70:3a:71:44:dd:96:0c:30:62
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: (CA ID: 295814)
            commonName                = R10
            organizationName          = Let's Encrypt
            countryName               = US
        Validity
            Not Before: Dec 20 02:23:37 2024 GMT
            Not After : Mar 20 02:23:36 2025 GMT
        Subject:
            commonName                = tampahybrids.online
        Subject Public Key Info:
.
.
.

I would think you would see that certificate somewhere in Windows Certificate Manager,
now it is really in the place in the certificate manager?

In Certificate Manager, I see three entries for the domain. Each one of them shows an expired date prior to today. I don't understand that.

Do any of them match this

?

I don't know what you're expecting to match, but certainly the expiration date does not match. What I see in Certificate Manager, as I've said, are three entries for the domain with the most recent expiration date being two days ago. The other two are longer ago than that. I see nothing that matches what WinAcme says and nothing that has not expired.

Can you snip that section of cert mgr and post it? Because none of what you describe matches the publicly issued certificates by Let's Encrypt for your domain. Shown below.

We don't understand what you see

image1797×609 132 KB

These for starters:

Also Windows may keep expired certificates, I am not sure.
Not being able to find the certificate in Window Certificate Manager, what issue is that causing?

My apologies, gentlemen, and thank you for your quick responses. When I found the certificates in Certificates\Personal\Certificates in Certificate Manager and one had a recent expiration date, I thought I was in the right place. But it was not exactly what I was expecting to see, so I wondered if WinACME was simply not working correctly with Windows in some way. My bad!! I got focused on that path to the certificates, but in the Certificates\Web Hosting\Certificates I found what I was expecting, was able to export the cert, and then use it in another app that needs it, thereby solving my real problem. So, again, my bad, and thanks very much for your time and efforts.

You should be able to configure win-acme to do whatever export/installation you need, allowing for renewals to be automated as well.

Well, I have the scheduled tasks for renewing the certificate, but WinAcme can't automate the import into this other program (and I'm trying to find out from the developer of that app why they can't simply make use of the certificate without it being imported into their software). Thanks for your reply.

Hi @GTGeek88 I've replied to your community post on CTW is not seeing my certificates - #2 by webprofusion - Question - Certify The Web - Support Community but fundamentally the app just doesn't work the way you're expecting it to.

You have a bunch of existing certificates in your local machine certificate store, acquired using other methods, but Certify Certificate Manager won't automatically show those, it will only show the managed certificates you have set up in that app. There is an option in the Settings of the app to show info from some external certificate managers (such as win-acme) mainly so you can see which certs you are managing in Certify and which you are managing with other things.

We cannot import certificates because they are just the end result, not the configuration of the certificate order (domain validation, CA settings etc) and deployment (to IIS or via a deployment Task etc).

Which program are you trying to import your certificate to?

I appreciate the reply. I thought CTW would be able to see/manage the Let's Encrypt created certificates, so, yes, I guess I was expecting the wrong thing. I don't really need any more help on this one, because I did get my issue resolved by finding the right certs in Certificate Manager and doing the export. Again, thanks for your help. I'll have to investigate CTW a bit more and see if I prefer it over Win-ACME (I do generally appreciate a GUI interface).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.