Why i can not renew expired cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:agenthost.itourlink.com

I ran this command:

It produced this output:
But cert on outwebsite not update, still expired on 22 Mar 2023

My web server is (include version):
Windows Server 2012, IIS 8.5.9600

I would try restarting IIS.


It seems like you were able to renew the expired cert:

But the website continues to serve the expired cert:
SSL Server Test: agenthost.itourlink.com (Powered by Qualys SSL Labs)


I think the "No bindings have been changed" message is a clue. Do you have multiple IIS sites with the same hostname in the binding? Perhaps a site that's stopped?

Either way wacs is confused about which binding to update, so open IIS Manager on the server, expand Sites, click your site and select Binding.. from the actions panel. Edit the existing https binding shown and select the latest certificate.

The other reason a server can serve an outdated certificate is if you have created an IP specific binding on one of the sites (not using SNI with the hostname set), as these take priority over any other binding that shares the same network IP address and SNI bindings are ignored.


Thank for your help, i've just fixed it by your guide. Thank again to all you guys replied to me!


No problem, be aware that when you renew the cert next time to look out for this same issue as manually updating the binding is just a workaround and it's not really solved until you can get it to auto update the binding for you. Make sure you're on the latest version of their app.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.