If you add a certificate to IIS Manager SERVER CERTIFICATES section using COMPLETE CERTIFICATE REQUEST that appears without error but then is not visible the next time you go to (or refresh) the SERVER CERTIFICATES, we have the answer.
The problem is likely that you somehow added that certificate to your server using Certificates MMC. This can easily happen if you are installing GoDaddy intermediate certificates. You should only add the certificate named something like gd-g2_iis_intermediates.p7b and NOT the .CRT or .CER certificates.
The disappearing certificate is very frustrating but relatively easy to fix. If you accidentally added your cert, rather than just the intermediate cert, you need to do four things:
- Remove that cert
- Get a the cert rekeyed
- Add the cert to IIS
- Assign the cert to your website
In my case I was working on adding a certificate to a Remote Desktop Services (RDS) Gateway and bunged it up. Here is how I fixed it:
HOW TO REMOVE A CERTIFICATE:
- Click START, type mmc.exe and press the enter key
- Click FILE > ADD/REMOVE SNAP-INS
- Double click CERTIFICATES
- Select COMPUTER ACCOUNT
- Click FINISH (i.e. leave it at the LOCAL COMPUTER default)
- Click OK
- Expand CERTIFICATES > PERSONAL
- Right click on your cert that should not be there (in my case this was issued by GoDaddy). Be careful NOT to select the default cert issued by your own server
- Select DELETE
HOW TO GET A CERTIFICATE REKEYED:
There no cost to getting a certificate rekeyed with any of the vendors I have used before.
Every vendor has their own process for getting a certificate rekeyed so I will not waste your time here other than the generic steps:
- You need to create a new CSR using IIS as explained in THIS GoDaddy article.
- Go to your vendors website, find the place that you download your certificate. There will likely be a REKEY option there. In GoDaddy’s case the path is to sign in, click your name (top right corner), click MY PRODUCTS, expand SSL CERTIFICATES, click MANAGE on your certificate
- You will have to wait for verification again, but it should be very quick. In GoDaddy’s case I have not seen it take more than 1 hour
- When the new certificate is ready, download it
ADD THE REKEYED CERTIFICATE TO IIS:
NOTE: You do NOT need to use the CERTIFICATES MMC here. You only needed that MMC to install the intermediate certificates which will not have changed from the first time you added them.
- Start INTERNET INFORMATION SERVICES MANAGER (IIS Manager)
- Click on the host name of the server (not the website) and double click on SERVER CERTIFICATES applet (in the center section)
- Click COMPLETE CERTIFICATE REQUEST (either from the ACTIONS menu or just right click on blank space)
- Use the … button find the .CRT or .CER file. If you have a GoDaddy cert, it will be a .CRT and you will need to change the file type drop down box to *.* to see it.
- Type the FRIENDLY NAME as the exact name of the cert (i.e. rdsg.mydomain.com)
- Leave the SELECT A CERTIFICATE STORE at PERSONAL and click OK
If you are still confused how to install the cert or assign it to your website, THIS GoDaddy article will help.
ASSIGN THE REKEYED CERTIFICATE TO YOUR WEBSITE:
- In IIS Manager click on the website you want to use the certificate on (NOT the hostname of the server). If this an RDS Gateway server, you will want to click DEFAULT WEB SITE
- Click BINDINGS (in the actions pane at the top right)
- Double click on the HTTPS option
- In the HOST NAME, type in the exact name used in your certificate (i.e. rds.mydomain.com)
- Select the new certificate from the SSL CERTIFICATE dropdown
- Click OK then OK and then have a nice day, you are done.
I found a number of other sites useful in figuring out this disappearing certificate issue, including THIS GoDaddy forum.
18 Comments
John C · July 27, 2021 at 10:42 am
We have several servers using the same certificate (behind the load balancer). We installed the certificate on 2 of them no problem. But on the 3rd server we’re having the disappearing certificate issue. My question is, if we have the certificate REKEYED, will it still work on the first 2 servers?
Ian Matthews · July 27, 2021 at 12:29 pm
Hi John;
I expect a certificate rekey would work on all servers as rekey’ing happens all the time now (if you key has leaked, if you had a change in IT staff, if you were hacked…).
I hope that helps 🙂
Geek561 · April 9, 2021 at 3:03 pm
Thanks. You save my day.
MICAH · August 26, 2020 at 6:32 am
Thank you very much
Ben · March 22, 2020 at 10:05 pm
you saved my life
Rajesh Sachdeva · January 24, 2020 at 11:55 pm
You are a life saver!
Paramjeet Singh · January 22, 2020 at 4:30 am
Thank you very much. This article helped a lot.
Nason Harms · January 8, 2020 at 8:14 am
Or you could admin CMD certutil -repairstore my “#### Thumbprint HASH CODE of the offending cert”
as per this sites instructions.
https://www.sslsupportdesk.com/troubleshooting-missing-ssl-private-key-in-windows-server/
Suraj · December 10, 2019 at 5:31 am
Thanks a lot for sharing this. It made my day
Mohammed Sheriff Yousef · November 8, 2019 at 5:27 pm
You are so gorgeous, you saved me
JAMES PERKINS · August 13, 2019 at 8:34 pm
Rekeying did not work for me. I had to “Create Certificate Request” from my server then submit this request for a rekey then it worked. When adding the certificate this time it stayed and did not disappear even when refreshing with the F5 key. I think Godaddy supplies their text keys and don’t explain what these are for and how to apply them.
Maurício Welter · June 26, 2019 at 12:39 pm
thank you so much from Brasil …
Lokesh Savdekar · March 15, 2019 at 12:19 am
thank you so much brother…you are great.
Charles Fettinger · March 14, 2019 at 11:18 am
We had this issue with a godaddy certificate yesterday. We rekeyed 3 times, finally godaddy tech support created the cert from the 3rd CSR we had previously used and it worked. The Cert they generated was different when tech support created it.
This is definitely a system issue at GoDaddy.
shay · January 18, 2019 at 8:22 am
my friend, you are a life saver!!! tnx a lot 🙂
Suraj · November 1, 2018 at 12:58 pm
Thanks a lot for sharing this. It made my day 🙂