Binding for cert getting inserted on wrong site?


#1

We have several sites on an IIS server. We have done some moving around of site ID’s over time. Sometimes when the certs are automatically renewed, it’s shoving binding entries for a site into the wrong IIS site, and this means a binding is duplicated and brings down one of the sites. I’m guessing certify the web may be saving a site ID to apply the bindings to or something? Is there a place I can clear the settings and reapply to this stops happening? I’ve tried just deleting the certs when I see them dupe on other IIS sites and then recreating – but I can’t tell for sure if this will resolve the issue.


#2

Hi, what version of Windows Server are you using? That can affect certain aspects of certificate binding.

Yes in 3.x we do store the site ID and use that in preference to any other method to match the site to be deployed to. In 4.x there are other deployment modes which have various behaviours and there is also a preview mode so you can see what the app intends to do when it runs next.

The simplest way to correct the issue if you have recreated a site in IIS is to delete and re-add the managed certificate in Certify. If you are recreating the sites regularly/automatically and this would be a problem then you may want to look at scripting the creation of managed certificates, the easiest method for which is currently CSV import from the command line (there are undocumented APIs available via local http but these are currently not supported for direct use).