I successfully renewed the Organization Validation (OV) certificate using Certify The Web. The certificate chain is correctly installed with the root and intermediate CAs trusted, and the certificate status shows as valid.
However, when I browse the site from the IIS server, I encounter the following error:
ERR_SSL_PROTOCOL_ERROR
I tested multiple possible solutions, and eventually discovered that Certify The Web requires two conditions for proper operation:
- The certificate must include a Common Name (CN).
- The public key size must be 3072 bits.
Without meeting these requirements, the browser continues to throw an SSL protocol error, even though the renewal process itself completes successfully.
Note: I have configured a custom CA in Certify The Web, and the ACME directory is properly set up. Certificates are issued and renewed successfully through this configuration.
Certify 6.x does populate the Common Name in the CSR it generates but it doesn’t require it itself. It has no special requirement for RSA key sizes. Certify 7.x (beta) will omit CN in the CSR it generates.
The issue in your screenshot does not appear to be related to Certify at all, looks a lot like you are accessing a resource as https but it’s serving http (no TLS enabled service is enabled on that port).
Acquiring a certificate and deploying it are two different tasks - if Certify has given you a certificate and you have deployed it somehow the deployment is the thing you need to debug.
If there are any aspects of your configuration etc you’d like to discuss in private please feel free to email support at certifytheweb.com with your questions.
I mean If I generate certificate without CN and public key size 3072, than I have the above error which mentioned in screenshot as well.
I want to generate certificate without CN with Certify the web. It will be generated but it will not work and give above error.
