I’m hoping for some guidance on what I’m doing wrong, or confirmation of a problem in CertifyTheWeb.
I am running a WSE2012 box, with a default website operating on it. Under the default website there are some WSE-specific sites but I don’t think that’s relevant in this case.
I installed CTW about a month ago, successfully validated the site via DNS TXT, and CTW is happily chugging along. I can see in the IIS bindings that the certificate is in use.
When I log in to the console today, I see “Default Web Site” and “Expires in 87 days”. All good there. But when I access my default website, I see that the certificate expires 28 days sooner.
So I look at the bindings in IIS for the default website, and see there are now three LetsEncrypt certificates. One is dated 01/08/18 (the original one). One is 15/08/18, on is 29/08/18. So CTW has been auto-renewing them every 14 days as configured.
BUT… the IIS binding shows that the first certificate is still bound to the default website. The two newer ones are available but not selected.
My understanding was that CTW would auto-renew and auto-bind the renewed certificates.
Is my understanding wrong? Have I done something wrong? Or is this a bug?
When the first certificate expires, will IIS auto-select a valid one from the pool of certificates installed in the certificate store on the server? Or will I see a certificate error on the website?