My certs were working but stopped renewing due to the drive filling up, problem unrelated to CTW. I made drive space and rebooted to be safe.
Then I updated CTW, due to the “update available” prompt. Got success message on update to 6.0.18.0. I was on version 5.something previously, in case that matters.
Though my certs were still working and not expiring soon, logs showed over a hundred failed renewal attempts, so I told it to renew. Got success message.
Now my certs don’t work. Browser shows the correct dates for not before and not after, not sure what’s wrong.
In CTW Certificate Manager I see the following error:
“There can be only one Primary Domain included on a certificate. There are currently multiple domains configured as the Primary, please review and correct the primary domain selection.”
I do indeed show two Primary domains but the second one is a copy or repeat - some domains are listed twice. I deleted the duplicates, Saved, and Requested a new cert, which again finishes with a success message. But my certs still aren’t accepted by a browser, and the deleted domains re-appear in the list in Certificate Manager.
Where are those duplicates coming from, and is this the reason my certs don’t work in browsers?
More info,
When I click on “Preview” I get:
“Could not generate preview
A problem occurred generating the preview: Validation Error: There can only be one domain selected as the primary domain.”
You may have already resolved this but some older versions allowed multiple domains to be checked as the primary (which becomes the main certificate subject). If you uncheck the Primary option on the other domains so only one is selected then validation will work again.
In general the domains are read directly from your IIS bindings.
Regarding certs not being accepted by a browser, you’d need to share an example site to get help with that.
Thanks for replying. Unfortunately not resolved.
The second domain with the checkmark can’t be unchecked, not that I can see. Clicking on the check doesn’t remove it. It is the same domain that I want to be the Primary, but it’s listed twice. Deleting the duplicates doesn’t stick, even after Save, they come right back.
Ok, I would suggest deleting the managed certificate within the app and creating it again. You should just be able to click New Certificate > Select your IIS Site and it should auto populate all the domains from that site, then click Request Certificate.
The only limitation with that is how frequently you may have requested certs recently as you can encounter Rate Limits from the CA (Let’s Encrypt) once you have requested the same cert multiple times in a week.
That sounds like a plan.
I reverted to an older cert that works, for the websites I care about, so I’m good for now. I’ll try your fix next week so as not to risk getting cut off by Let’s Encrypt.