Remote desktop cert warning

I have a domain certificate from Let’s Encrypt and a licensed Certify the Web app that maintains that for my web server and email server. I’ve been getting cert warnings for a long time when I remote into the server and thought I should finally fix that up.

Can the CTW app help me with that installation and/or are there some easy-to-follow instructions someone can point me to?


Quick follow-on. So many online solutions mention RD Gateway and RD Services and such. Does this require some paid RD service or can the current implementation just use the certificate once set up?

We have a built-in deployment task called “Deploy to RDP Listener Service (Terminal Services)” which I think will do the job, you may want to add a task to restart Remote Desktop Services as well.

The code for our built in task is basically this, but you can also script your own using powershell: certify-plugins/RDPListenerService.ps1 at master · webprofusion/certify-plugins · GitHub

RD Gateway etc is a windows server component you can install for providing remote desktop services to more than one machine/network service (that way you only present one machine to the internet and it proxies). You probably don’t need that.

In general I’d recommend having a firewall rule to only allow your own IP address to connect to RDP on your server, and/or use a tool for auto blocking brute force attacks. Simply having your server with RDP open will allow anyone to come along and try to guess the password (many times).

I am getting there. I found a nearly identical script and ran it but this would be nice to add as a scripted step otherwise I have to update manually as the certificate updates.

Now my problem seems to be that the certificate is registered for my domain and it is proxied (if that is correct term) through Cloudflare which interferes with my being able to connect with that name. I can request the server with the IP address but then the cert doesn’t match again.

I found some info on Cloudflare and think that will fix that part.

You can also add a DNS entry in cloudflare that’s not proxied e.g. instead of, then get the cert for that (for http validation to work you don’t need an IIS website to match the name, it just has to be a name that resolves to that machine).

Here’s the docs if you want/need to do any custom scripting: Scripting | Certify The Web Docs

That sounds very good. I’ll read up on all that.

Just a quick thanks it is all working now with my new cert, bypassing Cloudflare, et. al. Gosh I’m going to miss that warning :slight_smile:

1 Like