According to “Certify the Web” app, I generated a valid certificate that now expires in 87 days. However, when I try to log in to the web server, for which the certificate is used, it shows an insecure connection.
When I generated the same certificate the previous and first time, about ninety days ago, it showed a secure connection free of any errors. Why not now?
Hi Kenny,
- What’s your website domain?
- Are you running IIS or something else?
- What https bindings does your website now have?
- Are you accessing the website via http or https?
The app is designed to help you renew and manage your certificates but you are fully in control of your own web server administration as normal and if you are unsure of how to Administer IIS bindings etc I would recommend getting local IT assistance for your business.
https://vipserve.dynu.com
No. It’s not a business. I just share movies on it with my friends,
and t’s accessed via https.
Ah this is the WingFTP thing you spoke to me on support about. As mentioned there WingFTP is not a supported web server so you need to figure out how certificates are configured in that product and decide the automation you require.
Certify The Web will automate the certificate renewal but that’s different to deployment (applying your fresh cert to your service). We primarily support IIS as a webserver but there are many thousands of other services you can use a certificate with, you just need to know how to do the deployment.
So in your case, now that you a certificate file you then need to determine how to deploy that to WingFTP. To begin with you could just install the certificate manually though the WingFTP configuration UI. Wing FTP Server Help - You need to use the Deploy to Generic server task to convert your PFX file into pem files or alternatively you can script that using OpenSSL etc.
While we will try to be helpful and make suggestions on how you might deploy your certificate, the actual deployment is 100% something you have to understand yourself, especially if you’re not using IIS.
What I don’t understand is why it all worked perfectly the first time I generated a certificate 90 days ago. I did everything the same way.
Your current website is serving an old certificate, so WingFTP (your web server) it’s simply pointing to an certificate old file or needs to be restarted.
For info, I’ve just done a test with a fresh install of WingFTP on Windows:
- Create and request a managed certificate in Certify The Web (I used cloudflare DNS for my domain validation under Authorization)
- Add a Deploy to Generic Server task and configure the output fullchain.pem file and privkey.pem (then run the task to create the output files):
I then added the certificate to WingFTP under Server > Settings > SSL certificate manager:
I then selected the certificate by name under [my domain] > settings > General Settings in WingFTP (in retrospect I could probably have done everything from this dialog):
I now have WingFTP working with a valid certificate. From now on Certify The Web will renew the certificate automatically and write it out to the files, I would presumably then need to restart WingFTP, so to automate that service restart I can use the “Stop, Start or Restart a Service” task in Certify The Web:
So from now on the renewal will:
- renew the certificate
- export the certificate to the required files a the given output path
- restart the WingFTP service
Thank you for the detailed instructions.
When I get to adding “the certificate to WingFTP under Server > Settings > SSL certificate manager,” it says, “Invalid SSL Certificate!”, but it is a valid certificate.
Check you are exporting the full chain file and the private key file in the Deploy to Generic Server task, and by default the password on the key will be blank.
I also generated and added a valid SSL certificate in Wing FTP that displays a check-mark on green, exactly as you did, but unlike the previous certificate, this one doesn’t provide a secure connection on the webpage. How can I attach images to show you as you did?
To attach images you can use a screenshot tool like the windows Snipping Tool, then Copy and Paste into the editor here.
I think the green check mark in WingFTP also shows for self-signed certificates, which wouldn’t be valid in a real browser. I’d recommend deleting any certificate files you have and link to them again, in case you are picking up an old file every time.
The certificate you are currently using on your site has expired, so the problem is you are still pointing to the old file (or you still need to restart WingFTP). Triple-check the file you are actually loading. The date on the file itself should be recent.