SSL certificate import to IIS “Specified logon session does not exist”

Have been struggling a bit to import a SSL certificate generated by certbot (Let’s Encrypt) on an IIS server.

Reproduction of error

1. Create SSL certificate with certbot using command:
certbot -d -d --manual --preferred-challenges dns certonly

2. Certificates and keys are created in files: “cert.pem”, “chain.pem”, “fullchain.pem” and “privkey.pem”. So far so good!

3. Create a PFX-file to import to the IIS server using:

openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile fullchain.pem

4. PFX file created! Let’s import this to Server Certificates. Key is marked as exportable in the import. Importing then goes without any problem.

5. When re-binding the domain to use this new certificate following error occurs:

A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520).

How to fix this error?

The problem seems to be in the certificate file (PFX) itself. Something went wrong when it was created. So I tried to re-create the PFX and changed the last parameter to use “chain.pem” instead and this solved the problem! So command line to create a PFX-file with certificate files from certbot should be:

openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile chain.pem

Hope this help anyone struggling with this issue!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.