Have been struggling a bit to import a SSL certificate generated by certbot (Let’s Encrypt) on an IIS server.
Reproduction of error
1. Create SSL certificate with certbot using command:
certbot -d domain.com -d www.domain.com --manual --preferred-challenges dns certonly
2. Certificates and keys are created in files: “cert.pem”, “chain.pem”, “fullchain.pem” and “privkey.pem”. So far so good!
3. Create a PFX-file to import to the IIS server using:
openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile fullchain.pem
4. PFX file created! Let’s import this to Server Certificates. Key is marked as exportable in the import. Importing then goes without any problem.
5. When re-binding the domain to use this new certificate following error occurs:
How to fix this error?
The problem seems to be in the certificate file (PFX) itself. Something went wrong when it was created. So I tried to re-create the PFX and changed the last parameter to use “chain.pem” instead and this solved the problem! So command line to create a PFX-file with certificate files from certbot should be:
openssl pkcs12 -export -out "myfilename.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile chain.pem
Hope this help anyone struggling with this issue!