It was that exciting time of year again, SSL Cert renewal time!
I say exciting, because it never fails that when Cert renewal times comes up I hit my head against some issue (I suspect it's the exact same issue year after year and I just don't remember).
This time changing the cert in IIS 7 I'm greeted with "There was an error while performing this operation. Details: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
It should be noted that when this occurred the site went down! I was able to select the old cert and hit okay and all was well again. Select new cert, OK, and error with site down again.
NOTE: I have since found another way to produce this issue with it's own fix. I have modified the below with Fix 1 and Fix 2. You may have to do BOTH of the below as I recently discovered.
I found a lot of solutions out there and I'm sure they work, but I didn't see the easy one that worked for me. I also found some that say the solution is that you have to have "export private key" checked when importing the certificate (note that this IS NOT NEEDED).
FIX 1: I had my certificate imported from a pfx without the option for export private key. It was stored under Local Computer - Web Hosting (this is true of the old cert and new cert).
In the binding screen I selected the "Localhost" certificate. Hit OK
I then immediately hit edit again. Selected the new certificate from the drop down and hit OK. Click Close, go to your site and verify it's using the new cert.
FIX 2: I had a new certificate that I imported via the IIS Server Certificates option. No matter what I would continue to get the error following my directions above. I found a post online where a commenter mentioned that they had to import from MMC rather than IIS. Deleted the cert that I had imported via IIS. Had cmd open so went to it and typed MMC, File - Add/Remote Snap-in - Certificates - Computer Account - OK. Expand Web Hosting - Certificates. Right click import my new cert changing file type to *.* and selecting cert. DO NOT check the box for exportable.
Then went back to IIS and followed my FIX 1 steps. Worked great.
No error, very minimal downtime (when localhost cert is selected). Happy happy
Now, will I remember this next year? Or remember to check my blog notes? Probably not.
No comments:
Post a Comment