This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I enabled IIS on one of my machines (Win 10), made a tiny website, bought an SSL Cert (SECTIGO, not self-signed), installed it. All went OK. When I test the website in IIS or from any other machine or browser, it gives this error: ERR_CERT_AUTHORITY_INVALID. If I click the error, it shows that the SSL certificate for the website is not the one I bought and installed, but an old one that expired over 2 years ago. I don't know where it's coming from, and it's not one I ever added or bought.
The website is in the ddnsfree.com domain from dynu.com, the certificate was purchased from dynu.com for that domain, the website is set up as https: on port 443.
I've scoured every certificate store on my computer, and the registry, and can't find the bad cert to delete it. It isn't in IIS. In IIS, the correct cert is bound to the website. If I use SSLLabs.COM to analyze the website, it gets an "A" grade, everything is correct and the ONLY cert is the one I just bought, which expires a year from now. DigiCert SSL scan also finds nothing wrong, and finds only the new cert. I also deleted and re-created the website twice. No good.
Even more strange, I turned off the computer with IIS Express and I still get the same browser error on other machines, even after flushing their caches!!! Some cache, somewhere on the internet must have this bogus information stuck in it, but where else can I look? Any help will be much appreciated!
Here's what I've tried: I have deleted and redone the website bindings in IIS, checked the port-forwarding and IP addresses across my local network, checked certificate bindings on all local IP addresses, deleted and remade the website, searched the computer for the bogus certificate that keeps coming from IIS, disabled anti-virus, firewall, VPN, verified that HTTPS protocols are set in IIS for the website, tested the website with outside tools. I'm missing something, but sure don't know what.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
I would then check this certificate in main IIS settings under certificates and ensure the expiry date is still valid.
If it is you may need to reinstall the certificate including any intermediary certificates by following the instructions given to you by the certificate authority you purchase the certificate from
I am wondering that if the domain provider is supplying a certificate or caching one at that level. Given that if you turn on the PC you are still getting this it error it leads me to believe this might be the case
The main IIS shows only one certificate, the correct one, and the expiration date is 1 year in the future. I deleted the certificate and reinstalled it with a different friendly name, which shows in the website binding. I also reinstalled the intermediate certs. Still the same error if I test in IIS or go to the website in any browser. SSLLabs test still shows everything is correct.
In IIS Manager, in the settings for the new website, in Edit Site->Bindings, the certificate listed is the correct one. Is this where I should be looking?
Hi, I'm Elise, a fellow user like yourself and I'd be happy to help with your issue.
It sounds like you have an old certificate selected in the bindings, when you edit the IP address selected for the site, there is a drop down to select the SSL certificate.
Could you check this is for the latest issued cert and not an old one?
Please let me know if you need any further assistance.
Kind Regards,
Elise
