This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 65%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
I have just renewed a wildcard SSL certificate with GoDaddy. Part of the renewal was to update a TXT record in the Azure DNS - which I've now done.
However my clients are still getting error messages when trying to access the site. (It's okay internally from our Lan, but not from outside)
Do I also need to upload a certificate file into Azure?
Hi Gary,
Yes, you need to upload the new certificate that you received from GoDaddy to your site. Are you hosting your website using Azure App Service, or running it on an Azure VM, or something else? If you let me know what you are using I can point you in the right direction.
Please click Accept Answer if the above was helpful.
Thanks.
-TP
Thanks TP.
The short answer is I don't know. If I look at Azure App Services then I have lots of items list - equally I have some VMs then I have one that is potentially posting the website in question.
Is there a way to see the current expired certificate?
To start, check public IP for the website using nslookup and then see if that matches the public IP of one of your VMs or App Services. Open command prompt and enter command similar to below:
nslookup www.mywebsite.com
In the Azure portal, if you navigate to a VM you can see the public IP on the Overview blade, and likewise if you navigate to each App Service -- Overview blade you can see the public IP under Networking Virtual IP address.
As far as the current expired certificate, if you browse to the site using Chrome, next click on the icon to the left of the URL, Connection is secure (or similar) -- Certificate, this will open up the certificate so that you can write down the thumbprint, expiration date, etc.
Once you have those details written down, you can go back into the Azure portal and examine the certificate for each App Service if needed until you find which one has matching expired certificate. For VMs it is a little tougher since you may need to connect into each VM using RDP/SSH to look for certificate details.
Please go through the above suggestions and if something is unclear let me know.
Thank you. The NSLOOKUP has pointed to a specific hosted VM.
So do I upload the GoDaddy cert to that VM? I can't see SSL under settings for the server.
Thank you. The NSLOOKUP has pointed to a specific hosted VM. So do I upload the GoDaddy cert to that VM? I can't see SSL under settings for the server.
You will need to upload it (and its private key) to the VM. For a windows VM you would typically RDP to it, copy the certificate's .pfx file to the VM, import it into local computer\Personal store using certlm.msc, and then update the binding using IIS Manager. I can give you more specific instructions if needed, but those are basic steps.
NOTE: .pfx file normally includes the certificate and its private key
I've RDP to the VM. I have three files from GoDaddy. as .pem, .p7b and .crt.
I don't have a .pfx.
If I open the .crt I'm prompted with the Certificate Import Wizard - Do I just follow this wizard? I've not done this before so don't want to break anything!
Okay, there is a good chance that the .pem file has the private key. What you can do is convert the .crt and .pem file to a .pfx file, using openssl (free download). You need to download and install OpenSSL, next click Start -- Win64 OpenSSL Command prompt, and then use command similar to below to do the conversion:
openssl pkcs12 -inkey yourkey.pem -in yourcert.crt -export -out yourcert.pfx
Once you successfully have the .pfx file using above command, then you can import into Local Computer\Personal store. To do this, RDP to VM, copy the .pfx file into the VM if you haven't already, right-click on start button and choose Run, then enter certlm.msc
In left pane, navigate to Certificates - Local Computer\Personal\Certificates, right-click on Certificates and choose All Tasks - Import, select your .pfx file, enter password (if you assigned one to the file), etc., to finish the wizard. After you import you should see the certificate in the list, and if you double-click on it you should see "You have a private key that corresponds to this certificate" at the bottom.
The final step is to open IIS Manager, in left hand pane navigate to <servername> -- Sites -- Default Web Site, next in right pane click Bindings...
Once the Site Bindings window is displayed, you should see the existing https binding. Click on that and then click Edit... button. At the bottom of the window you should see SSL certificate dropdown and you should be able to select your new certificate (the one you imported above) and click OK to save the change.
NOTE: The above is assuming that things are mostly default in your IIS Manager. If you have multiple web sites then you may need to adapt and edit a different site instead of Default Web Site based on what you find. If you get to a certain point and you are unsure, go ahead and add a comment with the details of what you are seeing and I'll explain how you should proceed.
@Gary Smith I edited my comment above to include link to download OpenSSL for windows as well as how to open it after installation.
@Gary Smith Just checking in to see if you read my last comment and how things are going.
Hi TP,
Thank you for your assistance yesterday. I have managed to update the SSL cert on my VM.
@Gary Smith Glad to hear you got the cert installed. Please click Accept Answer to close up this thread.
Thank you.