How do I properly setup domain and common name for installing a GoDaddy SSL certificate to my Azure VM Web site?

Richard Johnson 101 Reputation points
2021-06-17T17:26:59.757+00:00

I have been at this for days now, and cannot get the SSL certificate (issued from GoDaddy), that I installed on my Azure VM's and binded to my website to work properly. After everything is done, I still get the below error:

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for 52.191.190.38. The certificate is only valid for the following names: manifestmanager.xyz, www.manifestmanager.xyz
...
Error code: SSL_ERROR_BAD_CERT_DOMAIN
...
https://52.191.190.38/
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

On GoDaddy, I have the following setup for my domain "manifestmanager.xyz":
Domain Name: manifestmanager.xyz
DNS Configuration on manifestmanager.xyz:
Records
Type Name Value TTL
A @ 184.168.131.241 600 seconds
CNAME www manifestmanager.westus2.cloudapp.azure.com 1 Hour
CNAME _domainconnect _domainconnect.gd.domaincontrol.com 1 Hour
NS @ ns69.domaincontrol.com 1 Hour
NS @ ns70.domaincontrol.com 1 Hour
SOA @ Primary nameserver: ns69.domaincontrol.com. 1 Hour

Forwarding
DOMAIN
http://manifestmanager.westus2.cloudapp.azure.com

SUBDOMAIN
Not set up

On Azure.
VM Name: MMApp
VM Public IP: 52.191.190.38
Virtual network/subnet: MMGroup-vnet/default
DNS name: manifestmanager.westus2.cloudapp.azure.com

To set up the SSL.

  1. I purchased a Standard SSL Certificate from GoDaddy and applied to the GoDaddy domain that I purchased: "manifestmanager.xyz"
  2. On my Azure VM IIS Manager, I created a certificate request. For the Common Name, I used manifestmager.xyz
  3. On Godaddy, under Manager Certificate (for the SSL Certificate that is applied to the manifestmanager.xyz domain, I select Re-Key your certificate. Then, I copy and past the certificate request data (from the generated file from previous step) and submit the update.
  4. After GoDaddy process this update, I receive an email. Then I download the IIS certificate files and copy to my VM.
  5. Using the VM's Certificate Manager, I import the *.p7b file to the Intermediate Certification Authority Folder.
  6. Using the VM's IIS Manager, I complete the certificate request by using the *.crt file.
  7. Using the VM's IIS Manager, I bind this SSL Certificate to my web site (https, port 443).
  8. I restart the web site.

All of these steps work, but I still get a common name error or server name error on the SSL certificate. I have tried many different things to vary the common name, such as the VM's public IP, VM's DNS name. What am I doing wrong. These are all the steps I know to do, based on everything I've researched.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,789 questions
0 comments No comments
{count} votes

Accepted answer
  1. Richard Johnson 101 Reputation points
    2021-06-21T22:58:10.367+00:00

    Ok. I finally figured this out (on my own). This is what I had to do.

    1. Removed the web site forwarding configuration (added previously) from my godaddy domain.
    2. Unlocked my godaddy domain, so that I could do the next step.
    3. Followed the instructions at https://learn.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns to create a DNS Zone and delegate my godaddy domain to my Azure DNS Zone. This took about 30-45 minutes to propogate, before the "Verify the delegation" step produced the correct results.
    4. Created a new Record set in my Azure DNS Zone as follows: (a) Name: www (b) Type: A - Alias record to IPv4 address (c) TTL: 1 (d) TTL unit Hours (e) IP address: my Azure VM public IP address

    Then, magically the SSL certificate started working properly. This is the SSL certificate that I previously:

    1. purchased from godaddy and installed (not sure that is the correct terminology) to my purchased godaddy domain.
    2. executed the steps to install (as client) on my Azure VM and binded to my web site.

    In the end I think the key was that the SSL certificate request must be coming from the same domain as the domain that owns the SSL. In my case: my Azure VM site must send from the site domain of "manifestmanager.xyz" (achieved through the above delegation step), so that it matches the purchased godaddy domain "manifestmanager.xyz"

    Hopefully, this explanation makes sense to someone else that encounters this problem. I spent a lot of time to figure this out.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Richard Johnson 101 Reputation points
    2021-06-18T21:37:10.337+00:00

    I've had no response to this posting. I continue to try to resolve this issue. I tried the steps at https://learn.microsoft.com/en-us/azure/virtual-machines/custom-domain ,which would seem to be what I need to do (not sure though). However, I am unsure about what is meant by 'After the record is created it usually takes about an hour for DNS propagate'. Should I see the DSN name for for Azure VM change to the domain name 'manifestmanager.xyz' (created at godaddy.com) once this is propagated? If so, I guess I need to wait the full 48 hours (having waited several hours already). If not, how do I know when this is propagated to my Azure VM's IP? Is this what I really need to do to solve the problem explain in my initial posting?

    Change I made based on web site's instructions:
    A @ 184.168.131.241 600 seconds

    0 comments No comments

  2. Richard Johnson 101 Reputation points
    2021-06-18T21:37:10.367+00:00

    I've had no response to this posting. I continue to try to resolve this issue. I tried the steps at https://learn.microsoft.com/en-us/azure/virtual-machines/custom-domain ,which would seem to be what I need to do (not sure though). However, I am unsure about what is meant by 'After the record is created it usually takes about an hour for DNS propagate, but it can sometimes take up to 48 hours'. Should I see the DSN name for for Azure VM change to the domain name 'manifestmanager.xyz' (created at godaddy.com) once this is propagated? If so, I guess I need to wait the full 48 hours (having waited several hours already). If not, how do I know when this is propagated to my Azure VM's IP? Is this what I really need to do to solve the problem explain in my initial posting?

    Change I made based on web site's instructions:
    A @ 184.168.131.241 600 seconds

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.