SSL Certificates Help

Troubleshoot a renewed certificate issue in Microsoft IIS

Note: If GoDaddy hosts your website, you don't need to worry about this issue. We'll generate a new CSR automatically for your renewal request. This limitation only affects the IIS certificate wizard, and not the certificate key store on IIS servers.

When we collect a renewal payment, our process for generating a new certificate automatically reuses the Certificate Signing Request (CSR) that was obtained with the original or previous request.

However, the Microsoft Internet Information Services (IIS) certificate wizard wants new certificates to be generated with a new CSR. So when you use the wizard to import the new certificate, you'll get an error message saying the certificate wasn't removed (the Friendly name doesn't matter).

To resolve this issue, you can rekey the renewed certificate from the SSL control panel, or you can follow these steps to use the renewed certificate as is.

  1. Click OK and cancel out of the IIS certificate wizard.
  2. Get the serial number of the new certificate:
    1. Double-click the certificate file that you placed on the server.
    2. Click the Details tab.
    3. Click Serial number and copy the serial number.
  3. Open a command prompt and run this command: Certutil -repairstore my [serial number with no spaces].
  4. Navigate back to IIS Manager and press F5 to see the new certificate.
  5. Click Connections and then select the website.
  6. Click Actions and select Bindings.
  7. Click https and select Edit.
  8. Select the renewed certificate and click OK.