Security
DNSimple Renewal
Gravatar is a globally recognized avatar based on your email address. DNSimple Renewal
  Harvey Mushman
  All
  Apr 22, 2019 @ 08:02am

A few years ago, I switched to DNSimple for my SSL Certificates after Rick published a long but excellent White Paper about how to install their certificates on Microsoft IIS. Well, two years has passed and I received a Renewal notice from DNSimple about 60 days before it expired. I followed their instructions about what to do to renew it and then got lost at the point the instructions stopped. They described instructions for several servers but when I looked at the IIS instructions they described there were several different versions all that required different instructions and that I should follow the instructions for my OS/IIS version. A lot of good that did - lol

Well after six or seven email messages to DNSimple, I gave up and started reading articles that talked about installing certificates. Here is what I discovered... The .PFX file they issued was ready to be imported and then bound to the domain. I did not start the process in IIS, I just clicked on the REISSUE button on the DNSimple website. They took care of the rest.

  • Download the .PFX file from DNSimple (remember where the file is located on the server that is getting the new certificate).
  • Open IIS MMC
  • Click on the machine name in the left tree view
  • In the center panel, scroll down to Server Certificates and double click to open
  • Once Server Certificates is open, in the right panel under Actions, click Import
  • The Import dialog requires the path and filename of the downloaded PFX file from step 1 above
  • Enter the password that DNSimple assigned to the PFX file
  • Click OK
  • Now back on the left panel of the MMC, click on the website where the certificate is to be installed.
  • Next on the right panel under Actions, click on Bindings
  • In the bindings dialog that comes up the first step is to change the old certificate to another port assignment by clicking on the Edit button or Remove it. I chose to reassign it just in case something gets screwed up along the way.
  • Next click the Add button, select HTTPS protocol, port 443 and then in the Site Certificates drop down list select the last one in the list.
  • To confirm the new certificate was selected, click the View button and read the expire date.
  • Assuming the correct certificate was selected click CLOSE
  • From a browser on another machine visit the website where the certificate now lives. Click on the
  • padlock and verify the expire date to confirm the new cert is showing up.
  • All good now go back to the server and remove the old cert with the wrong port number.

That was it, the new certificate is installed and working correctly for another two years. Hope this posting helps others but in any case when I come back here is a couple of years, I will be able to find these instructions.

Cheers!

Gravatar is a globally recognized avatar based on your email address. re: DNSimple Renewal
  Rick Strahl
  Harvey Mushman
  Apr 22, 2019 @ 01:02pm

FWIW the only reason to buy a certificate today is to buy a domain certificate (ie. *.west-wind.com). For individual certificates I highly recommend that you just use LetsEncrypt. Much easier and side steps that entire process with a 2 minute command line one-liner.

+++ Rick ---

© 1996-2019