SOLVED: Certificate Disappears From IIS After COMPLETE CERTIFICATE REQUEST on Server 2016

If you add a certificate to IIS Manager SERVER CERTIFICATES section using COMPLETE CERTIFICATE REQUEST that appears without error but then is not visible the next time you go to (or refresh) the SERVER CERTIFICATES, we have the answer.

The problem is likely that you somehow added that certificate to your server using Certificates MMC.  This can easily happen if you are installing GoDaddy intermediate certificates.  You should only add the certificate named something like gd-g2_iis_intermediates.p7b and NOT the .CRT or .CER certificates.

The disappearing certificate is very frustrating but relatively easy to fix.  If you accidentally added your cert, rather than just the intermediate cert, you need to do four things:

1. Remove that cert
2. Get a the cert rekeyed
3. Add the cert to IIS
4. Assign the cert to your website

In my case I was working on adding a certificate to a Remote Desktop Services (RDS) Gateway and bunged it up.  Here is how I fixed it:

HOW TO REMOVE A CERTIFICATE:

1. Click START, type mmc.exe and press the enter key
2. Click FILE > ADD/REMOVE SNAP-INS
3. Double click CERTIFICATES
4. Select COMPUTER ACCOUNT
5. Click FINISH (i.e. leave it at the LOCAL COMPUTER default)
6. Click OK
7. Expand CERTIFICATES > PERSONAL
8. Right click on your cert that should not be there (in my case this was issued by GoDaddy).  Be careful NOT to select the default cert issued by your own server
9. Select DELETE

HOW TO GET A CERTIFICATE REKEYED:

There no cost to getting a certificate rekeyed with any of the vendors I have used before.

Every vendor has their own process for getting a certificate rekeyed so I will not waste your time here other than the generic steps:

1. You need to create a new CSR using IIS as explained in THIS GoDaddy article.
2. Go to your vendors website, find the place that you download your certificate.  There will likely be a REKEY option there.  In GoDaddy’s case the path is to sign in, click your name (top right corner), click MY PRODUCTS, expand SSL CERTIFICATES, click MANAGE on your certificate
3. You will have to wait for verification again, but it should be very quick.  In GoDaddy’s case I have not seen it take more than 1 hour
4. When the new certificate is ready, download it

ADD THE REKEYED CERTIFICATE TO IIS:

NOTE: You do NOT need to use the CERTIFICATES MMC here.   You only needed that MMC to install the intermediate certificates which will not have changed from the first time you added them.

1. Start INTERNET INFORMATION SERVICES MANAGER (IIS Manager)
2. Click on the host name of the server (not the website) and double click on SERVER CERTIFICATES applet (in the center section)
3. Click COMPLETE CERTIFICATE REQUEST (either from the ACTIONS menu or just right click on blank space)
4. Use the … button find the .CRT or .CER file.  If you have a GoDaddy cert, it will be a .CRT and you will need to change the file type drop down box to *.* to see it.
5. Type the FRIENDLY NAME as the exact name of the cert (i.e. rdsg.mydomain.com)
6. Leave the SELECT A CERTIFICATE STORE at PERSONAL and click OK

If you are still confused how to install the cert or assign it to your website, THIS GoDaddy article will help.

ASSIGN THE REKEYED CERTIFICATE TO YOUR WEBSITE:

1. In IIS Manager click on the website you want to use the certificate on (NOT the hostname of the server).  If this an RDS Gateway server, you will want to click DEFAULT WEB SITE
2. Click BINDINGS (in the actions pane at the top right)
3. Double click on the HTTPS option
4. In the HOST NAME, type in the exact name used in your certificate (i.e. rds.mydomain.com)
5. Select the new certificate from the SSL CERTIFICATE dropdown
6. Click OK then OK and then have a nice day, you are done.

I found a number of other sites useful in figuring out this disappearing certificate issue, including THIS GoDaddy forum.