3

When trying to deploy a .net core web app I get this error below. My hosting company told me they downloaded VS 2017 and successfully deployed using the same publishing profile. The only difference I could determine was that they saw a certificate warning and were able to accepted the untrusted certificate. The domain does has an SSL cert setup via LetsEncrypt. I did try to deploy before setting it up. Maybe it being missing is cached in the app?

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

ERROR_CERTIFICATE_VALIDATION_FAILED

masteroleary
  • 1,014
  • 2
  • 16
  • 33

1 Answers1

0

Even though your website may have the LetsEncrypt certificate installed, you also need to have a valid certificate installed on the IIS Management Service for Web Deploy to work.

You can set your publish profile to AllowUntrustedCertificate to true to ignore the issue: SO: allow untrusted certificates

If you do want to use your LetsEncrypt cert, this is how I got it to work (instructions may vary based on your IIS version):

  1. Open MMC (Windows button + X -> Run -> type MMC and press enter Run MMC
  2. From the MMC menu bar select File -> Add or Remove Snap-ins
  3. Select Certificates then click on Add > Add Certificates to MMC
  4. Select Computer Account, Click Next Select Computer Account
  5. Select Local Computer, Click Finish and then OK Select Local Computer

  6. Expand the Certificate tree to Web Hosting -> Certificates Web Hosting

  7. You will now see your list of LetsEncrypt certificates installed on your server, right click on the one you want to use for web deploy and select Copy

  8. In the Certificate tree of MMC now expand Personal -> Certificates and right click and select Paste
  9. Open IIS Management, click on the server node and open Management Service under management: IIS Management Service
  10. Click on Stop in the actions pane on the right to enable changes to be made to the service
  11. Using the drop down under SSL Certificate you should now see your LetsEncrypt certificate you pasted in step 8, select it. enter image description here
  12. Click on Apply in the actions pane on the right and then click on Start
  13. To test the certificate is now working open your web browser and navigate to https:yourdomainname:8172/msdeploy.axd
  14. Instead of an SSL error you should now be asked to provide credentials to log on. Cancel the logon and go ahead and try publishing using Web Deploy.
John Rah
  • 1,757
  • 1
  • 14
  • 13
  • I know this is an old question and you need access to the server but it came up on the first page of my Google search when looking for answers to this. Also, you may need to copy and paste the certificate every three months as it expires. I'd be interested in knowing if there's an easier way to do this? – John Rah Jun 13 '20 at 05:25