Could not find certificate under Cert:\LocalMachine

I deployed successfully last night, but today I got the following error with two seperate projects on the same server:

OperationStopped: Could not find certificate under Cert:\LocalMachine with thumbprint dd87085f7e3a7b8623d87db7f910d39919fcd02a. Make sure that the certificate is installed to the Local Machine context and that the private key is available.
At
C:\Octopus\Applications\Dev\MyProjectName\27_1\Octopus.Features.IISWebSite_BeforePostDeploy.ps1:497 char:4

So I tried finding the file Octopus.Features.IISWebSite_BeforePostDeploy.ps1 with no luck. But also looked previous folders were deploy has been successful, no file with that name either.

After some investigation, I found that my Let’s Encrypt was updated on the server this morning, so I’m thinking that must be it. By using google chrome, clicking on the SSL Certificate, it shows me that the thumbprint is another one:
d83b7665a0fe3e3e77e5edf2f40927f91e46e0a6

So my guess is I have to find the setting in Octopus Deploy and update it so that it is looking for the right SSL certificate. But with no luck, I’ve been looking three times on all the settings and I can’t find the thumbprint SSL setting in Octopus Deploy.

So right now I don’t know if my assumptions are correct, that Octopus Deploy even have my SSL certificate thumbprint.

Can anyone please give me a helping hand here?

Kind Regards
Michael

Hi @mivewi,

Thanks for reaching out and all the information.

The script you’re looking for is actually in our repo: Calamari/Octopus.Features.IISWebSite_BeforePostDeploy.ps1 at master · OctopusDeploy/Calamari · GitHub

Does Octopus normally manage your certs and this was an external renewal?

You can define the cert within the IIS step in the bindings section shown in my screenshots below.

Please let me know if that helps.

Best,
Jeremy

Hi Jeremy @jeremy.miller

Thx for the quick response.

It solved my problem, thank you!

For future reference, the IIS settings are found by going to the specific project and then process.

To answer your question, I have a script running on my server which renews my SSL certificate. It was already setup before I was using Octopus Deploy, so did not want to change that. One being a new source of error in the install, and two if I ever wanted to change Octopus for another software, I could without having that binding. Not that I’m thinking about it, I’m a very happy user.

Kind regards,
Michael

Hi Michael,

You’re very welcome! Thank you for the context and letting me know you’re in a good state.

Please let me know if you have any other questions. I hope you have a great rest of your week.

Best,
Jeremy