Understanding the Certificate Rebind functionality in Windows Server and IIS 8.5 and later

Starting with Windows Server 2012 R2 and IIS 8.5, Microsoft introduced a helpful feature called "Certificate Rebind". It automatically rebinds your IIS site to a renewed certificate when the certificate is replaced in the Windows certificate store.

Before this feature existed, you had to manually open IIS Manager and reselect the new certificate for your HTTPS bindings after every renewal. This was easy to forget, but for production sites, a working and valid certificate is critical.

With Certificate Rebind enabled, IIS watches the certificate store for updates. When it detects that a newer certificate with the same subject or thumbprint has been installed, it automatically updates the site binding to use it.

You can enable or check the setting using PowerShell:

netsh http show sslcert
netsh http show sslcert | find "Rebind"

In IIS Manager, the option is found in the Server node under "Server Certificates" and then "Automatic Rebind of Renewed Certificates."

This small but useful feature helps ensure your sites continue to serve HTTPS traffic without downtime after certificate renewal. For environments that use Let's Encrypt or internal automation, it's a real time-saver.