asp.net core – Cannot start debug session in Visual Studio due to SSL cert missing or being out of date

Posted on by faz_business


I have an ASP.NET web application that has been working fine when pressing F5 to start a debug session in Visual Studio. Last Friday (January 23) I started getting this exception:

System.InvalidOperationException: ‘Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run ‘dotnet dev-certs https’. To trust the certificate (Windows and macOS only) run ‘dotnet dev-certs https –trust’.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.’

It references app.Run(); in Program.cs. Starting a debug session by opening the “Debug” menu and choosing “Start Debugging” results in the same error (not that I expected any different).

  1. I opened a PowerShell window as an administrator, and went with the Nuclear Option:

    Get-ChildItem -Path Cert:\CurrentUser -recurse | where { $_.Issuer -match 'localhost' } | remove-item

    Just get rid of all localhost SSL certificates.

  2. Closed Visual Studio, and ran git clean -fdx in the root folder for my Visual Studio solution.

  3. Reopened Visual Studio, and pressed F5 again.

  4. It prompted me to create and install 2 SSL certificates, and mark them trusted, which I did.

  5. The application died again at app.Run() with the same exact error.

  6. Next, I restarted the computer, and then repeated steps 1-5. Got the same error.

Just now I repeated steps 1-5 (a week later) and get the same error. I ran the following PowerShell command to list the expiration dates for all localhost SSL certificates:

> Get-ChildItem -Path Cert:\CurrentUser -recurse | where { $_.Issuer -match 'localhost' } | select NotBefore,NotAfter

NotBefore            NotAfter
---------            --------
1/30/2026 4:37:58 PM 1/30/2027 4:37:58 PM
8/26/2025 8:58:28 AM 8/25/2030 8:00:00 PM
1/30/2026 4:37:58 PM 1/30/2027 4:37:58 PM

I ran these commands after 4:40 PM EST, so the certs should be valid. Just listing the localhost certs provided this:

> Get-ChildItem -Path Cert:\CurrentUser -recurse | where { $_.Issuer -match 'localhost' }


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\Root

Thumbprint                                Subject
----------                                -------
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  CN=localhost
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  CN=localhost


   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject
----------                                -------
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  CN=localhost

Program.cs

(after removing all our application-specific stuff and I’m still able to replicate the error)

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllersWithViews();
builder.WebHost.UseStaticWebAssets();

builder.Services.AddMvc(options => options.SuppressImplicitRequiredAttributeForNonNullableReferenceTypes = true)
    .AddRazorOptions(options 
        => options.ViewLocationFormats.Add("/Views/Emails/{0}.cshtml"));

var app = builder.Build();

app.UseDeveloperExceptionPage();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.MapStaticAssets();
app.UseRouting();
app.MapStaticAssets();

app.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}")
    .WithStaticAssets();

app.Run();

launchsettings.json

{
  "$schema": "https://json.schemastore.org/launchsettings.json",
  "profiles": {
    "http": {
      "commandName": "Project",
      "dotnetRunMessages": true,
      "launchBrowser": true,
      "applicationUrl": "http://localhost:5063",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Local"
      }
    },
    "https": {
      "commandName": "Project",
      "dotnetRunMessages": true,
      "launchBrowser": true,
      "applicationUrl": "https://localhost:7072;http://localhost:5063",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Local"
      }
    }
  }
}

The exception message gives a command to trust the certificates, which I ran:

> dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
Successfully trusted the existing HTTPS certificate.

But I continue getting the same error.

Here is the full log in the terminal as the debug session starts:

dbug: Microsoft.AspNetCore.Watch.BrowserRefresh.BlazorWasmHotReloadMiddleware[0]
      Middleware loaded
dbug: Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserScriptMiddleware[0]
      Middleware loaded. Script /_framework/aspnetcore-browser-refresh.js (16491 B).
dbug: Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserScriptMiddleware[0]
      Middleware loaded. Script /_framework/blazor-hotreload.js (799 B).
dbug: Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserRefreshMiddleware[0]
      Middleware loaded: DOTNET_MODIFIABLE_ASSEMBLIES=debug, __ASPNETCORE_BROWSER_TOOLS=true
fail: Microsoft.Extensions.Hosting.Internal.Host[11]
      Hosting failed to start
      System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
      To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
      For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
         at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
         at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__14_1(IHostedService service, CancellationToken token)
         at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)

I’m stumped. This was all working for a long time, and the Visual Studio workflow that creates and trusts the developer certificates the first time you start a debug session isn’t working either.

I can start the application fine using HTTP, so I have a workaround. Regardless, how can I fix this so starting a debug session in Visual Studio successfully spins up my application using Kestrel running on HTTPS?

As a backdrop to this, the day I noticed this start happening is also the same day some Windows updates were installed, and now I cannot power my machine down – KB5074754, KB5074753, and KB5073455. Today I installed KB5078132, which should include the patches to this shutdown problem from KB5077744 and KB5077797, however my machine still does not power down properly; it just restarts. I’m not sure if my SSL issue in Visual Studio has anything to do with this, but just in case it does, this is also going on at the moment.

Leave a Reply

Your email address will not be published. Required fields are marked *