If you have installed or renewed an SSL certificate on an IIS server and the server stops responding to HTTPS traffic (but continues to respond to standard HTTP traffic), then you may have a permissions problem on the Private Key. One sign of this is, if you go into the Certificate snap-in and try and export the certificate and do not get the option to export the private key as well.

To fix this go into the Start Menu and select Run. Type in "%SYSTEMDRIVE%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys" and click OK. You should see a list of files, each one corresponding to a private key. You need to determine which one is the faulty key, if you have just installed the new key then this should be the one with the newest timestamp. Right-click on each file in turn and try and open it with notepad. If it opens OK, close notepad and move on to the next file. Once you have got a permission denied message, right-click on the same file and select "Properties" and then click on the "Security" tab.

If necessary, take ownership of the file (click on "Advanced" and then the "Ownership" tab and add your Administrator account as the owner). Now add Administrators group, the Domain Admins group and the SYSTEM account to the Security tab and set the permissions appropriately. As a minimum it appears that Administrators needs Read, Read & Execute and SYSTEM needs Full Access. OK the changes and then test your web-site again. You should now also be able to export the certificate witht the private key.