2 hosts with different domain names on the same server, how to make both to support TLS 2.0?

in my ECS server (win2008 R2 standard, IIS 7.0), there are 2 hosts, with different domain name, eg. www.A.com and www.A.fun

i use tool “letsencrypt-win-simple.V1.9.3” to generate the certification.

my problem is if https://www.A.com work well , then https://www.A.fun can’t work, or if https://www.A.fun work well , then https://www.A.com can’t work, seems they can’t not be available at same time

how can i configure to make both two hosts support TLS 2.0?


Win2008 does not support Server Name Indication.

See here:

Microsoft IIS Web server Yes Since version 8 2012

So you can only use one certificate per IP-Address.

Although @JuergenAuer pointed out that you can't use SNI, you can get a single certificate that covers all of the names that you need. Let's Encrypt certificates can cover up to 100 names per certificate.

thanks for your kindly help

if i use only one certificate cover these two hosts,could they both support TLS 2.0 at one time?

i use tool “letsencrypt-win-simple.V1.9.3” and choose the option “A: Get certificates for all host”
but still only can make one host work well.


hi schoen, thanks for reply
as you mentioned" Let’s Encrypt certificates can cover up to 100 names per certificate."

does it mean Let’s Encrypt can solve my problem?
i use tool “letsencrypt-win-simple.V1.9.3” and choose the option “A: Get certificates for all host”
but still failed


There is no TLS 2.0. Actually, there is TLS.1.2, TLS.1.3 is coming.

I don't know what “letsencrypt-win-simple.V1.9.3” is doing. It should support more then one domainname in one certificate.

Letsencrypt supports that. But “letsencrypt-win-simple.V1.9.3” must also support that.

"Get certificates for all host" sounds like "10 hosts -> 10 certificates". That will not work.

On Win2008, I used only one *-certificate. Now I use Win2012 with SNI-Support.

hi, JuergenAuer, very appreciate for your quick response, it seems maybe the most effective way to solve this problem is to upgrade the system.

thanks again!

In order to diagnose failures, we need to see the exact error message because there are many different reasons that something could fail.

I would also suggest using the most current version of this client application, which has a new name

hi, schoen, thanks for guide. I use the latest tool you mentioned and fixed the problem already

thanks again!:star_struck:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.