Are seperate certificates for the server required?

I have two virtual Domain-Server 2019 running. Each has an DNS and an Web-Server running.
The first one has also Exchange 2019 and supports the URL: und the second one URL:
It is clear for me, that I need a certificate for each URL and for the Sub-Domains. The first URL will have multiple Sub-Domains the second one currently only www. But I think it would make sence the get for both URLs ‘*’ certificates.

Would these fulfill al requirements or do I need separate certificates for the two DNS-server (ns1 and ns2) and the exchange-server ?

Thaks for your help!


is this really required?

Start with

then check the FAQ. A wildcard certificate requires dns validation, that's more complicated.

Some subdomains -> create one certificate per subdomain or one certificate with all subdomain names. That's configuration specific, there is no global rule.

But if you have only some, explicit known subdomains, you don't need a wildcard.

If it is not encrypted DNS, you don't need certificates with your name server domain names. The exchange needs a certificate.

I fugured out an additional problem with my Dyn-Dns provider. I have to setup the TXT bei hand, because currently the external has no access to my internal DNS-server.
If I use separate Sub-Domains I have a big problem to setup the TXT on the provider DNS-server.
Or can I create the certificate for the sub-domains in separate requests?
But than I have to also separate renew requests, or?

In your link “How it woks…” its talking about a certificate management agent on the web server. But How do I install thses agent?
It could be avoid the problem with the TXTfile.

That's the problem using dns validation without a DNS API. It's possible, but it's terrible.

You can. That's your decision. Without API, it's painful.

Select one.

Now both your domains have the same ip address. Create a webserver, then you can use http validation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.