AWS EC2 UCC SSL Certificate

I have an AWS EC2 instance running on public IP where two different domain websites are being setup.

My domain are : and

My web server is (include version): Apache 2.4.39

The operating system my web server runs on is (include version): Windows Server 2012 R2

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): YES, through RDP I login into the Virtual Machine.

I am using latest Wamserver with Virtual Host and Wordpress to setup two websites - one for and another for .

For SSL I need a certificate but I understand that I cannot get certificate for IP but for domain. Since I have two domains, I understand I have to get a UCC SSL certificate. Please help me with the process. I have downloaded win-acme.

Hi @shashank4897,

Welcome to the community forums.

Have you checked out any of the Windows clients listed on ? While you experiment, I recommend using the staging environment so that you avoid hitting rate limits.

You don’t necessarily need to get a UCC certificate. Instead, you can issue a certificate for both and and another certificate for both and


Thanks Phil…The client I am planning to use is in the list - win-acme.What I want to know is can a single certificate work for two different domains - and zestatech. I have been searching on the Internet and trying to find that if I take a certificate with one domain - say tattvadesigns, , can apache be configured to take the ssl request for the second domain -

Hi @shashank4897

yes, it's possible. You can create one certificate with a lot of domain names and use the same certificate with different vHosts.

But maybe it's not the best solution.

Windows 2012 supports SNI, so you can create different Webservers with different bindings, every binding uses an own certificate.

1 Like

Hi Juergen…Thanks for the guidance.

I tried creating a certificate for domain using win-acme client…I am posting the entire command and response…It gives authorisation error … The webserver is Apache 2.4.39 on Windows 2012 R2 Server on AWS running Wamp 3.0 with Wordpress.
I checked on the browser to access a file using http://ipaddress/tattvadesigns/ , I am able to browse but with the command it shows the website home page. The domain has been redirect URL to http://ipaddress/tattvadesigns.

c:\ftp\win-acme.v2.0.7.315>wacs.exe --target manual --host
in --validation filesystem --webroot “C:\wamp\www\tattvadesigns” --store pemfile
s --pemfilespath “C:\ftp” --test --verbose

[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version (RELEASE)
[INFO] IIS not detected
[INFO] Please report issues at

[VERB] Verbose mode logging enabled
[VERB] Arguments: --target manual --host --validation f
ilesystem --webroot C:\wamp\www\tattvadesigns --store pemfiles --pemfilespath C:
\ftp --test --verbose
[DBUG] Config folder: C:\ProgramData\win-acme\acme-staging-v02.api.letsencrypt.
[DBUG] Certificate cache: C:\ProgramData\win-acme\acme-staging-v02.api.letsencr\Certificates
[VERB] Settings SettingsService {ConfigPath=“C:\ProgramData\win-acme\acme-st”, CertificatePath=“C:\ProgramData\win-acme\acme\Certificates”, ClientNames=[“win-acme”, “win-a
cme”], RenewalDays=55, HostsPerPage=50, ScheduledTaskRandomDelay=00:00:00, Sched
uledTaskStartBoundary=09:00:00, ScheduledTaskExecutionTimeLimit=02:00:00}
[VERB] Sending e-mails False
[DBUG] Renewal period: 55 days
[INFO] Running in mode: Unattended, Test
[INFO] Target generated using plugin Manual:
[VERB] Checking [Manual]
[DBUG] Loading signer from C:\ProgramData\win-acme\acme-staging-v02.api.letsenc\Signer_v2
[DBUG] Send GET request to
[DBUG] Send HEAD request to
[DBUG] Loading account information from C:\ProgramData\win-acme\acme-staging-v0\Registration_v2
[DBUG] Send POST request to
[DBUG] Send GET request to
[INFO] Authorize identifier:
[INFO] Authorizing using http-01 validation (FileSystem
[VERB] Writing file to C:\wamp\www\tattvadesigns.well-known\acme-challenge\YDP
[INFO] Answer should now be browsable at
[WARN] Preliminary validation failed, found (null) instead of YDPfQhf3NpjmnqeIR
[DBUG] Submitting challenge answer
[DBUG] Send POST request to
[DBUG] Refreshing authorization
[DBUG] Send GET request to
[EROR] {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from
me-challenge/YDPfQhf3NpjmnqeIRZlV1-kaTrr1rY-1ktRx62r-rM0 []: “<!
/TR/html4/strict.dtd\”>\n\n\n\n Tattvadesi"",
“status”: 403
[EROR] Authorization result: invalid
[DBUG] Deleting answer
[VERB] Deleting file C:\wamp\www\tattvadesigns.well-known\acme-challenge\YDPfQ
[VERB] Deleting folder C:\wamp\www\tattvadesigns.well-known\acme-challenge
[VERB] Deleting folder C:\wamp\www\tattvadesigns.well-known
[EROR] Create certificate failed: Authorization failed

That can't work. There is not your website, there is a frame with your website ( ):

Your ip address:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A
Scottsdale/Arizona/US yes 2 0
AAAA yes C yes 1 0
Scottsdale/Arizona/US yes

The frame:

<frame src="[](view-source:" frameborder="0" />

Your DNS A entry must go directly to your

And connecting this ip address with the correct host header must work -

Result: Your /.well-known/acme-challenge sends a http status 200 checking a not existing file:

Domainname Http-Status redirect Sec. G 200 0.800 H 200 0.873 H 200 1.987 N
Certificate error: RemoteCertificateNameMismatch 200 1.983 N
Certificate error: RemoteCertificateNameMismatch 200 0.530
Visible Content: Tattvadesign Store 200 0.403
Visible Content: Tattvadesign Store

There is a http status 404 - Not Found expected.

You can't create a certificate via http-01 validation if you use such a "frame redirect". And a certificate would not work, if you use src="ip-address".


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.