Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: Commands run by scheduled task installed by Letsencrypt batch file.
It produced this output: every 60 days, web browers saying certificate invalid.
My web server is (include version): IIS 7.5
The operating system my web server runs on is (include version): Windows 7 Pro
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N/A
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): Not sure.
This is a continuation of my earlier topic, which is still not resolved.
Due to IIS 7.5 not being capable of handling multiple cert bindings, I need to change this configuration to use a SAN cert.
The original batch file installed two Windows Task Scheduler tasks to do this automatically. However, it is creating 8 certs for my 8 domains, and because IIS 7.5 can’t bind more than one, it scrambles things at random so my one secure domain ends up with the cert for another domain automatically on renewal day.
I’m trying to figure out how to configure this to make one SAN cert and have it auto renew.
When I run letsencrypt.exe, I get a list of 8 domains and the following prompt:
W: Generate a certificate via WebDav and install it manually.
F: Generate a certificate via FTP/ FTPS and install it manually.
M: Generate a certificate manually.
A: Get certificates for all hosts
Which host do you want to get a certificate for:
Obviously, I have been selecting option A all this time, but that’s getting me into trouble because the bindings are random due to IIS 7.5 limitations.
I tried entering this command based upon advice given me in other thread (now closed):
… however, I’m getting an invalid command.
I need to to finally fix this properly. I was out of the country til now, and five days ago, the certs renewed, knocking my main website offline due to invalid cert on April 11, and nothing I could do until I returned physically to the US.
Part of the problem is that Letsencrypt.exe sets up Windows Tasks that do things a certain way and not the way to make a SAN cert every 60 days.
I’ve looked at other clients, but they mostly require UNIX. So options limited on IIS 7.5.
Two months ago, I gave the command to make only one certificate, but apparently that did not update the Windows Tasks and I continue to get multiple certs that result in scrambled bindings.
If anyone can walk me through the right command line, if it’s even possible, to make a SAN cert with letsencrypt.exe, it would help enormously. Otherwise, I keep having this problem every 60 days.