Domains / Sub domains across multiple servers/ips

I have 2 web servers different network/ips sharing a single domain name + sub domains

Server 1 Linux Dedicated Hosting has domain.com and sub1.domain.com, host installed lets encrypt everything running smoothly. Certificates are fine.

Server2 (Exchange 2007, Windows Server 2008 sp2) webmail.domain.com and autodiscover.domain.com

Tried to use lets encrypt win simple to setup the ssl certificates.

Every time I try to use the authentication methods its failing as domain.com will not have the same validation response.

What would be the best way to do this? I know lews does not support dns challenge. Could I create a Redirect for the /.well-known back over to server1? would that even validate with being on a different network? Is there an alternaitve Windows App that does support dns validation?

Server2 doesn't need a certificate for domain.com, correct? Most logical choice here would be to limit the certificate for Server2 to the domains it needs.

If it's just this amount of subdomains, you'll be safe with just 2 separate certificates. No rate limit issues.

Yes, Boulder (the Let's Encrypt authentication/issuance server) follows redirects perfectly. You can even set up a exclusive host just for the authentication, i.e., acme-validation.example.com where every request for /.well-known/acme-challenge/ redirects to.

You'll still need some sort of "private key and certificate distribution" system if you'd opt for such a validation server.

Because server2 is exchange I believe a san cert or equivalent is required. Didn’t think you could install individual ssl certs on exchange…

In regards.to the redirect I was just thinking of dropping the redirect on domain.com to webmail.domain.com for the .well-known directory to resolve for the ucc certificate validation.

That would still be a SAN cert, just not one that includes the base domain. Does Exchange need this in addition to the two you listed?

Im far too used to GoDaddy when UCC required root domain and validation.

Thank you very much, removed the root domain ran the setup as normal and everything just worked. I had tried this earlier but at the time getting a lot of errors during the process. Will leave it the 3 months then automate it properly.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.